Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the flux-deps group with 1 update #118

Merged
merged 1 commit into from
Dec 8, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 6, 2023

Bumps the flux-deps group with 1 update: github.com/fluxcd/source-controller/api.

Updates github.com/fluxcd/source-controller/api from 1.1.2 to 1.2.0

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.2.0

Changelog

v1.2.0 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.2.0
  • ghcr.io/fluxcd/source-controller:v1.2.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.2.0

Release date: 2023-12-05

This minor release comes with API changes, bug fixes and several new features.

Bucket

A new field, .spec.prefix, has been added to the Bucket API, which enables server-side filtering of files if the object's .spec.provider is set to generic/aws/gcp.

OCIRepository and HelmChart

Two new fields, .spec.verify.matchOIDCIdentity.issuer and .spec.verify.matchOIDCIdentity.subject have been added to the HelmChart and OCIRepository APIs. If the image has been keylessly signed via Cosign, these fields can be used to verify the OIDC issuer of the Fulcio certificate and the OIDC identity's subject respectively.

HelmRepository

A new boolean field, .spec.insecure, has been introduced to the HelmRepository API, which allows connecting to a non-TLS HTTP container registry. It is only considered if the object's .spec.type is set to oci.

From this release onwards, HelmRepository objects of type OCI are treated as static objects, i.e. they have an empty status. Existing objects undergo a one-time automatic migration and new objects will be undergo a one-time reconciliation to remove any status fields.

Additionally, the controller now performs a shallow clone if the .spec.ref.name of the GitRepository object points to a branch or a tag.

Furthermore, a bug has been fixed, where the controller would try to authenticate against public OCI registries if the HelmRepository object has a reference to a Secret containing a CA certificate.

Lastly, dependencies have been updated to their latest version, including an update of Kubernetes to v1.28.4.

Fixes:

  • Address miscellaneous issues throughout code base #1257
  • helmrepo: only configure tls login option when required #1289
  • oci: rename OCIChartRepository.insecure to insecureHTTP #1299
  • Use bitnami Minio oci chart for e2e #1301

... (truncated)

Commits
  • 452c308 Merge pull request #1305 from fluxcd/release-v1.2.0
  • 8700ca9 Release v1.2.0
  • 677b62b Add changelog entry for v1.2.0
  • 00a71ad Merge pull request #1304 from fluxcd/update-deps
  • 2c6bd26 Update Go dependencies
  • 1a51af2 Merge pull request #1303 from fluxcd/dependabot/github_actions/ci-6a3fdc2cae
  • e2da8c5 build(deps): bump the ci group with 1 update
  • 2659568 Merge pull request #1300 from fluxcd/go-git-v5.10.1
  • 7df2d25 Update Git dependencies
  • 41c44b7 Merge pull request #1301 from somtochiama/fix-minio-chart
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 6, 2023
@dependabot dependabot bot force-pushed the dependabot/go_modules/flux-deps-24c8f52c3d branch from 8298243 to 42903d9 Compare December 8, 2023 03:58
Bumps the flux-deps group with 1 update: [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller).

- [Release notes](https://github.com/fluxcd/source-controller/releases)
- [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/source-controller@v1.1.2...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/fluxcd/source-controller/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: flux-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@makkes makkes force-pushed the dependabot/go_modules/flux-deps-24c8f52c3d branch from 42903d9 to 9bf986f Compare December 8, 2023 11:06
@makkes makkes merged commit e7af1cf into main Dec 8, 2023
2 checks passed
@makkes makkes deleted the dependabot/go_modules/flux-deps-24c8f52c3d branch December 8, 2023 11:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant