chore(deps): bump the go group across 1 directory with 26 updates

[dependabot]

Bumps the go group with 16 updates in the / directory:

Package	From	To
cuelang.org/go	0.9.0	0.12.0
github.com/Masterminds/semver/v3	3.2.1	3.3.1
github.com/containers/image/v5	5.31.0	5.34.0
github.com/cyphar/filepath-securejoin	0.3.6	0.4.1
github.com/fluxcd/helm-controller/api	1.0.1	1.2.0
github.com/fluxcd/kustomize-controller/api	1.3.0	1.5.0
github.com/fluxcd/pkg/apis/event	0.9.0	0.16.0
github.com/fluxcd/pkg/http/fetch	0.11.0	0.15.0
github.com/fluxcd/pkg/kustomize	1.11.0	1.16.0
github.com/fluxcd/pkg/runtime	0.47.1	0.53.1
github.com/fluxcd/source-controller/api	1.3.0	1.5.0
github.com/mandelsoft/vfs	0.4.3	0.4.4
github.com/tetratelabs/wazero	1.7.2	1.9.0
helm.sh/helm/v3	3.15.1	3.17.1
sigs.k8s.io/e2e-framework	0.2.0	0.6.0
github.com/mikefarah/yq/v4	4.44.1	4.45.1

Updates cuelang.org/go from 0.9.0 to 0.12.0

Updates github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.1

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.3.1

What's Changed

• Fix for allowing some version that were invalid by @​mattfarina in Masterminds/semver#253

Full Changelog: Masterminds/semver@v3.3.0...v3.3.1

v3.3.0

What's Changed

• Fix: bad package in README by @​sdelicata in Masterminds/semver#226
• Updating the GitHub Actions and versions of Go used by @​mattfarina in Masterminds/semver#229
• Fix spelling in README by @​robinschneider in Masterminds/semver#222
• Adding go build cache to fuzz output by @​mattfarina in Masterminds/semver#232
• Add caching to fuzz testing by @​mattfarina in Masterminds/semver#234
• updating github actions by @​mattfarina in Masterminds/semver#235
• feat: nil version equality by @​KnutZuidema in Masterminds/semver#213
• add >= and <= by @​grosser in Masterminds/semver#238
• doc: hyphen range constraint without whitespace by @​johnnychen94 in Masterminds/semver#216
• Removing reference to vert by @​mattfarina in Masterminds/semver#245
• simplify StrictNewVersion by @​grosser in Masterminds/semver#241
• Updating the testing version of Go used by @​mattfarina in Masterminds/semver#246
• bumping min version in go.mod based on what's tested by @​mattfarina in Masterminds/semver#248
• Updating changelog for 3.3.0 by @​mattfarina in Masterminds/semver#249

New Contributors

• @​sdelicata made their first contribution in Masterminds/semver#226
• @​robinschneider made their first contribution in Masterminds/semver#222
• @​KnutZuidema made their first contribution in Masterminds/semver#213
• @​grosser made their first contribution in Masterminds/semver#238
• @​johnnychen94 made their first contribution in Masterminds/semver#216

Full Changelog: Masterminds/semver@v3.2.1...v3.3.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

Changelog

3.3.0 (2024-08-27)

Added

• #238: Add LessThanEqual and GreaterThanEqual functions (thanks @​grosser)
• #213: nil version equality checking (thanks @​KnutZuidema)

Changed

• #241: Simplify StrictNewVersion parsing (thanks @​grosser)
• Testing support up through Go 1.23
• Minimum version set to 1.21 as this is what's tested now
• Fuzz testing now supports caching

Commits

• 1558ca3 Merge pull request #253 from mattfarina/fix-bad-versions
• 252dd61 Fix for allowing some version that were invalid
• e6e3d4d Merge pull request #249 from mattfarina/update-changelog-3.3.0
• e80c4ea Updating changelog for 3.3.0
• 80427ad Merge pull request #248 from mattfarina/bump-min-version
• b610837 bumping min version in go.mod based on what's tested
• a4cccd8 Merge pull request #246 from mattfarina/bump-go-1.23
• 7c178cf Updating the testing version of Go used
• 29f94c1 Merge pull request #241 from grosser/grosser/validate
• 2cf1b16 Merge pull request #245 from mattfarina/remove-vert
• Additional commits viewable in compare view

Updates github.com/containers/image/v5 from 5.31.0 to 5.34.0

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.34.0

What's Changed

• Bump c/storage to v1.56.0, c/image to v5.33.0 by @​TomSweeneyRedHat in containers/image#2625
• Update stubs to match signature of actual methods by @​SpangleLabs in containers/image#2541
• docker: add check for too many parts by @​giuseppe in containers/image#2619
• fix(deps): update module golang.org/x/crypto to v0.29.0 by @​renovate in containers/image#2624
• fix(deps): update module golang.org/x/oauth2 to v0.24.0 by @​renovate in containers/image#2626
• chore(deps): update dependency golangci/golangci-lint to v1.62.0 by @​renovate in containers/image#2630
• chore(deps): update dependency containers/automation_images to v20241107 by @​renovate in containers/image#2631
• fix(deps): update module github.com/sigstore/sigstore to v1.8.10 by @​renovate in containers/image#2601
• fix(deps): update module github.com/sylabs/sif/v2 to v2.20.0 by @​renovate in containers/image#2611
• docker: drop use of external distribution challenge pkg by @​flavianmissi in containers/image#2629
• Merge tag 'v5.33.0' into main by @​mtrmac in containers/image#2634
• Improve an error message by @​mtrmac in containers/image#2595
• Propagate CompressedDigest/CompressedSize when reusing data from another layer by @​mtrmac in containers/image#2583
• chore(deps): update dependency golangci/golangci-lint to v1.62.2 by @​renovate in containers/image#2640
• fix(deps): update module github.com/proglottis/gpgme to v0.1.4 by @​renovate in containers/image#2638
• fix(deps): update module github.com/stretchr/testify to v1.10.0 by @​renovate in containers/image#2639
• Two small lint updates by @​mtrmac in containers/image#2642
• Use testify's ErrorAs to simplify tests a bit by @​mtrmac in containers/image#2641
• Fix excessive memory and disk usage when sharing layers by @​mtrmac in containers/image#2636
• Fix a missing s.lock.Unlock() on an error path by @​mtrmac in containers/image#2643
• In pulls, compute DiffIDs earlier, and also for v2s2 by @​mtrmac in containers/image#2635
• Update module golang.org/x/sync to v0.10.0 by @​renovate in containers/image#2650
• Update golang.org/x/exp digest to 2d47ceb by @​renovate in containers/image#2648
• Update module golang.org/x/term to v0.27.0 by @​renovate in containers/image#2651
• Update module golang.org/x/crypto to v0.30.0 by @​renovate in containers/image#2652
• Update module github.com/docker/docker to v27.4.0+incompatible by @​renovate in containers/image#2654
• Update module github.com/docker/cli to v27.4.0+incompatible by @​renovate in containers/image#2653
• Update module golang.org/x/crypto to v0.31.0 by @​renovate in containers/image#2655
• Update module github.com/sylabs/sif/v2 to v2.20.1 by @​renovate in containers/image#2656
• Update module github.com/sigstore/sigstore to v1.8.11 by @​renovate in containers/image#2657
• Update module github.com/secure-systems-lab/go-securesystemslib to v0.9.0 by @​renovate in containers/image#2658
• Update module github.com/containers/ocicrypt to v1.2.1 by @​renovate in containers/image#2659
• Update module github.com/docker/docker to v27.4.1+incompatible by @​renovate in containers/image#2662
• Update module github.com/sylabs/sif/v2 to v2.20.2 by @​renovate in containers/image#2660
• Update module github.com/docker/cli to v27.4.1+incompatible by @​renovate in containers/image#2661
• Fix docker daemon on Windows trying to use https instead of http for named pipes by @​brbayes-msft in containers/image#2666
• Update dependency golangci/golangci-lint to v1.63.2 by @​renovate in containers/image#2667
• Update dependency golangci/golangci-lint to v1.63.3 by @​renovate in containers/image#2668
• Update dependency golangci/golangci-lint to v1.63.4 by @​renovate in containers/image#2669
• OCI layout extensions by @​vrothberg in containers/image#2633
• Update module golang.org/x/term to v0.28.0 by @​renovate in containers/image#2671
• Update module golang.org/x/oauth2 to v0.25.0 by @​renovate in containers/image#2670
• Update module golang.org/x/crypto to v0.32.0 by @​renovate in containers/image#2674
• Update module github.com/vbauerster/mpb/v8 to v8.9.1 by @​renovate in containers/image#2675
• Add a comment justifying lack of unit test coverage by @​mtrmac in containers/image#2673
• Move JSONFormatToInvalidSignatureError to an unconditionally-included file by @​mtrmac in containers/image#2632
• Update dependency containers/automation_images to v20250107 by @​renovate in containers/image#2677
• Update module github.com/sigstore/sigstore to v1.8.12 by @​renovate in containers/image#2678

... (truncated)

Commits

• 51a5d96 Bump to c/image v5.34.0
• 771660e Bump c/storage to v1.57.1
• 7f0e59d Merge pull request #2696 from Luap99/ENOENT
• 3f17e2e ignore ENOENT errors when parsing .crt files
• c9771a8 ignore ENOENT errors when parsing registries.conf.d files
• 1294122 ignore ENOENT errors when parsing registries.d files
• b5c6aff Merge pull request #2693 from containers/renovate/github.jparrowsec.cn-docker-docker-27.x
• 1683fc2 Update module github.com/docker/docker to v27.5.1+incompatible
• 16f7e1e Merge pull request #2692 from containers/renovate/github.jparrowsec.cn-docker-cli-27.x
• 30f0d87 Update module github.com/docker/cli to v27.5.1+incompatible
• Additional commits viewable in compare view

Updates github.com/cyphar/filepath-securejoin from 0.3.6 to 0.4.1

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.4.1

This release fixes a regression introduced in one of the hardening features added to filepath-securejoin 0.4.0.

• The restrictions added for root paths passed to SecureJoin in 0.4.0 was found to be too strict and caused some regressions when folks tried to update, so this restriction has been relaxed to only return an error if the path contains a .. component. We still recommend users use filepath.Clean (and even filepath.EvalSymlinks) on the root path they are using, but at least you will no longer be punished for "trivial" unclean paths. (#46)

Signed-off-by: Aleksa Sarai [email protected]

v0.4.0

This release primarily includes a few minor breaking changes to make the MkdirAll and SecureJoin interfaces more robust against accidental misuse.

• SecureJoin(VFS) will now return an error if the provided root is not a filepath.Clean'd path.

  While it is ultimately the responsibility of the caller to ensure the root is a safe path to use, passing a path like /symlink/.. as a root would result in the SecureJoin'd path being placed in / even though /symlink/.. might be a different directory, and so we should more strongly discourage such usage.

  All major users of securejoin.SecureJoin already ensure that the paths they provide are safe (and this is ultimately a question of user error), but removing this foot-gun is probably a good idea. Of course, this is necessarily a breaking API change (though we expect no real users to be affected by it).

  Thanks to Erik Sjölund, who initially reported this issue as a possible security issue.

• MkdirAll and MkdirHandle now take an os.FileMode-style mode argument instead of a raw unix.S_*-style mode argument, which may cause compile-time type errors depending on how you use filepath-securejoin. For most users, there will be no change in behaviour aside from the type change (as the bottom 0o777 bits are the same in both formats, and most users are probably only using those bits).

  However, if you were using unix.S_ISVTX to set the sticky bit with MkdirAll(Handle) you will need to switch to os.ModeSticky otherwise you will get a runtime error with this update. In addition, the error message you will get from passing unix.S_ISUID and unix.S_ISGID will be different as they are treated as invalid bits now (note that previously passing said bits was also an error).

... (truncated)

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.4.1] - 2025-01-28

Fixed

• The restrictions added for root paths passed to SecureJoin in 0.4.0 was found to be too strict and caused some regressions when folks tried to update, so this restriction has been relaxed to only return an error if the path contains a .. component. We still recommend users use filepath.Clean (and even filepath.EvalSymlinks) on the root path they are using, but at least you will no longer be punished for "trivial" unclean paths.

[0.4.0] - 2025-01-13

Breaking

• SecureJoin(VFS) will now return an error if the provided root is not a filepath.Clean'd path.

  While it is ultimately the responsibility of the caller to ensure the root is a safe path to use, passing a path like /symlink/.. as a root would result in the SecureJoin'd path being placed in / even though /symlink/.. might be a different directory, and so we should more strongly discourage such usage.

  All major users of securejoin.SecureJoin already ensure that the paths they provide are safe (and this is ultimately a question of user error), but removing this foot-gun is probably a good idea. Of course, this is necessarily a breaking API change (though we expect no real users to be affected by it).

  Thanks to Erik Sjölund, who initially reported this issue as a possible security issue.

• MkdirAll and MkdirHandle now take an os.FileMode-style mode argument instead of a raw unix.S_*-style mode argument, which may cause compile-time type errors depending on how you use filepath-securejoin. For most users, there will be no change in behaviour aside from the type change (as the bottom 0o777 bits are the same in both formats, and most users are probably only using those bits).

  However, if you were using unix.S_ISVTX to set the sticky bit with MkdirAll(Handle) you will need to switch to os.ModeSticky otherwise you will get a runtime error with this update. In addition, the error message you will get from passing unix.S_ISUID and unix.S_ISGID will be different as they are treated as invalid bits now (note that previously passing said bits was also an error).

Commits

• 7abd870 VERSION: release v0.4.1
• 509a359 merge #47 into cyphar/filepath-securejoin:main
• fbaef26 join: loosen cleanliness requirements for SecureJoin root
• 54460df merge #45 into cyphar/filepath-securejoin:main
• 14e6cfe VERSION: back to development
• 9a17e6b VERSION: release v0.4.0
• e410d4a merge #44 into cyphar/filepath-securejoin:main
• ea4e5b6 gha: add GOARCH=386 build check
• 0c2fbe6 mkdirall: switch to os.FileMode argument
• f3a512c merge #43 into cyphar/filepath-securejoin:main
• Additional commits viewable in compare view

Updates github.com/fluxcd/helm-controller/api from 1.0.1 to 1.2.0

Release notes

Sourced from github.com/fluxcd/helm-controller/api's releases.

v1.2.0

Changelog

v1.2.0 changelog

Container images

• docker.io/fluxcd/helm-controller:v1.2.0
• ghcr.io/fluxcd/helm-controller:v1.2.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.1.0

Changelog

v1.1.0 changelog

Container images

• docker.io/fluxcd/helm-controller:v1.1.0
• ghcr.io/fluxcd/helm-controller:v1.1.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/helm-controller/api's changelog.

1.2.0

Release date: 2025-02-19

This minor release comes with various bug fixes and improvements.

In addition, the Kubernetes dependencies have been updated to v1.32.1, Helm has been updated to v3.17.1 and various other controller dependencies have been updated to their latest version.

Fixes:

• Replace _ with + when verifying the chart version matches the OCI artifact tag #1102
• fix: handle "leader changed" errors #1084
• Make ValuesReference an alias for backwards compat #1126
• Fix install and upgrade applying subchart CRDs when condition is false #1123
• fix: use HelmRelease max history for rollback remediation #1169

Improvements:

• Refactor values composition to use pkg/chartutil #1122
• docs: Rendering the final Values locally #1127
• Add disableTakeOwnership to Helm install/upgrade actions #1140
• Various dependency updates #1103 #1121 #1129 #1142 #1160 #1158 #1165 #1168 #1171 #1167 #1173 #1170

1.1.0

Release date: 2024-09-26

This minor release comes with various bug fixes and improvements.

The chart values schema

... (truncated)

Commits

• 8e4de32 Merge pull request #1174 from fluxcd/release-v1.2.0
• 9463301 Release v1.2.0
• 94c60d5 Add changelog entry for v1.2.0
• 34d0036 Merge pull request #1170 from fluxcd/dependabot/go_modules/go-deps-d8ecef8942
• e22eb27 Bump the go-deps group across 1 directory with 2 updates
• 93eef0d Merge pull request #1173 from fluxcd/upgrade-helm
• 25f3db5 Upgrade helm to v3.17.1
• 3385e3f Merge pull request #1167 from fluxcd/dependabot/github_actions/ci-4ac27b1555
• f80b06b Bump the ci group across 1 directory with 2 updates
• da8af05 Merge pull request #1171 from fluxcd/upgrade-deps
• Additional commits viewable in compare view

Updates github.com/fluxcd/kustomize-controller/api from 1.3.0 to 1.5.0

Release notes

Sourced from github.com/fluxcd/kustomize-controller/api's releases.

v1.5.0

Changelog

v1.5.0 changelog

Container images

• docker.io/fluxcd/kustomize-controller:v1.5.0
• ghcr.io/fluxcd/kustomize-controller:v1.5.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.4.0

Changelog

v1.4.0 changelog

Container images

• docker.io/fluxcd/kustomize-controller:v1.4.0
• ghcr.io/fluxcd/kustomize-controller:v1.4.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/kustomize-controller/api's changelog.

1.5.0

Release date: 2025-02-18

This minor release comes with various bug fixes and improvements.

The controller has been updated to Kustomize v5.6, please see the kubernetes-sigs/kustomize changelog for more details.

The Kustomization API now supports custom health checks for Custom Resources through Common Expression Language (CEL) expressions. See docs.

The controller now sends an origin revision from OCI artifact annotations to notification-controller on events, which is useful for updating commit statuses on the notification providers that support this feature. See docs.

It is now also possible to control whether or not kustomize-controller will orphan resources when a Kustomization is deleted. See docs.

In addition, the Kubernetes dependencies have been updated to v1.32.1 and various other controller dependencies have been updated to their latest version.

Fixes:

• Clarify precedence in Kustomization substituteFrom #1301
• Remove deprecated object metrics from controllers #1305

Improvements:

• Enable decryption of secrets generated by Kustomize components #1283
• Added decryption of Kustomize patches and refactor SOPS tests #1286
• Allow control of finalization garbage collection #1314
• Add OCI revision to events #1338
• [RFC-0009] Add CEL custom healthchecks #1344
• Add GroupChangeLog feature gate to fix es indexing cardinality #1361
• Various dependency updates #1302 #1304

... (truncated)

Commits

• 9ce7db7 Merge pull request #1365 from fluxcd/release-v1.5.0
• 676fc61 Release v1.5.0
• 5d2bcf9 Add changelog entry for v1.5.0
• fc2a95e Merge pull request #1358 from fluxcd/dependabot/github_actions/ci-4ac27b1555
• 3b0de40 Merge pull request #1364 from fluxcd/dependabot/go_modules/go-deps-4d974c417d
• f82ae38 Merge pull request #1362 from fluxcd/upgrade-deps
• cc89da1 Bump the ci group across 1 directory with 2 updates
• 6790333 Bump golang.org/x/net in the go-deps group across 1 directory
• 947be82 Merge pull request #1361 from 94DanielBrown/main
• 230b55f chore: add GroupChangeLog feature gate to fix es indexing cardinality
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/event from 0.9.0 to 0.16.0

Commits

• 91eda6e Merge pull request #694 from fluxcd/git-deps-up
• 2a64584 Use gomega in sourceignore
• 46577cd Update golang.org dependencies
• e6b6af7 Merge pull request #685 from knutgoetz/chore/gogit/delete-gogiterror-function
• cbc2172 Delete obsolete goGitError function
• 02723c3 Merge pull request #693 from fluxcd/go-git-v5.10.1
• 3715de1 Update go-git to v5.10.1
• ce91255 Merge pull request #692 from fluxcd/ssa-nits
• 8fc4505 ssa: prevent unnecessary DeepCopy
• cc07605 Merge pull request #691 from fluxcd/jsondiff-include-obj
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.5.0 to 1.10.0

Commits

• 2f763a4 Merge pull request #857 from fluxcd/custom-healthchecks
• a6353b2 Add healthcheck expressions to kustomize types
• af0f283 Merge pull request #859 from fluxcd/cel-meta
• 1178930 Add InvalidCELExpressionReason to apis/meta
• f39dac4 Merge pull request #861 from fluxcd/deps-kube-v0.32.1
• 70e88cb Update dependencies
• f59d360 Merge pull request #850 from kane8n/support-sparse-checkout
• a033d2f support sparse checkout
• 528bc56 Merge pull request #856 from fluxcd/get-revision
• a189152 Add GetRevision() to Event API
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/http/fetch from 0.11.0 to 0.15.0

Commits

• cc785fa Merge pull request #686 from fluxcd/k8s-1.28
• 1d7d31b all: Group github.com/fluxcd/cli-utils imports
• 09ba5d8 runtime: Add pprof.GetHandlers to help setup the metrics server
• 768085d runtime: Update sigs.k8s.io/controller-runtime to v0.16.3
• 2e007cb ssa: Update Kubernetes to v1.28.4
• e7686cf kustomize: Update Kustomize to v5.2.1
• 3be575d oci: Update sigs.k8s.io/controller-runtime to v0.16.3
• 7f72436 helmtestserver: Update Helm to v3.13.2
• fe543f5 git: Update golang.org/x/crypto to v0.15.0
• 129adfd apis: Update Kubernetes to v1.28
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/kustomize from 1.11.0 to 1.16.0

Commits

• e454462 Merge pull request #864 from fluxcd/internal-deps-bump
• 2959020 Update internal dependencies
• c964ce7 Merge pull request #858 from fluxcd/custom-healthchecks-impl
• 62d235c Add CEL library with custom healthchecks to runtime
• 243510f Merge pull request #863 from fluxcd/dependabot/github_actions/ci-83dfb6cda2
• 3cffbeb build(deps): bump the ci group across 1 directory with 3 updates
• 2f763a4 Merge pull request #857 from fluxcd/custom-healthchecks
• a6353b2 Add healthcheck expressions to kustomize types
• af0f283 Merge pull request #859 from fluxcd/cel-meta
• 1178930 Add InvalidCELExpressionReason to apis/meta
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.47.1 to 0.53.1

Commits

• c911231 Merge pull request #868 from fluxcd/fix-panic
• 51166e7 Fix panic on nil map entry assignment for custom event metadata
• 7c90c14 Merge pull request #862 from YvanGuidoin/rework-ssa-diffoptions
• 88a752e Add tests for DiffOptions.IfNotPresentSelector
• dd54c6a Align ResourceManager.Diff Skipping resources with ResourceManager.Apply
• e454462 Merge pull request #864 from fluxcd/internal-deps-bump
• 2959020 Update internal dependencies
• c964ce7 Merge pull request #858 from fluxcd/custom-healthchecks-impl
• 62d235c Add CEL library with custom healthchecks to runtime
• 243510f Merge pull request #863 from fluxcd/dependabot/github_actions/ci-83dfb6cda2
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/tar from 0.7.0 to 0.10.0

Commits

• e8e803e Merge pull request #465 from aryan9600/clone-refname
• ca1dce0 add support for checking out git repo to a ref via gogit
• 2bb3aa8 Merge pull request #461 from giantswarm/bump-default-client-burst-to-300
• 4d5a7eb Increase default burst to 300 to conform client-go
• db1f3af Merge pull request #460 from fluxcd/oci-media-type
• 2dda8d7 oci: Add media type test
• e1d86c3 oci: Set created annotation time to UTC
• 13010c9 oci: Introduce Flux media types
• 6c2b10b Merge pull request #464 from fluxcd/update-git-lib-deps
• 228c90b libgit2: just use github.com/google/uuid
• Additional commits viewable in compare view

Updates github.com/fluxcd/source-controller/api from 1.3.0 to 1.5.0

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.5.0

Changelog

v1.5.0 changelog

Container images

• docker.io/fluxcd/source-controller:v1.5.0
• ghcr.io/fluxcd/source-controller:v1.5.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.4.1

Changelog

v1.4.1 changelog

Container images

• docker.io/fluxcd/source-controller:v1.4.1
• ghcr.io/fluxcd/source-controller:v1.4.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.4.0

Changelog

v1.4.0 changelog

Container images

• docker.io/fluxcd/source-controller:v1.4.0
• ghcr.io/fluxcd/source-controller:v1.4.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.5.0

Release date: 2025-02-13

This minor release comes with various bug fixes and improvements.

GitRepository

The GitRepository API now supports authenticating through GitHub App for GitHub repositories. See docs.

In addition, the Kubernetes dependencies have been updated to v1.32.1, Helm has been updated to v3.17.0 and various other controller dependencies have been updated to their latest version.

Fixes:

• Remove deprecated object metrics from controllers #1686

Improvements:

• [RFC-007] Implement GitHub app authentication for git repositories. #1647
• Various dependency updates #1684 #1689 #1693 #1705 #1708 #1709 #1713 #1716

1.4.1

Release date: 2024-09-26

This patch release comes with a fix to the GitRepository API to keep it backwards compatible by removing the default value for .spec.provider field when not set in the API. The controller will internally consider an empty value for the provider as the generic provider.

Fix:

• GitRepo: Remove provider default value from API #1626

1.4.0

Release date: 2024-09-25

... (truncated)

Commits

• 301fc72 Merge pull request #1718 from fluxcd/release-v1.5.0
• 5f4beba Release v1.5.0
• 428d0c5 Add changelog entry for v1.5.0
• c5046b8 Merge pull request

[github-actions]

Mend Scan Summary: ❌

Repository: open-component-model/ocm-controller

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	2
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	1
LICENSE RISK HIGH	9
RESTRICTED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report
Mend UI

[dependabot]

Superseded by #607.