Skip to content

chore(deps): bump the go group with 6 updates #158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hilmarf merged 1 commit into from
Jun 30, 2025
Merged

chore(deps): bump the go group with 6 updates #158

hilmarf merged 1 commit into from
Jun 30, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 29, 2025

Bumps the go group with 6 updates:

Package From To
github.com/fluxcd/flux2/v2 2.6.2 2.6.3
github.com/fluxcd/image-automation-controller/api 0.41.1 0.41.2
github.com/fluxcd/pkg/runtime 0.60.0 0.62.0
github.com/fluxcd/source-controller/api 1.6.1 1.6.2
sigs.k8s.io/kustomize/api 0.19.0 0.20.0
sigs.k8s.io/yaml 1.4.0 1.5.0

Updates github.com/fluxcd/flux2/v2 from 2.6.2 to 2.6.3

Release notes

Sourced from github.com/fluxcd/flux2/v2's releases.

v2.6.3

Highlights

Flux v2.6.3 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

Fixes:

  • Fix for rsa-sha2-512 and rsa-sha2-256 algorithms not being prioritized for ssh-rsa host keys in source-controller, image-automation-controller and Flux CLI bootstrap.

Components changelog

CLI changed

Full Changelog: fluxcd/flux2@v2.6.2...v2.6.3

Commits
  • bda4c81 Merge pull request #5427 from fluxcd/backport-5426-to-release/v2.6.x
  • 3f281da Fix: Prioritize sha2-512 and sha2-256 for ssh-rsa host keys
  • 963e991 Update toolkit components
  • See full diff in compare view

Updates github.com/fluxcd/image-automation-controller/api from 0.41.1 to 0.41.2

Release notes

Sourced from github.com/fluxcd/image-automation-controller/api's releases.

v0.41.2

Changelog

v0.41.2 changelog

Container images

  • docker.io/fluxcd/image-automation-controller:v0.41.2
  • ghcr.io/fluxcd/image-automation-controller:v0.41.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/image-automation-controller/api's changelog.

0.41.2

Release date: 2025-06-27

This patch release comes with a fix for rsa-sha2-512 and rsa-sha2-256 algorithms not being prioritized for ssh-rsa host keys.

Fixes:

  • Fix: Prioritize sha2-512 and sha2-256 for ssh-rsa host keys #932
Commits
  • f80db58 Merge pull request #933 from fluxcd/release-v.41.2
  • 152bf82 Release v0.41.2
  • 45875bb Merge pull request #932 from fluxcd/fix-ssh-host-key-sha2
  • 0066166 Fix: Prioritize sha2-512 and sha2-256 for ssh-rsa host keys
  • See full diff in compare view

Updates github.com/fluxcd/pkg/runtime from 0.60.0 to 0.62.0

Commits
  • 645523e Merge pull request #955 from cappyzawa/add-deprecated-field-logging
  • 88a990f runtime/secrets: add legacy field logging to TLS functions
  • 264a3b3 Merge pull request #954 from fluxcd/fix-rsa-hk-algos
  • 343e4db Add test for cloning Azure DevOps Git repository with SSH
  • 780892c Support rsa-sha2-512 and rsa-sha2-256 host key algos when ssh-rsa is supported
  • e5de5fa Merge pull request #951 from cappyzawa/remove-runtime-tls-package
  • aab4541 runtime/tls: remove deprecated package
  • 5d70542 Merge pull request #950 from cappyzawa/add-runtime-secrets-package
  • deb3fae fixup! fixup! runtime/secrets: add package for consolidated secret handling
  • 9eb2c69 fixup! fixup! fixup! fixup! runtime/secrets: add package for consolidated sec...
  • Additional commits viewable in compare view

Updates github.com/fluxcd/source-controller/api from 1.6.1 to 1.6.2

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.6.2

Changelog

v1.6.2 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.6.2
  • ghcr.io/fluxcd/source-controller:v1.6.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.6.2

Release date: 2025-06-27

This patch release comes with a fix for rsa-sha2-512 and rsa-sha2-256 algorithms not being prioritized for ssh-rsa host keys.

Fixes:

  • Fix: Prioritize sha2-512 and sha2-256 for ssh-rsa host keys #1839
Commits
  • 254ef2e Merge pull request #1842 from fluxcd/release-v1.6.2
  • 5b4b54c Release v1.6.2
  • 55b4527 Add changelog entry for v1.6.2
  • 837e212 Merge pull request #1840 from fluxcd/backport-1839-to-release/v1.6.x
  • cf3dcb7 Fix: Prioritize sha2-512 and sha2-256 for ssh-rsa host keys
  • See full diff in compare view

Updates sigs.k8s.io/kustomize/api from 0.19.0 to 0.20.0

Release notes

Sourced from sigs.k8s.io/kustomize/api's releases.

api/v0.20.0

#5630: Add static value source for replacement #5771: fix: Allow patches with empty files with multiple newlines or comments #5846: fix: Get version from the BuildInfo.Main.Version if not found in deps and build flag #5847: replace deplecated package github.com/google/shlex with github.com/carapace-sh/carapace-shlex #5859: fix: Don't panic on multiple $patch: delete strategic merge patches in a single patch file #5865: feat(helm): allow the use of devel alias for helmcharts #5873: Bump to github.com/spf13/viper v1.20.0 #5877: fix: make private one field in replacements transformer struct that had a missing JSON tag #5882: Set Git messages to English for TestRemoteLoad_LocalProtocol #5921: feat: Add suport for Image Volumes #5931: Drop usage of forked copies of goyaml.v2 and goyaml.v3 #5934: Update kyaml to v0.20.0

cmd/config/v0.20.0

#5873: Bump to github.com/spf13/viper v1.20.0 #5931: Drop usage of forked copies of goyaml.v2 and goyaml.v3 #5934: Update kyaml to v0.20.0

kyaml/v0.20.0

#5316: feat: add exec-plugin argument and environment support #5873: Bump to github.com/spf13/viper v1.20.0 #5931: Drop usage of forked copies of goyaml.v2 and goyaml.v3

Commits
  • b1bfac4 Merge pull request #5935 from koba1t/pinToCmdConfig
  • 40d1f35 Update cmd/config to v0.20.0
  • 1a51592 Merge pull request #5934 from koba1t/pinToKyaml
  • f54b2b4 Update kyaml to v0.20.0
  • 03ae5c9 Merge pull request #5846 from dmvolod/issue-5845-fix-version
  • 0fe722e Merge pull request #5931 from dims/drop-usage-of-forked-copies-of-goyaml.v2-a...
  • a7703f6 Drop usage of forked copies of goyaml.v2 and goyaml.v3
  • ba617e5 Merge pull request #5921 from ThisIsQasim/imagevolume
  • 7558804 Merge pull request #5918 from kubernetes-sigs/dependabot/github_actions/joela...
  • 832f873 Merge pull request #5927 from kubernetes-sigs/dependabot/go_modules/hack/gith...
  • Additional commits viewable in compare view

Updates sigs.k8s.io/yaml from 1.4.0 to 1.5.0

Release notes

Sourced from sigs.k8s.io/yaml's releases.

v1.5.0

Full Changelog: kubernetes-sigs/yaml@v1.4.0...v1.5.0

Commits
  • 0f318dc Merge pull request #134 from kubernetes-sigs/forgot-to-add-redirects-for-cons...
  • b8fc0c0 Forgot to add redirects for v3 constants
  • 8eaa802 Merge pull request #133 from kubernetes-sigs/deprecate-code-in-goyaml.v3-goya...
  • 69e45c1 Deprecate code in goyaml.v2/goyaml.v3 directories and redirect
  • 0fe7da3 Merge pull request #125 from kragniz/go-1.24
  • 14cbb88 Test against go 1.24.x
  • c6ac2c9 Merge pull request #126 from kragniz/remove-travis
  • 203ded9 Remove old travisci config file
  • b9a9b1c Merge pull request #106 from ThatsMrTalbot/patch-1
  • 4c6913f fix: wrap errors returned by JSON unmarshal
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the go group with 6 updates
8bc98b3 
Bumps the go group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/fluxcd/flux2/v2](https://github.com/fluxcd/flux2) | `2.6.2` | `2.6.3` |
| [github.com/fluxcd/image-automation-controller/api](https://github.com/fluxcd/image-automation-controller) | `0.41.1` | `0.41.2` |
| [github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg) | `0.60.0` | `0.62.0` |
| [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller) | `1.6.1` | `1.6.2` |
| [sigs.k8s.io/kustomize/api](https://github.com/kubernetes-sigs/kustomize) | `0.19.0` | `0.20.0` |
| [sigs.k8s.io/yaml](https://github.com/kubernetes-sigs/yaml) | `1.4.0` | `1.5.0` |


Updates `github.com/fluxcd/flux2/v2` from 2.6.2 to 2.6.3
- [Release notes](https://github.com/fluxcd/flux2/releases)
- [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml)
- [Commits](fluxcd/flux2@v2.6.2...v2.6.3)

Updates `github.com/fluxcd/image-automation-controller/api` from 0.41.1 to 0.41.2
- [Release notes](https://github.com/fluxcd/image-automation-controller/releases)
- [Changelog](https://github.com/fluxcd/image-automation-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/image-automation-controller@v0.41.1...v0.41.2)

Updates `github.com/fluxcd/pkg/runtime` from 0.60.0 to 0.62.0
- [Commits](fluxcd/pkg@runtime/v0.60.0...runtime/v0.62.0)

Updates `github.com/fluxcd/source-controller/api` from 1.6.1 to 1.6.2
- [Release notes](https://github.com/fluxcd/source-controller/releases)
- [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/source-controller@v1.6.1...v1.6.2)

Updates `sigs.k8s.io/kustomize/api` from 0.19.0 to 0.20.0
- [Release notes](https://github.com/kubernetes-sigs/kustomize/releases)
- [Commits](kubernetes-sigs/kustomize@api/v0.19.0...api/v0.20.0)

Updates `sigs.k8s.io/yaml` from 1.4.0 to 1.5.0
- [Release notes](https://github.com/kubernetes-sigs/yaml/releases)
- [Changelog](https://github.com/kubernetes-sigs/yaml/blob/master/RELEASE.md)
- [Commits](kubernetes-sigs/yaml@v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/fluxcd/flux2/v2
  dependency-version: 2.6.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/fluxcd/image-automation-controller/api
  dependency-version: 0.41.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: github.com/fluxcd/pkg/runtime
  dependency-version: 0.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: github.com/fluxcd/source-controller/api
  dependency-version: 1.6.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go
- dependency-name: sigs.k8s.io/kustomize/api
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
- dependency-name: sigs.k8s.io/yaml
  dependency-version: 1.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. labels Jun 29, 2025
@dependabot dependabot bot requested a review from a team as a code owner June 29, 2025 06:38
@dependabot dependabot bot added kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. labels Jun 29, 2025
@hilmarf hilmarf enabled auto-merge (squash) June 30, 2025 18:13
@hilmarf hilmarf merged commit 34a9b92 into main Jun 30, 2025
4 checks passed
@hilmarf hilmarf deleted the dependabot/go_modules/go-9a8af2c8c7 branch June 30, 2025 18:14
@ocmbot ocmbot bot added this to the 2025-Q2 milestone Jun 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@hilmarf hilmarf hilmarf approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

kind/chore chore, maintenance, etc. kind/dependency dependency update, etc.

Projects

None yet

Milestone

2025-Q2

Development

Successfully merging this pull request may close these issues.

2 participants

@hilmarf