chore(deps): bump the go group with 9 updates#947
Merged
Conversation
Bumps the go group with 9 updates: | Package | From | To | | --- | --- | --- | | [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.6.1` | `0.7.0` | | [github.com/fluxcd/helm-controller/api](https://github.com/fluxcd/helm-controller) | `1.5.5` | `1.6.0` | | [github.com/fluxcd/kustomize-controller/api](https://github.com/fluxcd/kustomize-controller) | `1.8.5` | `1.9.0` | | [github.com/fluxcd/pkg/kustomize](https://github.com/fluxcd/pkg) | `1.34.0` | `1.35.0` | | [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller) | `1.8.5` | `1.9.0` | | [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.6` | `0.21.7` | | [github.com/onsi/gomega](https://github.com/onsi/gomega) | `1.41.0` | `1.42.0` | | [helm.sh/helm/v3](https://github.com/helm/helm) | `3.21.1` | `3.21.2` | | [ocm.software/ocm](https://github.com/open-component-model/ocm) | `0.43.0` | `0.44.0` | Updates `github.com/cyphar/filepath-securejoin` from 0.6.1 to 0.7.0 - [Release notes](https://github.com/cyphar/filepath-securejoin/releases) - [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md) - [Commits](cyphar/filepath-securejoin@v0.6.1...v0.7.0) Updates `github.com/fluxcd/helm-controller/api` from 1.5.5 to 1.6.0 - [Release notes](https://github.com/fluxcd/helm-controller/releases) - [Changelog](https://github.com/fluxcd/helm-controller/blob/main/CHANGELOG.md) - [Commits](fluxcd/helm-controller@v1.5.5...v1.6.0) Updates `github.com/fluxcd/kustomize-controller/api` from 1.8.5 to 1.9.0 - [Release notes](https://github.com/fluxcd/kustomize-controller/releases) - [Changelog](https://github.com/fluxcd/kustomize-controller/blob/main/CHANGELOG.md) - [Commits](fluxcd/kustomize-controller@v1.8.5...v1.9.0) Updates `github.com/fluxcd/pkg/kustomize` from 1.34.0 to 1.35.0 - [Commits](fluxcd/pkg@kustomize/v1.34.0...kustomize/v1.35.0) Updates `github.com/fluxcd/source-controller/api` from 1.8.5 to 1.9.0 - [Release notes](https://github.com/fluxcd/source-controller/releases) - [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md) - [Commits](fluxcd/source-controller@v1.8.5...v1.9.0) Updates `github.com/google/go-containerregistry` from 0.21.6 to 0.21.7 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Commits](google/go-containerregistry@v0.21.6...v0.21.7) Updates `github.com/onsi/gomega` from 1.41.0 to 1.42.0 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.41.0...v1.42.0) Updates `helm.sh/helm/v3` from 3.21.1 to 3.21.2 - [Release notes](https://github.com/helm/helm/releases) - [Commits](helm/helm@v3.21.1...v3.21.2) Updates `ocm.software/ocm` from 0.43.0 to 0.44.0 - [Release notes](https://github.com/open-component-model/ocm/releases) - [Changelog](https://github.com/open-component-model/ocm/blob/main/RELEASE_PROCESS.md) - [Commits](open-component-model/ocm@v0.43...v0.44) --- updated-dependencies: - dependency-name: github.com/cyphar/filepath-securejoin dependency-version: 0.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/fluxcd/helm-controller/api dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/fluxcd/kustomize-controller/api dependency-version: 1.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/fluxcd/pkg/kustomize dependency-version: 1.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/fluxcd/source-controller/api dependency-version: 1.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/google/go-containerregistry dependency-version: 0.21.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/onsi/gomega dependency-version: 1.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: helm.sh/helm/v3 dependency-version: 3.21.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: ocm.software/ocm dependency-version: 0.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go ... Signed-off-by: dependabot[bot] <support@github.com>
matthiasbruns
approved these changes
Jun 22, 2026
jneisener
approved these changes
Jun 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the go group with 9 updates:
0.6.10.7.01.5.51.6.01.8.51.9.01.34.01.35.01.8.51.9.00.21.60.21.71.41.01.42.03.21.13.21.20.43.00.44.0Updates
github.com/cyphar/filepath-securejoinfrom 0.6.1 to 0.7.0Changelog
Sourced from github.com/cyphar/filepath-securejoin's changelog.
Commits
8096a95VERSION: release v0.7.01324ccbmerge #101 into cyphar/filepath-securejoin:maindd8f0bbdeps: bump to cyphar.com/go-pathrs@v0.2.5c9a7725gha: bump golangci-lint to v2.122e968bdMerge pull request #91 from cyphar/dependabot/github_actions/actions/download...2879148Merge pull request #90 from cyphar/dependabot/github_actions/actions/upload-a...07b805bbuild(deps): bump actions/download-artifact from 6 to 78507844build(deps): bump actions/upload-artifact from 5 to 6daef0cfMerge pull request #89 from cyphar/dependabot/github_actions/actions/checkout-695f8ea4build(deps): bump actions/checkout from 5 to 6Updates
github.com/fluxcd/helm-controller/apifrom 1.5.5 to 1.6.0Release notes
Sourced from github.com/fluxcd/helm-controller/api's releases.
Changelog
Sourced from github.com/fluxcd/helm-controller/api's changelog.
... (truncated)
Commits
363c849Merge pull request #1520 from fluxcd/release-v1.6.0c88ae15Release v1.6.06e467b9Add changelog entry for v1.6.0a2e22dfMerge pull request #1519 from fluxcd/source-controller-v1.9.067f9b81Upgrade source-controller API to v1.9.0a644069Merge pull request #1447 from Nordix/issue-87095f303bAdd documentation to helmreleases.md41a6f08Add condition on new tests68d284cAdd tests to e2e for chart name change upgradeeb95b9fUpdated for review commentsUpdates
github.com/fluxcd/kustomize-controller/apifrom 1.8.5 to 1.9.0Release notes
Sourced from github.com/fluxcd/kustomize-controller/api's releases.
Changelog
Sourced from github.com/fluxcd/kustomize-controller/api's changelog.
... (truncated)
Commits
5469138Merge pull request #1675 from fluxcd/release-v1.9.01b885f3Release v1.9.094d4688Add changelog entry for v1.9.09dfc5b3Merge pull request #1674 from fluxcd/source-controller-v1.9.07365c20Upgrade source-controller API to v1.9.077e3d98Merge pull request #1673 from yugstar/docs-sops-dotenv-type2bdabb9docs: fix SOPS store type for dotenv files (env -> dotenv)5b3449cMerge pull request #1672 from fluxcd/varsub-always6214269Introduce substituteStrategy: Always3e12665Merge pull request #1671 from fluxcd/strict-varsub-defaultUpdates
github.com/fluxcd/pkg/kustomizefrom 1.34.0 to 1.35.0Commits
ae10469Merge pull request #1246 from fluxcd/ks-always-subst2cd36cbkustomize: add tests for empty vars with strict sub and omitted withoutca2a7aakustomize: introduce option for always substitutingd884940Merge pull request #1245 from fluxcd/release-main741aab2Prepare for release84ae38cMerge pull request #1244 from fluxcd/improve-registry-authbf1b9c7auth/utils: ensure registry credentials are always freshUpdates
github.com/fluxcd/source-controller/apifrom 1.8.5 to 1.9.0Release notes
Sourced from github.com/fluxcd/source-controller/api's releases.
Changelog
Sourced from github.com/fluxcd/source-controller/api's changelog.
... (truncated)
Commits
57734acMerge pull request #2082 from fluxcd/release-v1.9.0565d3f0Release v1.9.063e7ba2Add changelog entry for v1.9.016e724eMerge pull request #2081 from fluxcd/update-pkg-deps/maine3d8a3fFix tests for lazy artifact registry credentialsd00344aUpdate fluxcd/pkg dependencies54f9f98Merge pull request #2080 from fluxcd/fix-hc-trusted-root1ecb593fix: remove unimplemented field from HelmChart CRDbed4f74Merge pull request #2079 from fluxcd/update-pkg-deps/main9ab0968Update fluxcd/pkg dependenciesUpdates
github.com/google/go-containerregistryfrom 0.21.6 to 0.21.7Release notes
Sourced from github.com/google/go-containerregistry's releases.
Commits
c68d899Bump go version to 1.26.4 (#2350)da61d86transport: do not re-attach bearer token after cross-host redirect (#2349)09fe1e5fix(tarball): normalize paths when matching files (#2334)5baa399build(deps): bump the go-deps group across 3 directories with 4 updates (#2348)97a8a17fix(transport): apply refreshed bearer token after cross-host redirect (#2337)e963497internal/gzip: fix goroutine leak in ReadCloserLevel (#2347)02649eafix: prevent SSRF in google.List() pagination (#2332)7204b40build(deps): bump the actions group across 1 directory with 2 updates (#2344)4cfaa93build(deps): bump the go-deps group across 1 directory with 2 updates (#2343)6849394pkg/registry: export RedirectError (#2177)Updates
github.com/onsi/gomegafrom 1.41.0 to 1.42.0Release notes
Sourced from github.com/onsi/gomega's releases.
Changelog
Sourced from github.com/onsi/gomega's changelog.
Commits
35ca084v1.42.0d72697bv1.42.0 (full)1f95d86add a set of claude skills as a marketplace pluginUpdates
helm.sh/helm/v3from 3.21.1 to 3.21.2Release notes
Sourced from helm.sh/helm/v3's releases.
Commits
1259634chore(deps): bump the k8s-io group with 2 updatesb52e276fixes3342dbfchore(deps): bump the k8s-io group across 1 directory with 2 updatesUpdates
ocm.software/ocmfrom 0.43.0 to 0.44.0Release notes
Sourced from ocm.software/ocm's releases.
... (truncated)
Commits
0d30a2fchore: update 'flake.nix' (#1984)c666a61chore(deps): bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 (#1965)d41adbafix(tests): replace AddGlob with AddWithOptions to fix go-git v5.19.1… (#1983)5b88451chore: remove blackduck workflow call (#1980)fb4a954chore: update 'flake.nix' (#1977)938bb3echore(deps): bump github.com/containerd/containerd/v2 from 2.3.0 to 2.3.1 (#1...78a7295chore: remove blackduck (#1975)de5284fchore: use github environment (#1976)37075fachore(deps): bump docker/setup-qemu-action from 4.0.0 to 4.1.0 in the ci grou...b1a749afix: pin ocm cli v2 (#1978)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions