ci: Bump actions versions and pin them to SHAs #129

yiannistri · 2023-11-09T19:36:43Z

What changed?

Bumped the following:

actions/checkout@v3 to v4.1.1
actions/setup-go@v4 to v4.1.0
docker/[email protected] to v3.0.0
docker/[email protected] to v5.0.0
docker/[email protected] to v5.0.0

Following best practices guidance from https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

Has Docs if any changes are user facing, including updates to minimum requirements e.g. Kubernetes version bumps.
Has Tests included if any functionality added or changed.
Has an Example if the change requires configuration to use.
Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings).
Release notes contains the string "action required" if the change requires additional action from users switching to the new release.

For new Generators the above notes apply, with the following additional items:

The Generator has been added to the Matrix generator's GitOpsSetNestedGenerator, this should be done by default unless there's some reason it doesn't work.
The Generator has been added to the list of configurable Generators, if you do not, the generator cannot be enabled!
If the Generator depends on Kubernetes resources, a Watch has been added to track changes to the resources in the controller.

Release Notes

NONE

bigkevmcd · 2023-11-10T09:12:59Z

Do we need to pin these to SHAs?

yiannistri · 2023-11-10T09:50:36Z

@bigkevmcd I went for the safer option for now but if you think this is overkill because certain creators can be trusted, I can change it to use tags.

bigkevmcd · 2023-11-10T09:52:38Z

@bigkevmcd I went for the safer option for now but if you think this is overkill because certain creators can be trusted, I can change it to use tags.

So, introducing SHAs adds a cost, because we need to bump the SHAs.

We haven't done a security audit of the versions we're running just now, and we're using the GitHub and Docker actions...which should be fairly safe?

yiannistri · 2023-11-10T12:01:24Z

Indeed, I've been looking at our (frequently updated) repos with the aim to create a list of the Actions we use and audit them. By audit, I mean that I have reviewed their code to ensure that they handle tokens/credentials safely. My primary concern was third-party actions by individual contributors but I've gone through all of them in https://www.notion.so/weaveworks/GitHub-Actions-audit-3acd71371d5642d4aa35c5db204b23d6 .

Regarding bumping the SHAs, what do you think about configuring dependabot to do that for us? Would that alleviate your concern?

bigkevmcd · 2023-11-10T12:03:47Z

Regarding bumping the SHAs, what do you think about configuring dependabot to do that for us? Would that alleviate your concern?

Yes! way better idea!

I just don't want us to pay to update all of them over and over.

I'm not entirely convinced that we need SHAs, but dependabot will do.

bigkevmcd · 2023-11-10T13:45:48Z

Thanks!

Bumps [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/fluxcd/source-controller/releases) - [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md) - [Commits](fluxcd/source-controller@v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/fluxcd/source-controller/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump k8s.io/client-go from 0.28.4 to 0.29.2 Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.28.4 to 0.29.2. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.28.4...v0.29.2) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump dependencies to 0.29. * Bump sigs.k8s.io/controller-runtime from 0.16.3 to 0.17.1 Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.16.3 to 0.17.1. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.16.3...v0.17.1) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump the Go version in the GitHub action. Fix the Dockerfile - default the Target arch * Fix up the Dockerfile. Strip out vendoring and fix the ci task. * Update Dockerfile Bump to Docker 1.21 * Rename the packages to gitops.pro. This drops the weave.works package. Bump the Dockerfile to use Go 1.21. * Switch out the reviewer. * Bump docker/metadata-action from 5.5.0 to 5.5.1 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.5.0 to 5.5.1. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/dbef88086f6cef02e264edb7dbf63250c17cef6c...8e5442c4ef9f78752691e2d8f8d19755c6f78e81) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump github.com/fluxcd/kustomize-controller/api from 1.2.1 to 1.2.2 Bumps [github.com/fluxcd/kustomize-controller/api](https://github.com/fluxcd/kustomize-controller) from 1.2.1 to 1.2.2. - [Release notes](https://github.com/fluxcd/kustomize-controller/releases) - [Changelog](https://github.com/fluxcd/kustomize-controller/blob/main/CHANGELOG.md) - [Commits](https://github.com/fluxcd/kustomize-controller/compare/v1.2.1...v1.2.2) --- updated-dependencies: - dependency-name: github.com/fluxcd/kustomize-controller/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump github.com/fluxcd/image-reflector-controller/api Bumps [github.com/fluxcd/image-reflector-controller/api](https://github.com/fluxcd/image-reflector-controller) from 0.31.1 to 0.31.2. - [Release notes](https://github.com/fluxcd/image-reflector-controller/releases) - [Changelog](https://github.com/fluxcd/image-reflector-controller/blob/main/CHANGELOG.md) - [Commits](https://github.com/fluxcd/image-reflector-controller/compare/v0.31.1...v0.31.2) --- updated-dependencies: - dependency-name: github.com/fluxcd/image-reflector-controller/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump sigs.k8s.io/controller-runtime from 0.17.1 to 0.17.2 Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.17.1 to 0.17.2. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.17.1...v0.17.2) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Fix tests to not include e2e by default. * Move the generators out from the rendering package. * Execute the e2e tests separately. * Bump github.com/fluxcd/pkg/runtime from 0.43.3 to 0.44.1 Bumps [github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg) from 0.43.3 to 0.44.1. - [Commits](https://github.com/fluxcd/pkg/compare/runtime/v0.43.3...runtime/v0.44.1) --- updated-dependencies: - dependency-name: github.com/fluxcd/pkg/runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump docker/build-push-action from 5.1.0 to 5.2.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.1.0 to 5.2.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/4a13e500e55cf31b7a5d59a38ab2040ab0f42f56...af5a7ed5ba88268d5278f7203fb52cd833f66d6e) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Update dependabot.yml * Bump github.com/jenkins-x/go-scm from 1.14.21 to 1.14.26 Bumps [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) from 1.14.21 to 1.14.26. - [Release notes](https://github.com/jenkins-x/go-scm/releases) - [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md) - [Commits](https://github.com/jenkins-x/go-scm/compare/v1.14.21...v1.14.26) --- updated-dependencies: - dependency-name: github.com/jenkins-x/go-scm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump actions/checkout from 4.1.1 to 4.1.2 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/b4ffde65f46336ab88eb53be808477a3936bae11...9bb56186c3b09b4f86b1c65136769dd318469633) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump github.com/fluxcd/pkg/http/fetch from 0.8.0 to 0.9.0 Bumps [github.com/fluxcd/pkg/http/fetch](https://github.com/fluxcd/pkg) from 0.8.0 to 0.9.0. - [Commits](https://github.com/fluxcd/pkg/compare/git/v0.8.0...git/v0.9.0) --- updated-dependencies: - dependency-name: github.com/fluxcd/pkg/http/fetch dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump go.uber.org/zap from 1.26.0 to 1.27.0 Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.26.0 to 1.27.0. - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](https://github.com/uber-go/zap/compare/v1.26.0...v1.27.0) --- updated-dependencies: - dependency-name: go.uber.org/zap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump github.com/fluxcd/source-controller/api from 1.2.3 to 1.2.4 Bumps [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/fluxcd/source-controller/releases) - [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md) - [Commits](https://github.com/fluxcd/source-controller/compare/v1.2.3...v1.2.4) --- updated-dependencies: - dependency-name: github.com/fluxcd/source-controller/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump docker/login-action from 3.0.0 to 3.1.0 Bumps [docker/login-action](https://github.com/docker/login-action) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/343f7c4344506bcbf9b4de18042ae17996df046d...e92390c5fb421da1463c202d546fed0ec5c39f20) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump docker/build-push-action from 5.2.0 to 5.3.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/af5a7ed5ba88268d5278f7203fb52cd833f66d6e...2cdde995de11925a030ce8070c3d77a52ffcf1c0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump k8s.io/apimachinery from 0.29.2 to 0.29.3 Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.29.2 to 0.29.3. - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.29.2...v0.29.3) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump k8s.io/api from 0.29.2 to 0.29.3 Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.29.2 to 0.29.3. - [Commits](https://github.com/kubernetes/api/compare/v0.29.2...v0.29.3) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump k8s.io/client-go from 0.29.2 to 0.29.3 Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.29.2 to 0.29.3. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.29.2...v0.29.3) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump the envtest version. Remove unused GVK. Don't return a Requeue _and_ possibly an error when reconciling. * Bump k8s.io/apiextensions-apiserver from 0.29.2 to 0.29.3 Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.29.2 to 0.29.3. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.29.2...v0.29.3) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump github.com/onsi/gomega from 1.31.1 to 1.32.0 Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.31.1 to 1.32.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.31.1...v1.32.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump github.com/gitops-tools/pkg from 0.1.0 to 0.2.0 Bumps [github.com/gitops-tools/pkg](https://github.com/gitops-tools/pkg) from 0.1.0 to 0.2.0. - [Commits](https://github.com/gitops-tools/pkg/compare/v0.1.0...v0.2.0) --- updated-dependencies: - dependency-name: github.com/gitops-tools/pkg dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump github.com/jenkins-x/go-scm from 1.14.26 to 1.14.29 Bumps [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) from 1.14.26 to 1.14.29. - [Release notes](https://github.com/jenkins-x/go-scm/releases) - [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md) - [Commits](https://github.com/jenkins-x/go-scm/compare/v1.14.26...v1.14.29) --- updated-dependencies: - dependency-name: github.com/jenkins-x/go-scm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Update flux fetch package to v0.10.0 (#31) Update dependencies: * Update flux fetch package to v0.10.0 * Bump Actions version of Go to 1.22.2. * Bump the Dockerfile base image to Go 1.22 * Bump github.com/fluxcd/pkg/apis/meta from 1.3.0 to 1.4.0 (#28) Bumps [github.com/fluxcd/pkg/apis/meta](https://github.com/fluxcd/pkg) from 1.3.0 to 1.4.0. - [Commits](https://github.com/fluxcd/pkg/compare/apis/meta/v1.3.0...apis/meta/v1.4.0) --- updated-dependencies: - dependency-name: github.com/fluxcd/pkg/apis/meta dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/pkg/apis/event from 0.7.0 to 0.8.0 (#29) Bumps [github.com/fluxcd/pkg/apis/event](https://github.com/fluxcd/pkg) from 0.7.0 to 0.8.0. - [Commits](https://github.com/fluxcd/pkg/compare/git/v0.7.0...git/v0.8.0) --- updated-dependencies: - dependency-name: github.com/fluxcd/pkg/apis/event dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/pkg/runtime from 0.44.1 to 0.46.0 (#30) Bumps [github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg) from 0.44.1 to 0.46.0. - [Commits](https://github.com/fluxcd/pkg/compare/runtime/v0.44.1...runtime/v0.46.0) --- updated-dependencies: - dependency-name: github.com/fluxcd/pkg/runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/source-controller/api from 1.2.4 to 1.2.5 (#32) Bumps [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller) from 1.2.4 to 1.2.5. - [Release notes](https://github.com/fluxcd/source-controller/releases) - [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md) - [Commits](https://github.com/fluxcd/source-controller/compare/v1.2.4...v1.2.5) --- updated-dependencies: - dependency-name: github.com/fluxcd/source-controller/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigs.k8s.io/controller-runtime from 0.17.2 to 0.17.3 (#33) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.17.2 to 0.17.3. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.17.2...v0.17.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump k8s.io/apimachinery from 0.29.3 to 0.30.0 (#38) * Bump k8s.io/apimachinery from 0.29.3 to 0.30.0 Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.29.3 to 0.30.0. - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.29.3...v0.30.0) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Update go.mod for deps. --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin McDermott <[email protected]> * Bump k8s.io/api from 0.29.3 to 0.30.0 (#39) Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.29.3 to 0.30.0. - [Commits](https://github.com/kubernetes/api/compare/v0.29.3...v0.30.0) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/onsi/gomega from 1.32.0 to 1.33.0 (#42) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.32.0 to 1.33.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.32.0...v1.33.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 4.1.2 to 4.1.3 (#43) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.2 to 4.1.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/9bb56186c3b09b4f86b1c65136769dd318469633...1d96c772d19495a3b5c517cd2bc0cb401ea0529f) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/jenkins-x/go-scm from 1.14.29 to 1.14.30 (#34) Bumps [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) from 1.14.29 to 1.14.30. - [Release notes](https://github.com/jenkins-x/go-scm/releases) - [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md) - [Commits](https://github.com/jenkins-x/go-scm/compare/v1.14.29...v1.14.30) --- updated-dependencies: - dependency-name: github.com/jenkins-x/go-scm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigs.k8s.io/controller-runtime from 0.17.3 to 0.18.0 (#44) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.17.3 to 0.18.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.17.3...v0.18.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/pkg/runtime from 0.46.0 to 0.47.0 (#46) Bumps [github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg) from 0.46.0 to 0.47.0. - [Commits](https://github.com/fluxcd/pkg/compare/runtime/v0.46.0...runtime/v0.47.0) --- updated-dependencies: - dependency-name: github.com/fluxcd/pkg/runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/pkg/tar from 0.6.0 to 0.7.0 (#48) Bumps [github.com/fluxcd/pkg/tar](https://github.com/fluxcd/pkg) from 0.6.0 to 0.7.0. - [Commits](https://github.com/fluxcd/pkg/compare/git/v0.6.0...git/v0.7.0) --- updated-dependencies: - dependency-name: github.com/fluxcd/pkg/tar dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 4.1.3 to 4.1.4 (#49) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.3 to 4.1.4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/1d96c772d19495a3b5c517cd2bc0cb401ea0529f...0ad4b8fadaa221de15dcec353f45205ec38ea70b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/pkg/http/fetch from 0.10.0 to 0.11.0 (#50) Bumps [github.com/fluxcd/pkg/http/fetch](https://github.com/fluxcd/pkg) from 0.10.0 to 0.11.0. - [Commits](https://github.com/fluxcd/pkg/compare/git/v0.10.0...git/v0.11.0) --- updated-dependencies: - dependency-name: github.com/fluxcd/pkg/http/fetch dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/onsi/gomega from 1.33.0 to 1.33.1 (#51) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.33.0 to 1.33.1. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.33.0...v1.33.1) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigs.k8s.io/controller-runtime from 0.18.0 to 0.18.1 (#52) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.18.0 to 0.18.1. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.18.0...v0.18.1) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/pkg/runtime from 0.47.0 to 0.47.1 (#53) Bumps [github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg) from 0.47.0 to 0.47.1. - [Commits](https://github.com/fluxcd/pkg/compare/runtime/v0.47.0...runtime/v0.47.1) --- updated-dependencies: - dependency-name: github.com/fluxcd/pkg/runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/jenkins-x/go-scm from 1.14.30 to 1.14.34 (#55) Bumps [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) from 1.14.30 to 1.14.34. - [Release notes](https://github.com/jenkins-x/go-scm/releases) - [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md) - [Commits](https://github.com/jenkins-x/go-scm/compare/v1.14.30...v1.14.34) --- updated-dependencies: - dependency-name: github.com/jenkins-x/go-scm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/cyphar/filepath-securejoin from 0.2.4 to 0.2.5 (#54) Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.4 to 0.2.5. - [Release notes](https://github.com/cyphar/filepath-securejoin/releases) - [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.2.4...v0.2.5) --- updated-dependencies: - dependency-name: github.com/cyphar/filepath-securejoin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/kustomize-controller/api from 1.2.2 to 1.3.0 (#56) Bumps [github.com/fluxcd/kustomize-controller/api](https://github.com/fluxcd/kustomize-controller) from 1.2.2 to 1.3.0. - [Release notes](https://github.com/fluxcd/kustomize-controller/releases) - [Changelog](https://github.com/fluxcd/kustomize-controller/blob/main/CHANGELOG.md) - [Commits](https://github.com/fluxcd/kustomize-controller/compare/v1.2.2...v1.3.0) --- updated-dependencies: - dependency-name: github.com/fluxcd/kustomize-controller/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/source-controller/api from 1.2.5 to 1.3.0 (#57) Bumps [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller) from 1.2.5 to 1.3.0. - [Release notes](https://github.com/fluxcd/source-controller/releases) - [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md) - [Commits](https://github.com/fluxcd/source-controller/compare/v1.2.5...v1.3.0) --- updated-dependencies: - dependency-name: github.com/fluxcd/source-controller/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/setup-go from 5.0.0 to 5.0.1 (#59) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/0c52d547c9bc32b1aa3301fd7a9cb496313a4491...cdcb36043654635271a94b9a6d1392de5bb323a7) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 4.1.4 to 4.1.5 (#60) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.4 to 4.1.5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/0ad4b8fadaa221de15dcec353f45205ec38ea70b...44c2b7a8a4ea60a981eaca3cf939b5f4305c123b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/image-reflector-controller/api (#58) Bumps [github.com/fluxcd/image-reflector-controller/api](https://github.com/fluxcd/image-reflector-controller) from 0.31.2 to 0.32.0. - [Release notes](https://github.com/fluxcd/image-reflector-controller/releases) - [Changelog](https://github.com/fluxcd/image-reflector-controller/blob/main/CHANGELOG.md) - [Commits](https://github.com/fluxcd/image-reflector-controller/compare/v0.31.2...v0.32.0) --- updated-dependencies: - dependency-name: github.com/fluxcd/image-reflector-controller/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigs.k8s.io/controller-runtime from 0.18.1 to 0.18.2 (#61) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.18.1 to 0.18.2. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.18.1...v0.18.2) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigs.k8s.io/cli-utils from 0.35.0 to 0.36.0 (#62) Bumps [sigs.k8s.io/cli-utils](https://github.com/kubernetes-sigs/cli-utils) from 0.35.0 to 0.36.0. - [Release notes](https://github.com/kubernetes-sigs/cli-utils/releases) - [Commits](https://github.com/kubernetes-sigs/cli-utils/compare/v0.35.0...v0.36.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/cli-utils dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump k8s.io/apimachinery from 0.30.0 to 0.30.1 (#63) Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.30.0 to 0.30.1. - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.30.0...v0.30.1) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump k8s.io/apiextensions-apiserver from 0.30.0 to 0.30.1 (#64) Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.30.0 to 0.30.1. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.30.0...v0.30.1) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/jenkins-x/go-scm from 1.14.34 to 1.14.35 (#67) Bumps [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) from 1.14.34 to 1.14.35. - [Release notes](https://github.com/jenkins-x/go-scm/releases) - [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md) - [Commits](https://github.com/jenkins-x/go-scm/compare/v1.14.34...v1.14.35) --- updated-dependencies: - dependency-name: github.com/jenkins-x/go-scm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * --- (#68) updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * --- (#69) updated-dependencies: - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigs.k8s.io/controller-runtime from 0.18.2 to 0.18.3 (#70) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.18.2 to 0.18.3. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.18.2...v0.18.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump docker/login-action from 3.1.0 to 3.2.0 (#71) Bumps [docker/login-action](https://github.com/docker/login-action) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/e92390c5fb421da1463c202d546fed0ec5c39f20...0d4c9c5ea7693da7b068278f7b52bda2a190a446) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigs.k8s.io/controller-runtime from 0.18.3 to 0.18.4 (#73) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.18.3 to 0.18.4. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.18.3...v0.18.4) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/jenkins-x/go-scm from 1.14.35 to 1.14.36 (#72) * Bump github.com/jenkins-x/go-scm from 1.14.35 to 1.14.36 Bumps [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) from 1.14.35 to 1.14.36. - [Release notes](https://github.com/jenkins-x/go-scm/releases) - [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md) - [Commits](https://github.com/jenkins-x/go-scm/compare/v1.14.35...v1.14.36) --- updated-dependencies: - dependency-name: github.com/jenkins-x/go-scm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Tidy the go.mod. --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin McDermott <[email protected]> * Bump github.com/jenkins-x/go-scm from 1.14.36 to 1.14.37 (#74) Bumps [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) from 1.14.36 to 1.14.37. - [Release notes](https://github.com/jenkins-x/go-scm/releases) - [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md) - [Commits](https://github.com/jenkins-x/go-scm/compare/v1.14.36...v1.14.37) --- updated-dependencies: - dependency-name: github.com/jenkins-x/go-scm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump docker/build-push-action from 5.3.0 to 5.4.0 (#75) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.3.0 to 5.4.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/2cdde995de11925a030ce8070c3d77a52ffcf1c0...ca052bb54ab0790a636c9b5f226502c73d547a25) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump k8s.io/apiextensions-apiserver from 0.30.1 to 0.30.2 (#76) Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.30.1 to 0.30.2. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.30.1...v0.30.2) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 4.1.6 to 4.1.7 (#81) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/a5ac7e51b41094c92402da3b24376905380afc29...692973e3d937129bcbf40652eb9f2f61becf3332) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump docker/build-push-action from 5.4.0 to 6.0.0 (#80) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.4.0 to 6.0.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/ca052bb54ab0790a636c9b5f226502c73d547a25...c382f710d39a5bb4e430307530a720f50c2d3318) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#83) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.8.0...v1.8.1) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump docker/build-push-action from 6.0.0 to 6.1.0 (#84) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.0.0 to 6.1.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/c382f710d39a5bb4e430307530a720f50c2d3318...31159d49c0d4756269a0940a750801a1ea5d7003) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump docker/build-push-action from 6.1.0 to 6.2.0 (#85) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.1.0 to 6.2.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/31159d49c0d4756269a0940a750801a1ea5d7003...15560696de535e4014efeff63c48f16952e52dd1) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigs.k8s.io/cli-utils from 0.36.0 to 0.37.0 * Bump sigs.k8s.io/cli-utils from 0.37.0 to 0.37.1 (#87) Bumps [sigs.k8s.io/cli-utils](https://github.com/kubernetes-sigs/cli-utils) from 0.37.0 to 0.37.1. - [Release notes](https://github.com/kubernetes-sigs/cli-utils/releases) - [Commits](https://github.com/kubernetes-sigs/cli-utils/compare/v0.37.0...v0.37.1) --- updated-dependencies: - dependency-name: sigs.k8s.io/cli-utils dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump docker/build-push-action from 6.2.0 to 6.3.0 (#88) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.2.0 to 6.3.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/15560696de535e4014efeff63c48f16952e52dd1...1a162644f9a7e87d8f4b053101d1d9a712edc18c) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigs.k8s.io/cli-utils from 0.37.1 to 0.37.2 (#90) Bumps [sigs.k8s.io/cli-utils](https://github.com/kubernetes-sigs/cli-utils) from 0.37.1 to 0.37.2. - [Release notes](https://github.com/kubernetes-sigs/cli-utils/releases) - [Commits](https://github.com/kubernetes-sigs/cli-utils/compare/v0.37.1...v0.37.2) --- updated-dependencies: - dependency-name: sigs.k8s.io/cli-utils dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/cyphar/filepath-securejoin from 0.2.5 to 0.3.0 (#91) Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.5 to 0.3.0. - [Release notes](https://github.com/cyphar/filepath-securejoin/releases) - [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.2.5...v0.3.0) --- updated-dependencies: - dependency-name: github.com/cyphar/filepath-securejoin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/setup-go from 5.0.1 to 5.0.2 (#93) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.1 to 5.0.2. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/cdcb36043654635271a94b9a6d1392de5bb323a7...0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump docker/build-push-action from 6.3.0 to 6.4.0 (#92) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.3.0 to 6.4.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/1a162644f9a7e87d8f4b053101d1d9a712edc18c...a254f8ca60a858f3136a2f1f23a60969f2c402dd) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/jenkins-x/go-scm from 1.14.37 to 1.14.39 (#94) Bumps [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) from 1.14.37 to 1.14.39. - [Release notes](https://github.com/jenkins-x/go-scm/releases) - [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md) - [Commits](https://github.com/jenkins-x/go-scm/compare/v1.14.37...v1.14.39) --- updated-dependencies: - dependency-name: github.com/jenkins-x/go-scm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump k8s.io/client-go from 0.30.2 to 0.30.3 (#99) Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.30.2 to 0.30.3. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.30.2...v0.30.3) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump k8s.io/apiextensions-apiserver from 0.30.2 to 0.30.3 (#98) Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.30.2 to 0.30.3. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.30.2...v0.30.3) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump docker/build-push-action from 6.4.0 to 6.5.0 (#101) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.4.0 to 6.5.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/a254f8ca60a858f3136a2f1f23a60969f2c402dd...5176d81f87c23d6fc96624dfdbcd9f3830bbe445) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump docker/login-action from 3.2.0 to 3.3.0 (#100) Bumps [docker/login-action](https://github.com/docker/login-action) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/0d4c9c5ea7693da7b068278f7b52bda2a190a446...9780b0c442fbb1117ed29e0efdff1e18412f7567) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/cyphar/filepath-securejoin from 0.3.0 to 0.3.1 (#103) Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.3.0 to 0.3.1. - [Release notes](https://github.com/cyphar/filepath-securejoin/releases) - [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md) - [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.3.0...v0.3.1) --- updated-dependencies: - dependency-name: github.com/cyphar/filepath-securejoin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/jenkins-x/go-scm from 1.14.39 to 1.14.41 (#102) Bumps [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) from 1.14.39 to 1.14.41. - [Release notes](https://github.com/jenkins-x/go-scm/releases) - [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md) - [Commits](https://github.com/jenkins-x/go-scm/compare/v1.14.39...v1.14.41) --- updated-dependencies: - dependency-name: github.com/jenkins-x/go-scm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/onsi/gomega from 1.33.1 to 1.34.0 (#104) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.33.1 to 1.34.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.33.1...v1.34.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/onsi/gomega from 1.34.0 to 1.34.1 (#105) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.34.0 to 1.34.1. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.34.0...v1.34.1) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigs.k8s.io/controller-runtime from 0.18.4 to 0.18.5 (#108) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.18.4 to 0.18.5. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.18.4...v0.18.5) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump docker/build-push-action from 6.5.0 to 6.6.1 (#107) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.5.0 to 6.6.1. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/5176d81f87c23d6fc96624dfdbcd9f3830bbe445...16ebe778df0e7752d2cfcbd924afdbbd89c1a755) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/pkg/tar from 0.7.0 to 0.8.0 (#112) Bumps [github.com/fluxcd/pkg/tar](https://github.com/fluxcd/pkg) from 0.7.0 to 0.8.0. - [Commits](https://github.com/fluxcd/pkg/compare/git/v0.7.0...git/v0.8.0) --- updated-dependencies: - dependency-name: github.com/fluxcd/pkg/tar dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/pkg/http/fetch from 0.11.0 to 0.12.0 (#113) Bumps [github.com/fluxcd/pkg/http/fetch](https://github.com/fluxcd/pkg) from 0.11.0 to 0.12.0. - [Commits](https://github.com/fluxcd/pkg/compare/git/v0.11.0...git/v0.12.0) --- updated-dependencies: - dependency-name: github.com/fluxcd/pkg/http/fetch dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump k8s.io/client-go from 0.30.3 to 0.31.0 (#109) * Bump k8s.io/client-go from 0.30.3 to 0.31.0 Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.30.3 to 0.31.0. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.30.3...v0.31.0) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Fix up the dependencies. * Update the docs. --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin McDermott <[email protected]> * Bump docker/build-push-action from 6.6.1 to 6.7.0 (#114) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.6.1 to 6.7.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/16ebe778df0e7752d2cfcbd924afdbbd89c1a755...5cd11c3a4ced054e52742c5fd54dca954e0edd85) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/onsi/gomega from 1.34.1 to 1.34.2 (#116) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.34.1 to 1.34.2. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.34.1...v1.34.2) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 (#117) Bumps [github.com/Masterminds/sprig/v3](https://github.com/Masterminds/sprig) from 3.2.3 to 3.3.0. - [Release notes](https://github.com/Masterminds/sprig/releases) - [Changelog](https://github.com/Masterminds/sprig/blob/master/CHANGELOG.md) - [Commits](https://github.com/Masterminds/sprig/compare/v3.2.3...v3.3.0) --- updated-dependencies: - dependency-name: github.com/Masterminds/sprig/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump k8s.io/apimachinery from 0.31.0 to 0.31.1 (#118) Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.31.0 to 0.31.1. - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.31.0...v0.31.1) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump k8s.io/apiextensions-apiserver from 0.31.0 to 0.31.1 (#119) Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.31.0 to 0.31.1. - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.31.0...v0.31.1) --- updated-dependencies: - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/pkg/apis/event from 0.10.0 to 0.10.1 (#125) Bumps [github.com/fluxcd/pkg/apis/event](https://github.com/fluxcd/pkg) from 0.10.0 to 0.10.1. - [Commits](https://github.com/fluxcd/pkg/compare/git/v0.10.0...runtime/v0.10.1) --- updated-dependencies: - dependency-name: github.com/fluxcd/pkg/apis/event dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/cyphar/filepath-securejoin from 0.3.1 to 0.3.2 (#124) Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.3.1 to 0.3.2. - [Release notes](https://github.com/cyphar/filepath-securejoin/releases) - [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md) - [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.3.1...v0.3.2) --- updated-dependencies: - dependency-name: github.com/cyphar/filepath-securejoin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/pkg/apis/meta from 1.6.0 to 1.6.1 (#123) Bumps [github.com/fluxcd/pkg/apis/meta](https://github.com/fluxcd/pkg) from 1.6.0 to 1.6.1. - [Commits](https://github.com/fluxcd/pkg/compare/apis/meta/v1.6.0...apis/meta/v1.6.1) --- updated-dependencies: - dependency-name: github.com/fluxcd/pkg/apis/meta dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/pkg/http/fetch from 0.12.0 to 0.12.1 (#122) Bumps [github.com/fluxcd/pkg/http/fetch](https://github.com/fluxcd/pkg) from 0.12.0 to 0.12.1. - [Commits](https://github.com/fluxcd/pkg/compare/git/v0.12.0...git/v0.12.1) --- updated-dependencies: - dependency-name: github.com/fluxcd/pkg/http/fetch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/pkg/tar from 0.8.0 to 0.8.1 (#127) Bumps [github.com/fluxcd/pkg/tar](https://github.com/fluxcd/pkg) from 0.8.0 to 0.8.1. - [Commits](https://github.com/fluxcd/pkg/compare/git/v0.8.0...ssh/v0.8.1) --- updated-dependencies: - dependency-name: github.com/fluxcd/pkg/tar dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/pkg/runtime from 0.49.0 to 0.49.1 (#126) Bumps [github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg) from 0.49.0 to 0.49.1. - [Commits](https://github.com/fluxcd/pkg/compare/runtime/v0.49.0...runtime/v0.49.1) --- updated-dependencies: - dependency-name: github.com/fluxcd/pkg/runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/source-controller/api from 1.3.0 to 1.4.0 (#128) Bumps [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller) from 1.3.0 to 1.4.0. - [Release notes](https://github.com/fluxcd/source-controller/releases) - [Changelog](https://github.com/fluxcd/source-controller/blob/v1.4.0/CHANGELOG.md) - [Commits](https://github.com/fluxcd/source-controller/compare/v1.3.0...v1.4.0) --- updated-dependencies: - dependency-name: github.com/fluxcd/source-controller/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/source-controller/api from 1.4.0 to 1.4.1 (#129) Bumps [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller) from 1.4.0 to 1.4.1. - [Release notes](https://github.com/fluxcd/source-controller/releases) - [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md) - [Commits](https://github.com/fluxcd/source-controller/compare/v1.4.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/fluxcd/source-controller/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/image-reflector-controller/api (#130) Bumps [github.com/fluxcd/image-reflector-controller/api](https://github.com/fluxcd/image-reflector-controller) from 0.32.0 to 0.33.0. - [Release notes](https://github.com/fluxcd/image-reflector-controller/releases) - [Changelog](https://github.com/fluxcd/image-reflector-controller/blob/main/CHANGELOG.md) - [Commits](https://github.com/fluxcd/image-reflector-controller/compare/v0.32.0...v0.33.0) --- updated-dependencies: - dependency-name: github.com/fluxcd/image-reflector-controller/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump github.com/fluxcd/kustomize-controller/api from 1.3.0 to 1.4.0 (#131) Bumps [github.com/fluxcd/kustomize-controller/api](https://github.com/fluxcd/kustomize-controller) from 1.3.0 to 1.4.0. - [Release notes](https://github.com/fluxcd/kustomize-controller/releases) - [Changelog](https://github.com/fluxcd/kustomize-controller/blob/main/CHANGELOG.md) - [Commits](https://github.com/fluxcd/kustomize-controller/compare/v1.3.0...v1.4.0) --- updated-dependencies: - dependency-name: github.com/fluxcd/kustomize-controller/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump docker/build-push-action from 6.7.0 to 6.9.0 (#133) Bumps [docker/build-push-action](https://githu…

ci: Bump actions versions and pin them to SHAs

194a7cc

yiannistri requested a review from foot November 9, 2023 19:36

foot approved these changes Nov 10, 2023

View reviewed changes

ci: Added weekly check of GitHub Actions dependencies

9790bd6

yiannistri merged commit 4883597 into main Nov 10, 2023

yiannistri deleted the pin-actions-sha branch November 10, 2023 13:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ci: Bump actions versions and pin them to SHAs #129

ci: Bump actions versions and pin them to SHAs #129

Uh oh!

yiannistri commented Nov 9, 2023

Uh oh!

bigkevmcd commented Nov 10, 2023

Uh oh!

yiannistri commented Nov 10, 2023

Uh oh!

bigkevmcd commented Nov 10, 2023

Uh oh!

yiannistri commented Nov 10, 2023

Uh oh!

bigkevmcd commented Nov 10, 2023

Uh oh!

bigkevmcd commented Nov 10, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

ci: Bump actions versions and pin them to SHAs #129

ci: Bump actions versions and pin them to SHAs #129

Uh oh!

Conversation

yiannistri commented Nov 9, 2023

Release Notes

Uh oh!

bigkevmcd commented Nov 10, 2023

Uh oh!

yiannistri commented Nov 10, 2023

Uh oh!

bigkevmcd commented Nov 10, 2023

Uh oh!

yiannistri commented Nov 10, 2023

Uh oh!

bigkevmcd commented Nov 10, 2023

Uh oh!

bigkevmcd commented Nov 10, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants