Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the go group across 1 directory with 25 updates #581

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

chore(deps): bump the go group across 1 directory with 25 updates #581

wants to merge 3 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 26, 2025
edited
Loading

Bumps the go group with 15 updates in the / directory:

Package From To
cuelang.org/go 0.9.0 0.11.2
github.com/Masterminds/semver/v3 3.2.1 3.3.1
github.com/containers/image/v5 5.31.0 5.33.1
github.com/cyphar/filepath-securejoin 0.3.6 0.4.0
github.com/fluxcd/helm-controller/api 1.0.1 1.1.0
github.com/fluxcd/kustomize-controller/api 1.3.0 1.4.0
github.com/fluxcd/pkg/http/fetch 0.11.0 0.14.0
github.com/fluxcd/pkg/kustomize 1.11.0 1.15.0
github.com/fluxcd/pkg/runtime 0.47.1 0.52.0
github.com/fluxcd/source-controller/api 1.3.0 1.4.1
github.com/mandelsoft/vfs 0.4.3 0.4.4
github.com/tetratelabs/wazero 1.7.2 1.8.2
helm.sh/helm/v3 3.15.1 3.17.0
sigs.k8s.io/e2e-framework 0.2.0 0.6.0
github.com/mikefarah/yq/v4 4.44.1 4.45.1

Updates cuelang.org/go from 0.9.0 to 0.11.2

Updates github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.1

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.3.1

What's Changed

Full Changelog: Masterminds/semver@v3.3.0...v3.3.1

v3.3.0

What's Changed

New Contributors

Full Changelog: Masterminds/semver@v3.2.1...v3.3.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

3.3.0 (2024-08-27)

Added

Changed

  • #241: Simplify StrictNewVersion parsing (thanks @​grosser)
  • Testing support up through Go 1.23
  • Minimum version set to 1.21 as this is what's tested now
  • Fuzz testing now supports caching
Commits
  • 1558ca3 Merge pull request #253 from mattfarina/fix-bad-versions
  • 252dd61 Fix for allowing some version that were invalid
  • e6e3d4d Merge pull request #249 from mattfarina/update-changelog-3.3.0
  • e80c4ea Updating changelog for 3.3.0
  • 80427ad Merge pull request #248 from mattfarina/bump-min-version
  • b610837 bumping min version in go.mod based on what's tested
  • a4cccd8 Merge pull request #246 from mattfarina/bump-go-1.23
  • 7c178cf Updating the testing version of Go used
  • 29f94c1 Merge pull request #241 from grosser/grosser/validate
  • 2cf1b16 Merge pull request #245 from mattfarina/remove-vert
  • Additional commits viewable in compare view

Updates github.com/containers/image/v5 from 5.31.0 to 5.33.1

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.33.1

[release-5.33] Bump c/storage to v1.56.1, c/image to v5.33.1 by @​TomSweeneyRedHat in containers/image#2683

Full Changelog: containers/image@v5.33.0...v5.33.1

v5.33.0

What's Changed

... (truncated)

Commits
  • 44ce03e [release-5.33] Bump c/image to v5.33.1
  • 3d4c26e [release-5.33] Bump c/storage to v1.56.1
  • c3a2029 Bump to c/image v5.33.0
  • 04d69d5 Bump to c/storage v1.56.0
  • 59417ae Merge pull request #2609 from mtrmac/copy-resolve-destination
  • 6ba898f HACK: Only return an image ID from ReportResolvedReference for c/storage
  • 125f862 Return a precise reference to the created image when writing to containers-st...
  • 91d22b2 Introduce private.ImageDestination.CommitWithOptions
  • 831269d Rename an options variable to imgOptions
  • ba2a4ae Merge pull request #2616 from containers/renovate/golang.org-x-exp-digest
  • Additional commits viewable in compare view

Updates github.com/cyphar/filepath-securejoin from 0.3.6 to 0.4.0

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.4.0

This release primarily includes a few minor breaking changes to make the MkdirAll and SecureJoin interfaces more robust against accidental misuse.

  • SecureJoin(VFS) will now return an error if the provided root is not a filepath.Clean'd path.

    While it is ultimately the responsibility of the caller to ensure the root is a safe path to use, passing a path like /symlink/.. as a root would result in the SecureJoin'd path being placed in / even though /symlink/.. might be a different directory, and so we should more strongly discourage such usage.

    All major users of securejoin.SecureJoin already ensure that the paths they provide are safe (and this is ultimately a question of user error), but removing this foot-gun is probably a good idea. Of course, this is necessarily a breaking API change (though we expect no real users to be affected by it).

    Thanks to Erik Sjölund, who initially reported this issue as a possible security issue.

  • MkdirAll and MkdirHandle now take an os.FileMode-style mode argument instead of a raw unix.S_*-style mode argument, which may cause compile-time type errors depending on how you use filepath-securejoin. For most users, there will be no change in behaviour aside from the type change (as the bottom 0o777 bits are the same in both formats, and most users are probably only using those bits).

    However, if you were using unix.S_ISVTX to set the sticky bit with MkdirAll(Handle) you will need to switch to os.ModeSticky otherwise you will get a runtime error with this update. In addition, the error message you will get from passing unix.S_ISUID and unix.S_ISGID will be different as they are treated as invalid bits now (note that previously passing said bits was also an error).

Thanks to the following contributors for helping make this release possible:

Signed-off-by: Aleksa Sarai [email protected]

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.4.0] - 2025-01-13

Breaking

  • SecureJoin(VFS) will now return an error if the provided root is not a filepath.Clean'd path.

    While it is ultimately the responsibility of the caller to ensure the root is a safe path to use, passing a path like /symlink/.. as a root would result in the SecureJoin'd path being placed in / even though /symlink/.. might be a different directory, and so we should more strongly discourage such usage.

    All major users of securejoin.SecureJoin already ensure that the paths they provide are safe (and this is ultimately a question of user error), but removing this foot-gun is probably a good idea. Of course, this is necessarily a breaking API change (though we expect no real users to be affected by it).

    Thanks to Erik Sjölund, who initially reported this issue as a possible security issue.

  • MkdirAll and MkdirHandle now take an os.FileMode-style mode argument instead of a raw unix.S_*-style mode argument, which may cause compile-time type errors depending on how you use filepath-securejoin. For most users, there will be no change in behaviour aside from the type change (as the bottom 0o777 bits are the same in both formats, and most users are probably only using those bits).

    However, if you were using unix.S_ISVTX to set the sticky bit with MkdirAll(Handle) you will need to switch to os.ModeSticky otherwise you will get a runtime error with this update. In addition, the error message you will get from passing unix.S_ISUID and unix.S_ISGID will be different as they are treated as invalid bits now (note that previously passing said bits was also an error).

Commits
  • 9a17e6b VERSION: release v0.4.0
  • e410d4a merge #44 into cyphar/filepath-securejoin:main
  • ea4e5b6 gha: add GOARCH=386 build check
  • 0c2fbe6 mkdirall: switch to os.FileMode argument
  • f3a512c merge #43 into cyphar/filepath-securejoin:main
  • bc750ad join: return an error if root is unclean path
  • 1be4136 gha: always check for latest Go release
  • b498783 merge #38 into cyphar/filepath-securejoin:main
  • 682d3ad VERSION: back to development
  • See full diff in compare view

Updates github.com/fluxcd/helm-controller/api from 1.0.1 to 1.1.0

Release notes

Sourced from github.com/fluxcd/helm-controller/api's releases.

v1.1.0

Changelog

v1.1.0 changelog

Container images

  • docker.io/fluxcd/helm-controller:v1.1.0
  • ghcr.io/fluxcd/helm-controller:v1.1.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/helm-controller/api's changelog.

1.1.0

Release date: 2024-09-26

This minor release comes with various bug fixes and improvements.

The chart values schema validation can now be disabled for install and upgrade actions by setting disableSchemaValidation under .spec.install and .spec.upgrade of a HelmRelease object.

HelmReleases that result in failure during uninstall will now be retried until the uninstall succeeds without any error. See handling failed uninstall docs for various remediations based on the cause of the failure.

helm-controller in sharded deployment configuration now supports cross-shard dependency check. This allows a HelmRelease to depend on other HelmReleases managed by different controller shards.

In addition, the Kubernetes dependencies have been updated to v1.31.1, Helm has been updated to v3.16.1 and various other controller dependencies have been updated to their latest version. The controller is now built with Go 1.23.

Fixes:

  • fix: remove digest check to never ignore helm uninstall errors #1024
  • Allow overwriting inline values with targetPath #1060
  • Fix incorrect use of format strings with the conditions package #1025
  • Re-enable logging json patch on StatusDrifted #1010
  • Ignore 'v' version prefix in OCI artifact and Helm chart #990
  • doc: fix HelmRelease default value for .spec.upgrade.crds #986

Improvements:

  • Allow cross-shard dependency check #1070
  • Add disableSchemaValidation to Helm install/upgrade actions #1068
  • Update Helm to v3.16.1 and enable the adoption of existing resources #1062
  • Build with Go 1.23 #1049
  • Various dependency updates

... (truncated)

Commits
  • 44247e2 Merge pull request #1074 from fluxcd/release-v1.1.0
  • d1a931a Release v1.1.0
  • 037bc86 Add changelog entry for v1.1.0
  • b0010b0 Merge pull request #1070 from fluxcd/deps-api-reader
  • 72ec296 Allow cross-shard dependency check
  • c71258e Merge pull request #1073 from fluxcd/update-sc
  • e3ab7ce Update source-controller to v1.4.1
  • 2e3efaf Merge pull request #1072 from fluxcd/dependabot/github_actions/ci-74c3fc3a14
  • 2932347 Bump the ci group across 1 directory with 2 updates
  • 18d2406 Merge pull request #1071 from fluxcd/deps-update
  • Additional commits viewable in compare view

Updates github.com/fluxcd/kustomize-controller/api from 1.3.0 to 1.4.0

Release notes

Sourced from github.com/fluxcd/kustomize-controller/api's releases.

v1.4.0

Changelog

v1.4.0 changelog

Container images

  • docker.io/fluxcd/kustomize-controller:v1.4.0
  • ghcr.io/fluxcd/kustomize-controller:v1.4.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/kustomize-controller/api's changelog.

1.4.0

Release date: 2024-09-27

This minor release comes with various bug fixes and improvements.

kustomize-controller in sharded deployment configuration now supports cross-shard dependency check. This allows a Kustomization to depend on other Kustomizations managed by different controller shards.

In addition, the Kubernetes dependencies have been updated to v1.31.1 and various other controller dependencies have been updated to their latest version. The controller is now built with Go 1.23.

Fixes:

  • Fix incorrect use of format strings with the conditions package. #1198

Improvements:

Commits
  • 527ec3e Merge pull request #1254 from fluxcd/release-v1.4.0
  • cecc445 Release v1.4.0
  • 02ab2eb Add changelog entry for v1.4.0
  • 72ae7db Merge pull request #1253 from fluxcd/update-bucketv1
  • 3d87349 Update Bucket API to v1
  • 1d1a06b Merge pull request #1251 from fluxcd/update-sc
  • 8e39f7b Update source-controller to v1.4.1
  • 0d28f0f Merge pull request #1248 from fluxcd/deps-api-reader
  • 1899e6c Merge pull request #1250 from fluxcd/dependabot/github_actions/ci-74c3fc3a14
  • 0add02b Merge pull request #1249 from fluxcd/deps-update
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.5.0 to 1.6.1

Commits
  • c8165af Merge pull request #809 from fluxcd/k8s-1.31.1
  • 18924bf Update controller-gen to v0.16.1
  • 735a85b Update dependencies
  • 62475f1 Merge pull request #789 from dipti-pai/pkg-azure-git-wi-auth
  • 1686996 Support Azure OIDC authentication
  • a2a7a01 Merge pull request #808 from matheuscscp/oci-auth-proxy
  • 8b5c43a Add proxy support for oci/auth login
  • d467d6e Merge pull request #807 from fluxcd/dependabot/github_actions/ci-6f7028051e
  • a6b58a7 build(deps): bump the ci group with 2 updates
  • f0eb8aa Merge pull request #806 from fluxcd/dependabot/github_actions/ci-fc48fdf541
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/http/fetch from 0.11.0 to 0.14.0

Commits
  • 909b315 Merge pull request #651 from fluxcd/git-upgrade-deps
  • 3249e6d git: upgrade dependencies
  • 6eae7b4 Merge pull request #650 from pjbgf/upstream-billy
  • e8ee260 git/gogit: Replaces fs with upstream osfs.BoundOS
  • 01981ea Merge pull request #649 from fluxcd/dependabot/github_actions/ci-915f3d3f9a
  • c6bb1fa build(deps): bump the ci group with 2 updates
  • eedb1a0 Merge pull request #646 from fluxcd/oci-cr-logger
  • e6669d8 oci/auth: Add test to check for non-test flags
  • f01d884 oci: Use controller-runtime pkg/log explicitly
  • 488252e Merge pull request #643 from fluxcd/dependabot/github_actions/ci-81eb07bab1
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/kustomize from 1.11.0 to 1.15.0

Commits
  • 42918b3 Merge pull request #843 from fluxcd/deps-int-k8s-1.32
  • ad9c74a Update internal dependencies
  • b9b6a10 Merge pull request #842 from fluxcd/k8s-1.32.0
  • 7b6cd90 Update dependencies to Kubernetes 1.32.0 and Go 1.23.0
  • b9c338a Merge pull request #841 from fluxcd/load-vars
  • cf1915e Make the variables loading function public
  • 84013d4 Merge pull request #839 from fluxcd/workflow-tf-setup
  • b91dc11 workflows: Use setup-terraform install latest
  • 5bf9095 Merge pull request #838 from fluxcd/meta-v1.8.0
  • 05a2b81 Update apis/meta version in chartutil and runtime
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.47.1 to 0.52.0

Commits
  • 593fdc0 Merge pull request #853 from fluxcd/upgrade-event-api
  • f201de8 Upgrade apis/event in runtime
  • a38aa95 Merge pull request #848 from fluxcd/rfc-0008
  • 1747288 [RFC-0008] Custom Event Metadata from Annotations
  • d54623a Merge pull request #835 from ngearhart/update-ecr-parsing
  • 6c80137 Update ECR parsing regex to include non-public AWS partitions
  • cb8e4a8 Merge pull request #852 from fluxcd/update-codeowners
  • c005fbf Update CODEOWNERS
  • 12ec4f3 Merge pull request #849 from fluxcd/dependabot/github_actions/ci-1509149478
  • d21a6ad build(deps): bump the ci group with 2 updates
  • Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/tar from 0.7.0 to 0.10.0

Commits
  • e8e803e Merge pull request #465 from aryan9600/clone-refname
  • ca1dce0 add support for checking out git repo to a ref via gogit
  • 2bb3aa8 Merge pull request #461 from giantswarm/bump-default-client-burst-to-300
  • 4d5a7eb Increase default burst to 300 to conform client-go
  • db1f3af Merge pull request #460 from fluxcd/oci-media-type
  • 2dda8d7 oci: Add media type test
  • e1d86c3 oci: Set created annotation time to UTC
  • 13010c9 oci: Introduce Flux media types
  • 6c2b10b Merge pull request #464 from fluxcd/update-git-lib-deps
  • 228c90b libgit2: just use github.com/google/uuid
  • Additional commits viewable in compare view

Updates github.com/fluxcd/source-controller/api from 1.3.0 to 1.4.1

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.4.1

Changelog

v1.4.1 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.4.1
  • ghcr.io/fluxcd/source-controller:v1.4.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.4.0

Changelog

v1.4.0 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.4.0
  • ghcr.io/fluxcd/source-controller:v1.4.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.4.1

Release date: 2024-09-26

This patch release comes with a fix to the GitRepository API to keep it backwards compatible by removing the default value for .spec.provider field when not set in the API. The controller will internally consider an empty value for the provider as the generic provider.

Fix:

  • GitRepo: Remove provider default value from API #1626

1.4.0

Release date: 2024-09-25

This minor release promotes the Bucket API to GA, and comes with new features, improvements and bug fixes.

Bucket

The Bucket API has been promoted from v1beta2 to v1 (GA). The v1 API is backwards compatible with v1beta2.

Bucket API now supports proxy through the field .spec.proxySecretRef and custom TLS client certificate and CA through the field .spec.certSecretRef.

Bucket API now also supports specifying a custom STS configuration through the field .spec.sts. This is currently only supported for the providers generic and aws. When specifying a custom STS configuration one must specify which STS provider to use. For the generic bucket provider we support the ldap STS provider, and for the aws bucket provider we support the aws STS provider. For the aws STS provider, one may use the default main STS endpoint, or the regional STS endpoints, or even an interface endpoint.

OCIRepository

OCIRepository API now supports proxy through the field .spec.proxySecretRef.

Warning: Proxy is not supported for cosign keyless verification.

GitRepository

GitRepository API now supports OIDC authentication for Azure DevOps repositories through the field .spec.provider using the value azure. See the docs for details here.

In addition, the Kubernetes dependencies have been updated to v1.31.1, Helm has been updated to v3.16.1 and various other controller dependencies have been updated to their latest version. The controller is now built with Go 1.23.

Fixes:

  • helm: Use the default transport pool to preserve proxy settings #1490
  • Fix incorrect use of format strings with the conditions package. #1529
  • Fix HelmChart local dependency resolution for name-based path #1539

... (truncated)

Commits
  • 50035c6 Merge pull request #1628 from fluxcd/release-v1.4.1
  • c2b6b39 Release v1.4.1
  • a2658ba Add changelog entry for v1.4.1
  • a485ed4 Merge pull request #1627 from fluxcd/backport-1626-to-release/v1.4.x
  • 0e4f558 GitRepo: Remove provider default value from API
  • e6e2b15 Merge pull request #1620 from fluxcd/release-v1.4.0
  • e920838 Release v1.4.0
  • c796f52 Add changelog entry for v1.4.0
  • 03889fe Merge pull request #1618 from fluxcd/dependabot/go_modules/go-deps-a9e873101f
  • 32bc10c build(deps): bump the go-deps group across 1 directory with 3 updates
  • Additional commits viewable in compare view

Updates github.com/mandelsoft/vfs from 0.4.3 to 0.4.4

Commits

Updates github.com/onsi/gomega from 1.34.1 to 1.36.1

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.36.1

1.36.1

Fixes

v1.36.0

1.36.0

Features

  • new: make collection-related matchers Go 1.23 iterator aware [4c964c6]

Maintenance

  • Replace min/max helpers with built-in min/max [ece6872]
  • Fix some typos in docs [8e924d7]

v1.35.1

1.35.1

Fixes

  • Export EnforceDefaultTimeoutsWhenUsingContexts and DisableDefaultTimeoutsWhenUsingContext [ca36da1]

v1.35.0

1.35.0

Features

  • You can now call EnforceDefaultTimeoutsWhenUsingContexts() to have Eventually honor the default timeout when passed a context. (prior to this you had to expclility add a timeout) [e4c4265]
  • You can call StopTrying(message).Successfully() to abort a Consistently early without failure [eeca931]

Fixes

  • Stop memoizing the result of HaveField to avoid unexpected errors when used with async assertions. [3bdbc4e]

Maintenance

  • Bump all dependencies [a05a416]

v1.34.2

1.34.2

Require Go 1.22+

Maintenance

  • bump ginkgo as well [c59c6dc]
  • bump to go 1.22 - remove x/exp dependency [8158b99]
Changelog

Sourced from github.com/onsi/gomega's changelog.

1.36.1

Fixes

1.36.0

Features

  • new: make collection-related matchers Go 1.23 iterator aware [4c964c6]

Maintenance

  • Replace min/max helpers with built-in min/max [ece6872]
  • Fix some typos in docs [8e924d7]

1.35.1

Fixes

  • Export EnforceDefaultTimeoutsWhenUsingContexts and DisableDefaultTimeoutsWhenUsingContext [ca36da1]

1.35.0

Features

  • You can now call EnforceDefaultTimeoutsWhenUsingContexts() to have Eventually honor the default timeout when passed a context. (prior to this you had to expclility add a timeout) [e4c4265]
  • You can call StopTrying(message).Successfully() to abort a Consistently early without failure [eeca931]

Fixes

  • Stop memoizing the result of HaveField to avoid unexpected errors when used with async assertions. [3bdbc4e]

Maintenance

  • Bump all dependencies [a05a416]

1.34.2

Require Go 1.22+

Maintenance

  • bump ginkgo as well [c59c6dc]
  • bump to go 1.22 - remove x/exp dependency [8158b99]
Commits

@dependabot
chore(deps): bump the go group across 1 directory with 25 updates
d583d19 
Bumps the go group with 15 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| cuelang.org/go | `0.9.0` | `0.11.2` |
| [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) | `3.2.1` | `3.3.1` |
| [github.com/containers/image/v5](https://github.com/containers/image) | `5.31.0` | `5.33.1` |
| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.3.6` | `0.4.0` |
| [github.com/fluxcd/helm-controller/api](https://github.com/fluxcd/helm-controller) | `1.0.1` | `1.1.0` |
| [github.com/fluxcd/kustomize-controller/api](https://github.com/fluxcd/kustomize-controller) | `1.3.0` | `1.4.0` |
| [github.com/fluxcd/pkg/http/fetch](https://github.com/fluxcd/pkg) | `0.11.0` | `0.14.0` |
| [github.com/fluxcd/pkg/kustomize](https://github.com/fluxcd/pkg) | `1.11.0` | `1.15.0` |
| [github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg) | `0.47.1` | `0.52.0` |
| [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller) | `1.3.0` | `1.4.1` |
| [github.com/mandelsoft/vfs](https://github.com/mandelsoft/vfs) | `0.4.3` | `0.4.4` |
| [github.com/tetratelabs/wazero](https://github.com/tetratelabs/wazero) | `1.7.2` | `1.8.2` |
| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.15.1` | `3.17.0` |
| [sigs.k8s.io/e2e-framework](https://github.com/kubernetes-sigs/e2e-framework) | `0.2.0` | `0.6.0` |
| [github.com/mikefarah/yq/v4](https://github.com/mikefarah/yq) | `4.44.1` | `4.45.1` |



Updates `cuelang.org/go` from 0.9.0 to 0.11.2

Updates `github.com/Masterminds/semver/v3` from 3.2.1 to 3.3.1
- [Release notes](https://github.com/Masterminds/semver/releases)
- [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md)
- [Commits](Masterminds/semver@v3.2.1...v3.3.1)

Updates `github.com/containers/image/v5` from 5.31.0 to 5.33.1
- [Release notes](https://github.com/containers/image/releases)
- [Commits](containers/image@v5.31.0...v5.33.1)

Updates `github.com/cyphar/filepath-securejoin` from 0.3.6 to 0.4.0
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](cyphar/filepath-securejoin@v0.3.6...v0.4.0)

Updates `github.com/fluxcd/helm-controller/api` from 1.0.1 to 1.1.0
- [Release notes](https://github.com/fluxcd/helm-controller/releases)
- [Changelog](https://github.com/fluxcd/helm-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/helm-controller@v1.0.1...v1.1.0)

Updates `github.com/fluxcd/kustomize-controller/api` from 1.3.0 to 1.4.0
- [Release notes](https://github.com/fluxcd/kustomize-controller/releases)
- [Changelog](https://github.com/fluxcd/kustomize-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/kustomize-controller@v1.3.0...v1.4.0)

Updates `github.com/fluxcd/pkg/apis/meta` from 1.5.0 to 1.6.1
- [Commits](fluxcd/pkg@apis/meta/v1.5.0...apis/meta/v1.6.1)

Updates `github.com/fluxcd/pkg/http/fetch` from 0.11.0 to 0.14.0
- [Commits](fluxcd/pkg@git/v0.11.0...git/v0.14.0)

Updates `github.com/fluxcd/pkg/kustomize` from 1.11.0 to 1.15.0
- [Commits](fluxcd/pkg@kustomize/v1.11.0...kustomize/v1.15.0)

Updates `github.com/fluxcd/pkg/runtime` from 0.47.1 to 0.52.0
- [Commits](fluxcd/pkg@runtime/v0.47.1...runtime/v0.52.0)

Updates `github.com/fluxcd/pkg/tar` from 0.7.0 to 0.10.0
- [Commits](fluxcd/pkg@git/v0.7.0...git/v0.10.0)

Updates `github.com/fluxcd/source-controller/api` from 1.3.0 to 1.4.1
- [Release notes](https://github.com/fluxcd/source-controller/releases)
- [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/source-controller@v1.3.0...v1.4.1)

Updates `github.com/mandelsoft/vfs` from 0.4.3 to 0.4.4
- [Release notes](https://github.com/mandelsoft/vfs/releases)
- [Commits](mandelsoft/vfs@v0.4.3...v0.4.4)

Updates `github.com/onsi/gomega` from 1.34.1 to 1.36.1
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.34.1...v1.36.1)

Updates `github.com/tetratelabs/wazero` from 1.7.2 to 1.8.2
- [Release notes](https://github.com/tetratelabs/wazero/releases)
- [Commits](tetratelabs/wazero@v1.7.2...v1.8.2)

Updates `golang.org/x/exp` from 0.0.0-20240719175910-8a7402abbf56 to 0.0.0-20241009180824-f66d83c29e7c
- [Commits](https://github.com/golang/exp/commits)

Updates `helm.sh/helm/v3` from 3.15.1 to 3.17.0
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.15.1...v3.17.0)

Updates `k8s.io/apimachinery` from 0.30.1 to 0.32.0
- [Commits](kubernetes/apimachinery@v0.30.1...v0.32.0)

Updates `k8s.io/client-go` from 0.30.1 to 0.32.0
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.30.1...v0.32.0)

Updates `sigs.k8s.io/controller-runtime` from 0.18.4 to 0.19.3
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.18.4...v0.19.3)

Updates `sigs.k8s.io/e2e-framework` from 0.2.0 to 0.6.0
- [Release notes](https://github.com/kubernetes-sigs/e2e-framework/releases)
- [Changelog](https://github.com/kubernetes-sigs/e2e-framework/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/e2e-framework@v0.2.0...v0.6.0)

Updates `sigs.k8s.io/kustomize/api` from 0.17.2 to 0.18.0
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases)
- [Commits](kubernetes-sigs/kustomize@api/v0.17.2...api/v0.18.0)

Updates `github.com/mikefarah/yq/v4` from 4.44.1 to 4.45.1
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](mikefarah/yq@v4.44.1...v4.45.1)

Updates `k8s.io/api` from 0.30.1 to 0.32.1
- [Commits](kubernetes/api@v0.30.1...v0.32.1)

Updates `k8s.io/apiextensions-apiserver` from 0.30.1 to 0.32.0
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](kubernetes/apiextensions-apiserver@v0.30.1...v0.32.0)

---
updated-dependencies:
- dependency-name: cuelang.org/go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/Masterminds/semver/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/containers/image/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/helm-controller/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/kustomize-controller/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/apis/meta
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/http/fetch
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/kustomize
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/tar
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/source-controller/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/mandelsoft/vfs
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/tetratelabs/wazero
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: golang.org/x/exp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: sigs.k8s.io/e2e-framework
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: sigs.k8s.io/kustomize/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/mikefarah/yq/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. labels Jan 26, 2025
@dependabot dependabot bot requested a review from a team as a code owner January 26, 2025 15:29
@dependabot dependabot bot mentioned this pull request Jan 26, 2025
Closed
@github-actions GitHub Actions
Copy link

Mend Scan Summary: ❌

Repository: open-component-model/ocm-controller

VIOLATION DESCRIPTION NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES 4
MAJOR UPDATES AVAILABLE 0
LICENSE REQUIRES REVIEW 1
LICENSE RISK HIGH 9
RESTRICTED LICENSE FOR ON-PREMISE DELIVERY 0

Detailed Logs: mend-scan-> Generate Report
Mend UI

@github-actions GitHub Actions
Copy link

Mend Scan Summary: ❌

Repository: open-component-model/ocm-controller

VIOLATION DESCRIPTION NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES 4
MAJOR UPDATES AVAILABLE 0
LICENSE REQUIRES REVIEW 1
LICENSE RISK HIGH 9
RESTRICTED LICENSE FOR ON-PREMISE DELIVERY 0

Detailed Logs: mend-scan-> Generate Report
Mend UI

@github-actions GitHub Actions
Copy link

Mend Scan Summary: ❌

Repository: open-component-model/ocm-controller

VIOLATION DESCRIPTION NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES 4
MAJOR UPDATES AVAILABLE 0
LICENSE REQUIRES REVIEW 1
LICENSE RISK HIGH 9
RESTRICTED LICENSE FOR ON-PREMISE DELIVERY 0

Detailed Logs: mend-scan-> Generate Report
Mend UI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
kind/chore chore, maintenance, etc. kind/dependency dependency update, etc.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@hilmarf