chore(deps): bump kustomize from v5.7.1 to v5.8.0

[renovate]

This PR contains the following updates:

Package	Update	Change
kustomize	minor	5.7.1 -> 5.8.0

---

Warning

Deprecated preset: Kong/public-shared-renovate:backend

Your config references a deprecated preset. To prevent disruption, this file now builds on the org default (Kong/public-shared-renovate) and layers a few backend-specific tweaks so behavior stays close to the historical backend configuration.

What's different from the default

• Early Monday schedule windows (schedule:earlyMondays)
• Automerge disabled for all updates (:automergeDisabled)
• Renovate rate limiting disabled (:disableRateLimiting)
• Standardized commit messages (semantic type chore and clear bump from → to subjects)

Recommended migration

Prefer switching to the default preset and applying only the bits you still need locally. Example configuration to replicate this preset's behavior on top of the default:

{
  "extends": [
    "Kong/public-shared-renovate",
    "schedule:earlyMondays",
    ":automergeDisabled",
    ":disableRateLimiting",
    ":semanticCommitTypeAll(chore)"
  ],
  "packageRules": [
    {
      "matchPackageNames": ["*"],
      "commitMessageAction": "bump",
      "commitMessageLowerCase": "never",
      "commitMessageTopic": "kustomize",
      "commitMessageExtra": "from v5.7.1 to v5.8.0"
    }
  ]
}

Timeline

This compatibility alias will be removed in January 2026. Please migrate to the default preset with local overrides before then.

---

Warning

Deprecated preset: Kong/public-shared-renovate:security-extended

Your config references a deprecated preset. To prevent disruption, this file temporarily acts as a compatibility alias.

It has been replaced by composing the base security preset with security overrides for labels and reviewers.

Action required

Update your Renovate config to extend directly from Kong/public-shared-renovate//security/base and the overrides for labels and reviewers.

Examples

Before:

{ "extends": ["Kong/public-shared-renovate:security-extended(security,team:security-managers)"] }

After:

{
  "extends": [
    "Kong/public-shared-renovate//security/base",
    "Kong/public-shared-renovate//overrides/security-labels(security)",
    "Kong/public-shared-renovate//overrides/security-reviewers(team:security-managers)"
  ]
}

Timeline

This alias will be removed in January 2026.

---

Release Notes

kubernetes-sigs/kustomize (kustomize)

v5.8.0

Compare Source

Highlights

implements to replacements value in the structured data

Now, We can edit yaml/json in yaml manifests with replacements transformer.
See #​5679

For example

## source
apiVersion: v1
kind: ConfigMap
metadata:
  name: source-configmap
data:
  HOSTNAME: www.example.com
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: target-configmap
data:
  config.json: |-
    {"config": {
      "id": "42",
      "hostname": "REPLACE_TARGET_HOSTNAME"
    }}

## replacement
replacements:
- source:
    kind: ConfigMap
    name: source-configmap
    fieldPath: data.HOSTNAME
  targets:
  - select:
      kind: ConfigMap
      name: target-configmap
    fieldPaths:
    - data.config\.json.config.hostname

fix: Propagate Namespace correctly to Helm

The long-standing bug where kustomize's namespace transformer did not pass namespaces to helmCharts has been fixed.
See #​5940

For example

## define namespace
namespace: any-namespace

helmCharts:
- name: minecraft
  repo: https://kubernetes-charts.storage.googleapis.com
  version: v1.2.0
  # namespace: any-namespace   ## propagates without additional namespace specific
  valuesFile: values.yaml

Feature

#​5679: implements to replacements value in the structured data
#​5863: Add regex support for Replacement selectors
#​5930: feat: add PatchArgs API type to populate patch options

fix

#​5940: fix: Propagate Namespace correctly to Helm
#​5971: fix: performance recession when propagating namespace to helm
#​5942: fix fnplugin storagemounts validation
#​5958: fix: make AbsorbAll conflict error more verbose
#​5961: refactor: nested format string
#​5967: Fix infinite loop in HTTP client by validating URLs before requests
#​5985: fix(kyaml/yaml): minor nil safety fix for RNode.Content etc
#​5991: Fix duplicate key error when adding multiple labels with --without-selector

Dependencies

#​5962: chore: update dependencies from security alert
#​5959: update go 1.24.6

chore

#​6007: Update kyaml to v0.21.0
#​6008: Update cmd/config to v0.21.0
#​6009: Update api to v0.21.0

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.