Skip to content

chore(deps): bump the go group across 1 directory with 21 updates #191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
frewilhelm merged 1 commit into from
Nov 18, 2025
Merged

chore(deps): bump the go group across 1 directory with 21 updates #191

frewilhelm merged 1 commit into from
Nov 18, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 16, 2025
edited
Loading

Bumps the go group with 4 updates in the / directory: code.gitea.io/sdk/gitea, github.com/fluxcd/flux2/v2, github.com/open-component-model/ocm-controller and sigs.k8s.io/kustomize/api.

Updates code.gitea.io/sdk/gitea from 0.22.0 to 0.22.1

Updates github.com/fluxcd/flux2/v2 from 2.6.4 to 2.7.3

Release notes

Sourced from github.com/fluxcd/flux2/v2's releases.

v2.7.3

Highlights

Flux v2.7.3 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Restore SOCKS5 proxy support in all controllers
  • Fix status reporting of HelmReleases with RetryOnFailure strategy
  • Automated retries for ImagePolicies when no image tags are found in the database
  • Fix alerting for Telegram's message_thread_id
  • Allow running kustomize-controller and helm-controller on the same loopback interface as source-watcher

⚠️ Note that signature verification for OCI artifacts in source-controller is not compatible with Cosign v3. Users are advised to use Cosign v2.6 for signing Flux OCI artifacts and Helm charts, until support for Cosign v3 is added in Flux v2.8.

Components changelog

CLI changelog

Full Changelog: fluxcd/flux2@v2.7.2...v2.7.3

v2.7.2

Highlights

Flux v2.7.2 is a patch release that comes with security fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

All Flux components are now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib that could lead to denial of service. The list of security fixes can be found in the Go 1.25.2 release notes.

Components changelog

... (truncated)

Commits
  • b6e76ca Merge pull request #5606 from fluxcd/backport-5602-to-release/v2.7.x
  • e084250 fix: return supported values for flags when calling Values.Type()
  • c3bc3d5 Merge pull request #5605 from fluxcd/backport-5603-to-release/v2.7.x
  • 1295ba2 Fix bootstrap e2e test for image policy
  • 41ebc0e Update toolkit components
  • 67d2fb0 Merge pull request #5595 from fluxcd/backport-5594-to-release/v2.7.x
  • 888e8a9 Pin cosign to v2.6.1
  • 4a15fa6 Merge pull request #5579 from fluxcd/backport-5578-to-release/v2.7.x
  • 6adffe7 Update toolkit components
  • e8213d7 Merge pull request #5577 from fluxcd/backport-5576-to-release/v2.7.x
  • Additional commits viewable in compare view

Updates github.com/fluxcd/helm-controller/api from 1.3.0 to 1.4.3

Release notes

Sourced from github.com/fluxcd/helm-controller/api's releases.

v1.4.3

Changelog

v1.4.3 changelog

Container images

  • docker.io/fluxcd/helm-controller:v1.4.3
  • ghcr.io/fluxcd/helm-controller:v1.4.3

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.4.2

Changelog

v1.4.2 changelog

Container images

  • docker.io/fluxcd/helm-controller:v1.4.2
  • ghcr.io/fluxcd/helm-controller:v1.4.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.4.1

Changelog

v1.4.1 changelog

Container images

  • docker.io/fluxcd/helm-controller:v1.4.1
  • ghcr.io/fluxcd/helm-controller:v1.4.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.4.0

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/helm-controller/api's changelog.

1.4.3

Release date: 2025-10-28

This patch release comes with various fixes and improvements.

Fixes:

  • Fix status reporting for RetryOnFailure strategy #1338

Improvements:

  • Allow fetching charts from a local source-watcher #1341

1.4.2

Release date: 2025-10-08

This patch release comes with various dependency updates.

The controller is now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib: CVE-2025-58183, CVE-2025-58188 and many others. The full list of security fixes can be found here.

Improvements:

  • Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 #1329

1.4.1

Release date: 2025-10-06

This patch release fixes the controller setting the Ready condition to Unknown redundantly during reconciliation.

Fixes:

  • Remove redundant Ready condition setter #1323
  • Fix docs example for kubeconfig workload identity #1315

1.4.0

Release date: 2025-09-25

This minor release comes with various bug fixes and improvements.

... (truncated)

Commits
  • 2ca186e Merge pull request #1343 from fluxcd/release-v1.4.3
  • 8825222 Release v1.4.3
  • 6c0d392 Add changelog entry for v1.4.3
  • a0ffd46 Merge pull request #1342 from fluxcd/backport-1341-to-release/v1.4.x
  • 9c0e60e Allow fetching charts from a local source-watcher
  • 168e681 Merge pull request #1339 from fluxcd/backport-1338-to-release/v1.4.x
  • fdce985 Fix status reporting for RetryOnFailure strategy
  • 310cd46 Merge pull request #1331 from fluxcd/release-v1.4.2
  • bcd4b75 Release v1.4.2
  • 955ccc2 Add changelog entry for v1.4.2
  • Additional commits viewable in compare view

Updates github.com/fluxcd/image-automation-controller/api from 0.41.2 to 1.0.3

Release notes

Sourced from github.com/fluxcd/image-automation-controller/api's releases.

v1.0.3

Changelog

v1.0.3 changelog

Container images

  • docker.io/fluxcd/image-automation-controller:v1.0.3
  • ghcr.io/fluxcd/image-automation-controller:v1.0.3

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.0.2

Changelog

v1.0.2 changelog

Container images

  • docker.io/fluxcd/image-automation-controller:v1.0.2
  • ghcr.io/fluxcd/image-automation-controller:v1.0.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.0.1

Changelog

v1.0.1 changelog

Container images

  • docker.io/fluxcd/image-automation-controller:v1.0.1
  • ghcr.io/fluxcd/image-automation-controller:v1.0.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.0.0

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/image-automation-controller/api's changelog.

1.0.3

Release date: 2025-10-28

This patch release fixes support for SOCKS5 proxy in the controller APIs.

Fixes:

  • Restore SOCKS5 proxy support #984

1.0.2

Release date: 2025-10-08

This patch release comes with various dependency updates.

The controller is now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib: CVE-2025-58183, CVE-2025-58188 and many others. The full list of security fixes can be found here.

Improvements:

  • Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 #978

1.0.1

Release date: 2025-09-28

This patch release fixes the Git checkout reference name not being taken into account when checking out the Git repository.

Fixes:

  • Fix checkout reference name not taken into account #973

1.0.0

Release date: 2025-09-16

This is the first GA release of the image-automation-controller. It comes with various bug fixes and improvements.

The ImageUpdateAutomation API has been promoted to v1 (GA) status. The v1 API is backwards compatible with v1beta2.

⚠️ The v1beta1 APIs were removed. Before upgrading the CRDs, Flux users must run flux migrate to migrate the cluster storage off v1beta1. After the upgrade, all manifests in Git which contain ImagePolicy, ImageRepository and ImageUpdateAutomation definitions must be updated to:

</tr></table>

... (truncated)

Commits
  • d6d6faf Merge pull request #986 from fluxcd/release-v1.0.3
  • 7c252b3 Release v1.0.3
  • 350bc8e Add changelog entry for v1.0.3
  • 9406311 Merge pull request #985 from fluxcd/backport-984-to-release/v1.0.x
  • 548c49e Restore SOCKS5 proxy support
  • dacc8ee Merge pull request #981 from fluxcd/release-v1.0.2
  • e0585ef Release v1.0.2
  • 0ef8d4b Add changelog entry for v1.0.2
  • 78efff5 Merge pull request #980 from fluxcd/backport-978
  • 4ae8643 Update dependencies to Kubernetes v1.34.1 and Go 1.25.2
  • Additional commits viewable in compare view

Updates github.com/fluxcd/image-reflector-controller/api from 0.35.2 to 1.0.3

Release notes

Sourced from github.com/fluxcd/image-reflector-controller/api's releases.

v1.0.3

Changelog

v1.0.3 changelog

Container images

  • docker.io/fluxcd/image-reflector-controller:v1.0.3
  • ghcr.io/fluxcd/image-reflector-controller:v1.0.3

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.0.2

Changelog

v1.0.2 changelog

Container images

  • docker.io/fluxcd/image-reflector-controller:v1.0.2
  • ghcr.io/fluxcd/image-reflector-controller:v1.0.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.0.1

Changelog

v1.0.1 changelog

Container images

  • docker.io/fluxcd/image-reflector-controller:v1.0.1
  • ghcr.io/fluxcd/image-reflector-controller:v1.0.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.0.0

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/image-reflector-controller/api's changelog.

1.0.3

Release date: 2025-10-28

This patch release fixes support for SOCKS5 proxy in the controller APIs and implements automated retries for ImagePolicy when no image tags are found in the database.

Fixes:

  • Retry policy resolution when no tags found in database #845
  • Restore SOCKS5 proxy support #840

1.0.2

Release date: 2025-10-08

This patch release comes with various dependency updates.

The controller is now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib: CVE-2025-58183, CVE-2025-58188 and many others. The full list of security fixes can be found here.

Improvements:

  • Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 #836

1.0.1

Release date: 2025-09-20

This patch release fixes the ImagePolicy controller not watching reconcile requests performed by adding the reconcile annotation to the object.

Fixes:

  • Fix controllers not watching reconcile requests from annotations #824

1.0.0

Release date: 2025-09-15

This is the first GA release of the image-reflector-controller. It comes with various bug fixes and improvements.

... (truncated)

Commits
  • 8381630 Merge pull request #847 from fluxcd/release-v1.0.3
  • 4e94aec Release v1.0.3
  • 6063526 Add changelog entry for v1.0.3
  • 168da77 Merge pull request #846 from fluxcd/backport-845-to-release/v1.0.x
  • fbd65d9 Retry policy resolution when no tags found in database
  • 00de36d Merge pull request #843 from fluxcd/backport-840-to-release/v1.0.x
  • e05b22e Restore SOCKS5 proxy support
  • 07c8b98 Merge pull request #838 from fluxcd/release-v1.0.2
  • 7cda7d5 Release v1.0.2
  • 89adcec Add changelog entry for v1.0.2
  • Additional commits viewable in compare view

Updates github.com/fluxcd/kustomize-controller/api from 1.6.1 to 1.7.2

Release notes

Sourced from github.com/fluxcd/kustomize-controller/api's releases.

v1.7.2

Changelog

v1.7.2 changelog

Container images

  • docker.io/fluxcd/kustomize-controller:v1.7.2
  • ghcr.io/fluxcd/kustomize-controller:v1.7.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.7.1

Changelog

v1.7.1 changelog

Container images

  • docker.io/fluxcd/kustomize-controller:v1.7.1
  • ghcr.io/fluxcd/kustomize-controller:v1.7.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.7.0

Changelog

v1.7.0 changelog

Container images

  • docker.io/fluxcd/kustomize-controller:v1.7.0
  • ghcr.io/fluxcd/kustomize-controller:v1.7.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.7.0-rc.1

This release candidate is meant for testing.

... (truncated)

Changelog

Sourced from github.com/fluxcd/kustomize-controller/api's changelog.

1.7.2

Release date: 2025-10-28

This patch release allows running kustomize-controller on the same loopback interface as source-watcher.

Improvements:

  • Allow fetching artifacts from a local source-watcher #1539

1.7.1

Release date: 2025-10-08

This patch release comes with various dependency updates.

The controller is now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib: CVE-2025-58183, CVE-2025-58188 and many others. The full list of security fixes can be found here.

Improvements:

  • Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 #1530

1.7.0

Release date: 2025-09-24

This minor release comes with various bug fixes and improvements.

⚠️ The v1beta1 APIs were removed. Before upgrading the CRDs, Flux users must run flux migrate to migrate the cluster storage off v1beta1.

The Kustomization API now supports reconciling content from external storage systems through the new ExternalArtifact CRD. This feature is controlled by the ExternalArtifact feature gate and enables reconciliation of artifacts stored outside of Git repositories.

Kustomizations now track their reconciliation history in .status.history, providing visibility into past reconciliation attempts and their outcomes.

Dependencies can now be evaluated using CEL expressions through the new readyExpr field in dependsOn. This feature is controlled by the AdditiveCELDependencyCheck feature gate and allows for more flexible dependency readiness checks.

The controller now supports global SOPS Age key decryption, allowing centralized

... (truncated)

Commits
  • 6d1974d Merge pull request #1541 from fluxcd/release-v1.7.2
  • a3a0197 Release v1.7.2
  • 7eb7354 Add changelog entry for v1.7.2
  • 8a9bc98 Merge pull request #1540 from fluxcd/backport-1539-to-release/v1.7.x
  • 1df5cad Allow fetching artifacts from a local source-watcher
  • 1d4447f Merge pull request #1533 from fluxcd/release-v1.7.1
  • 08349ba Release v1.7.1
  • a1fa37b Add changelog entry for v1.7.1
  • f21648c Merge pull request #1531 from fluxcd/backport-1530-to-release/v1.7.x
  • 13d9796 Update dependencies to Kubernetes v1.34.1 and Go 1.25.2
  • Additional commits viewable in compare view

Updates github.com/fluxcd/notification-controller/api from 1.6.0 to 1.7.4

Release notes

Sourced from github.com/fluxcd/notification-controller/api's releases.

v1.7.4

Changelog

v1.7.4 changelog

Container images

  • docker.io/fluxcd/notification-controller:v1.7.4
  • ghcr.io/fluxcd/notification-controller:v1.7.4

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.7.3

Changelog

v1.7.3 changelog

Container images

  • docker.io/fluxcd/notification-controller:v1.7.3
  • ghcr.io/fluxcd/notification-controller:v1.7.3

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.7.2

Changelog

v1.7.2 changelog

Container images

  • docker.io/fluxcd/notification-controller:v1.7.2
  • ghcr.io/fluxcd/notification-controller:v1.7.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.7.1

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/notification-controller/api's changelog.

1.7.4

Release date: 2025-10-28

This patch release fixes support for SOCKS5 proxy in the controller APIs and support for message_thread_id in the telegram provider.

Fixes:

  • Fix support for telegram message_thread_id #1199
  • Restore SOCKS5 proxy support #1196

1.7.3

Release date: 2025-10-08

This patch release comes with various dependency updates.

The controller is now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib: CVE-2025-58183, CVE-2025-58188 and many others. The full list of security fixes can be found here.

Improvements:

  • Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 #1191

1.7.2

Release date: 2025-10-06

This patch release fixes the default Flux API versions in the Receiver handler.

Fixes:

  • Update default API versions to GA #1186

1.7.1

Release date: 2025-09-24

This patch release fixes the release workflow.

Fixes:

  • Fix release workflow #1179

... (truncated)

Commits
  • 5e9861d Merge pull request #1203 from fluxcd/release-v1.7.4
  • a5bc30b Release v1.7.4
  • 24dccdf Add changelog entry for v1.7.4
  • ccedf4e Merge pull request #1200 from fluxcd/backport-1199-to-release/v1.7.x
  • 36bfdbd add support for telegram message_thread_id
  • 78b3f65 Merge pull request #1197 from fluxcd/backport-1196-to-release/v1.7.x
  • d45fb3b Restore SOCKS5 proxy support
  • e17f23f Merge pull request #1193 from fluxcd/release-v1.7.3
  • 6fca71a Release v1.7.3
  • f92a3e2 Add changelog entry for v1.7.3
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.21.0 to 1.22.0

Commits
  • 413a95f Merge pull request #1039 from fluxcd/dependabot/github_actions/ci-05a7a237d9
  • 246714f build(deps): bump the ci group with 3 updates
  • ac938bf Merge pull request #1040 from fluxcd/k8s-1.34.1
  • ef1c3ec Prepare release
  • 5679184 Update dependencies
  • d56c6f4 Merge pull request #1038 from cappyzawa/validate-proxy-url
  • 3e994a9 Prepare for release
  • c1274b1 runtime/secrets: validate proxy URL scheme and length
  • ca99961 Merge pull request #1037 from fluxcd/ssa-migrate-managed-fields
  • 18da908 ssa: Add helper function to migrate the apiVersion on managed fields
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.86.0 to 0.88.0

Commits
  • 413a95f Merge pull request #1039 from fluxcd/dependabot/github_actions/ci-05a7a237d9
  • 246714f build(deps): bump the ci group with 3 updates
  • ac938bf Merge pull request #1040 from fluxcd/k8s-1.34.1
  • ef1c3ec Prepare release
  • 5679184 Update dependencies
  • d56c6f4 Merge pull request #1038 from cappyzawa/validate-proxy-url
  • 3e994a9 Prepare for release
  • c1274b1 runtime/secrets: validate proxy URL scheme and length
  • ca99961 Merge pull request #1037 from fluxcd/ssa-migrate-managed-fields
  • 18da908 ssa: Add helper function to migrate the apiVersion on managed fields
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/ssa from 0.55.0 to 0.60.0

Commits
  • 413a95f Merge pull request #1039 from fluxcd/dependabot/github_actions/ci-05a7a237d9
  • 246714f build(deps): bump the ci group with 3 updates
  • ac938bf Merge pull request #1040 from fluxcd/k8s-1.34.1
  • ef1c3ec Prepare release
  • 5679184 Update dependencies
  • d56c6f4 Merge pull request #1038 from cappyzawa/validate-proxy-url
  • 3e994a9 Prepare for release
  • c1274b1 runtime/secrets: validate proxy URL scheme and length
  • ca99961 Merge pull request #1037 from fluxcd/ssa-migrate-managed-fields
  • 18da908 ssa: Add helper function to migrate the apiVersion on managed fields
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/version from 0.10.0 to 0.11.0

Commits
  • c964ce7 Merge pull request #858 from fluxcd/custom-healthchecks-impl
  • 62d235c Add CEL library with custom healthchecks to runtime
  • 243510f Merge pull request #863 from fluxcd/dependabot/github_actions/ci-83dfb6cda2
  • 3cffbeb build(deps): bump the ci group across 1 directory with 3 updates
  • 2f763a4 Merge pull request #857 from fluxcd/custom-healthchecks
  • a6353b2 Add healthcheck expressions to kustomize types
  • af0f283 Merge pull request #859 from fluxcd/cel-meta
  • 1178930 Add InvalidCELExpressionReason to apis/meta
  • f39dac4 Merge pull request #861 from fluxcd/deps-kube-v0.32.1
  • 70e88cb Update dependencies
  • Additional commits viewable in compare view

Updates github.com/fluxcd/source-controller/api from 1.7.0 to 1.7.3

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.7.3

Changelog

v1.7.3 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.7.3
  • ghcr.io/fluxcd/source-controller:v1.7.3

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.7.2

Changelog

v1.7.2 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.7.2
  • ghcr.io/fluxcd/source-controller:v1.7.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.7.1

Changelog

v1.7.1 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.7.1
  • ghcr.io/fluxcd/source-controller:v1.7.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.7.3

Release date: 2025-10-28

This patch release fixes support for SOCKS5 proxy in the controller APIs.

Fixes:

  • Restore SOCKS5 proxy support #1916

1.7.2

Release date: 2025-10-08

This patch release comes with various dependency updates.

The controller is now built with Go 1.25.2 which includes fixes for vulnerabilities in the Go stdlib: CVE-2025-58183, CVE-2025-58188 and many others. The full list of security fixes can be found here.

Improvements:

  • Update dependencies to Kubernetes v1.34.1 and Go 1.25.2 #1908

1.7.1

Release date: 2025-10-06

This patch release comes with a fix for TLS certs handling in the HelmChart reconciler when auth credentials are not specified.

Fixes:

  • Fix HelmChart reconciler appending login options when they do not exist #1904

Improvements:

  • ci: Fix release workflow #1897
  • Point to OCIRepository in HelmRepository docs #1893
Commits
  • fafa5a6 Merge pull request #1926 from fluxcd/release-v1.7.3
  • 52a166e Release v1.7.3
  • 85d2b8c Add changelog entry for v1.7.3
  • 82a1635 Merge pull request #1917 from fluxcd/backport-1916-to-release/v1.7.x
  • e50ca97 Fix strict validation of proxy URLs
  • 7a5b948 Merge pull request #1911 from fluxcd/release-v1.7.2
  • 88226aa Release v1.7.2
  • 5aa4037 Add changelog entry for v1.7.2
  • f932599 Merge pull request #1910 from fluxcd/backport-1908
  • bda69ad Update dependencies to Kubernetes v1.34.1
  • Additional commits viewable in compare view

Updates github.com/open-component-model/ocm-controller from 0.26.8 to 0.27.1

Release notes

Sourced from github.com/open-component-model/ocm-controller's releases.

v0.27.1

Release v0.27.1

  • Fully qualified repo ( issue 764 ) (#775)

v0.27.0

Release v0.27.0

  • fix: always reload certificate for refresh on rotation (#772)

🧰 Maintenance

  • chore: update ocm to 0.32.0 (#770)
  • chore: bump dependencies (#761)
  • chore: bump shared workflow version (#768)
  • chore: delete milestone workflow (#766)
  • chore: bump version of shared workflow (#765)

v0.26.9

Release v0.26.9

  • fix: manually set client-side ratelimiting to previous values (#754)
  • fix(deps): remove ocm dependent pins from go mod (#739)
  • fix: rename the helm podinfo deployer as it collides with ocm test (#736)
  • chore: add more log output to the e2e tests (#724)

🧰 Maintenance

  • chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 in the go_modules group (#735)
  • chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in the go_modules group (#732)
  • chore(deps): bump helm.sh/helm/v3 from 3.18.4 to 3.18.5 in the go_modules group (#722)

⬆️ Dependencies

  • chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 in the go_modules group (#735)
  • chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in the go_modules group (#732)
  • chore(deps): bump helm.sh/helm/v3 from 3.18.4 to 3.18.5 in the go_modules group (#722)
Commits

Updates k8s.io/api from 0.34.0 to 0.34.1

Commits

Updates k8s.io/apiextensions-apiserver from 0.34.0 to 0.34.1

Commits
  • bb91141 Update dependencies to v0.34.1 tag
  • 4a9fea1 Merge pull request

@dependabot dependabot bot added kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. labels Nov 16, 2025
@dependabot dependabot bot requested a review from a team as a code owner November 16, 2025 06:04
@dependabot dependabot bot added kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. labels Nov 16, 2025
@frewilhelm
Copy link
Contributor

frewilhelm commented Nov 18, 2025

@dependabot rebase

@dependabot
chore(deps): bump the go group across 1 directory with 21 updates
dddd1b2 
Bumps the go group with 4 updates in the / directory: code.gitea.io/sdk/gitea, [github.com/fluxcd/flux2/v2](https://github.com/fluxcd/flux2), [github.com/open-component-model/ocm-controller](https://github.com/open-component-model/ocm-controller) and [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize).


Updates `code.gitea.io/sdk/gitea` from 0.22.0 to 0.22.1

Updates `github.com/fluxcd/flux2/v2` from 2.6.4 to 2.7.3
- [Release notes](https://github.com/fluxcd/flux2/releases)
- [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml)
- [Commits](fluxcd/flux2@v2.6.4...v2.7.3)

Updates `github.com/fluxcd/helm-controller/api` from 1.3.0 to 1.4.3
- [Release notes](https://github.com/fluxcd/helm-controller/releases)
- [Changelog](https://github.com/fluxcd/helm-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/helm-controller@v1.3.0...v1.4.3)

Updates `github.com/fluxcd/image-automation-controller/api` from 0.41.2 to 1.0.3
- [Release notes](https://github.com/fluxcd/image-automation-controller/releases)
- [Changelog](https://github.com/fluxcd/image-automation-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/image-automation-controller@v0.41.2...v1.0.3)

Updates `github.com/fluxcd/image-reflector-controller/api` from 0.35.2 to 1.0.3
- [Release notes](https://github.com/fluxcd/image-reflector-controller/releases)
- [Changelog](https://github.com/fluxcd/image-reflector-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/image-reflector-controller@v0.35.2...v1.0.3)

Updates `github.com/fluxcd/kustomize-controller/api` from 1.6.1 to 1.7.2
- [Release notes](https://github.com/fluxcd/kustomize-controller/releases)
- [Changelog](https://github.com/fluxcd/kustomize-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/kustomize-controller@v1.6.1...v1.7.2)

Updates `github.com/fluxcd/notification-controller/api` from 1.6.0 to 1.7.4
- [Release notes](https://github.com/fluxcd/notification-controller/releases)
- [Changelog](https://github.com/fluxcd/notification-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/notification-controller@v1.6.0...v1.7.4)

Updates `github.com/fluxcd/pkg/apis/meta` from 1.21.0 to 1.22.0
- [Commits](fluxcd/pkg@apis/meta/v1.21.0...apis/meta/v1.22.0)

Updates `github.com/fluxcd/pkg/runtime` from 0.86.0 to 0.88.0
- [Commits](fluxcd/pkg@runtime/v0.86.0...runtime/v0.88.0)

Updates `github.com/fluxcd/pkg/ssa` from 0.55.0 to 0.60.0
- [Commits](fluxcd/pkg@oci/v0.55.0...ssa/v0.60.0)

Updates `github.com/fluxcd/pkg/version` from 0.10.0 to 0.11.0
- [Commits](fluxcd/pkg@tar/v0.10.0...tar/v0.11.0)

Updates `github.com/fluxcd/source-controller/api` from 1.7.0 to 1.7.3
- [Release notes](https://github.com/fluxcd/source-controller/releases)
- [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/source-controller@v1.7.0...v1.7.3)

Updates `github.com/open-component-model/ocm-controller` from 0.26.8 to 0.27.1
- [Release notes](https://github.com/open-component-model/ocm-controller/releases)
- [Changelog](https://github.com/open-component-model/ocm-controller/blob/main/.goreleaser.yaml)
- [Commits](open-component-model/ocm-controller@v0.26.8...v0.27.1)

Updates `k8s.io/api` from 0.34.0 to 0.34.1
- [Commits](kubernetes/api@v0.34.0...v0.34.1)

Updates `k8s.io/apiextensions-apiserver` from 0.34.0 to 0.34.1
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](kubernetes/apiextensions-apiserver@v0.34.0...v0.34.1)

Updates `k8s.io/apimachinery` from 0.34.0 to 0.34.1
- [Commits](kubernetes/apimachinery@v0.34.0...v0.34.1)

Updates `k8s.io/cli-runtime` from 0.34.0 to 0.34.1
- [Commits](kubernetes/cli-runtime@v0.34.0...v0.34.1)

Updates `k8s.io/client-go` from 0.34.0 to 0.34.1
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.34.0...v0.34.1)

Updates `ocm.software/ocm` from 0.29.1 to 0.32.0
- [Release notes](https://github.com/open-component-model/ocm/releases)
- [Changelog](https://github.com/open-component-model/ocm/blob/main/RELEASE_PROCESS.md)
- [Commits](open-component-model/ocm@v0.29.1...v0.32)

Updates `sigs.k8s.io/controller-runtime` from 0.22.1 to 0.22.2
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.22.1...v0.22.2)

Updates `sigs.k8s.io/kustomize/api` from 0.20.1 to 0.21.0
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases)
- [Commits](kubernetes-sigs/kustomize@api/v0.20.1...api/v0.21.0)

---
updated-dependencies:
- dependency-name: code.gitea.io/sdk/gitea
  dependency-version: 0.22.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/fluxcd/flux2/v2
  dependency-version: 2.7.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/helm-controller/api
  dependency-version: 1.4.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/image-automation-controller/api
  dependency-version: 1.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: go
- dependency-name: github.com/fluxcd/image-reflector-controller/api
  dependency-version: 1.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: go
- dependency-name: github.com/fluxcd/kustomize-controller/api
  dependency-version: 1.7.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/notification-controller/api
  dependency-version: 1.7.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/apis/meta
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/runtime
  dependency-version: 0.88.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/ssa
  dependency-version: 0.60.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/version
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/source-controller/api
  dependency-version: 1.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/open-component-model/ocm-controller
  dependency-version: 0.27.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: k8s.io/api
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: k8s.io/cli-runtime
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: k8s.io/client-go
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: ocm.software/ocm
  dependency-version: 0.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-version: 0.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: sigs.k8s.io/kustomize/api
  dependency-version: 0.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/go-7ba9d9b468 branch from e2722fa to dddd1b2 Compare November 18, 2025 08:22
@frewilhelm frewilhelm merged commit e41f180 into main Nov 18, 2025
6 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/go-7ba9d9b468 branch November 18, 2025 09:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Skarlso Skarlso Skarlso approved these changes

@frewilhelm frewilhelm frewilhelm approved these changes

Assignees

No one assigned

Labels

kind/chore chore, maintenance, etc. kind/dependency dependency update, etc.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@frewilhelm @Skarlso