build(deps): bump the go group across 1 directory with 31 updates

Bumps the go group with 13 updates in the / directory:

Package	From	To
github.com/Masterminds/semver/v3	`3.2.1`	`3.3.0`
github.com/containers/image/v5	`5.23.0`	`5.32.2`
github.com/fluxcd/flux2/v2	`2.0.0-rc.3`	`2.3.0`
github.com/gabriel-vasile/mimetype	`1.4.3`	`1.4.5`
github.com/mandelsoft/vfs	`0.0.0-20230713123140-269aa4fb1338`	`0.4.3`
github.com/open-component-model/git-controller	`0.9.0`	`0.12.1`
github.com/open-component-model/mpas-project-controller	`0.4.0`	`0.6.1`
github.com/open-component-model/ocm-e2e-framework	`0.7.0`	`0.9.1`
github.com/open-component-model/replication-controller	`0.11.0`	`0.13.1`
github.com/oras-project/oras-credentials-go	`0.2.0`	`0.4.0`
github.com/spf13/cobra	`1.8.0`	`1.8.1`
sigs.k8s.io/cli-utils	`0.35.0`	`0.37.2`
sigs.k8s.io/e2e-framework	`0.2.0`	`0.4.0`

Updates github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.3.0

What's Changed

Fix: bad package in README by @sdelicata in Masterminds/semver#226

Updating the GitHub Actions and versions of Go used by @mattfarina in Masterminds/semver#229

Fix spelling in README by @robinschneider in Masterminds/semver#222

Adding go build cache to fuzz output by @mattfarina in Masterminds/semver#232

Add caching to fuzz testing by @mattfarina in Masterminds/semver#234

updating github actions by @mattfarina in Masterminds/semver#235

feat: nil version equality by @KnutZuidema in Masterminds/semver#213

add >= and <= by @grosser in Masterminds/semver#238

doc: hyphen range constraint without whitespace by @johnnychen94 in Masterminds/semver#216

Removing reference to vert by @mattfarina in Masterminds/semver#245

simplify StrictNewVersion by @grosser in Masterminds/semver#241

Updating the testing version of Go used by @mattfarina in Masterminds/semver#246

bumping min version in go.mod based on what's tested by @mattfarina in Masterminds/semver#248

Updating changelog for 3.3.0 by @mattfarina in Masterminds/semver#249

New Contributors

@sdelicata made their first contribution in Masterminds/semver#226

@robinschneider made their first contribution in Masterminds/semver#222

@KnutZuidema made their first contribution in Masterminds/semver#213

@grosser made their first contribution in Masterminds/semver#238

@johnnychen94 made their first contribution in Masterminds/semver#216

Full Changelog: https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

3.3.0 (2024-08-27)

Added

#238: Add LessThanEqual and GreaterThanEqual functions (thanks @grosser)

#213: nil version equality checking (thanks @KnutZuidema)

Changed

#241: Simplify StrictNewVersion parsing (thanks @grosser)

Testing support up through Go 1.23

Minimum version set to 1.21 as this is what's tested now

Fuzz testing now supports caching

Commits

e6e3d4d Merge pull request #249 from mattfarina/update-changelog-3.3.0
e80c4ea Updating changelog for 3.3.0
80427ad Merge pull request #248 from mattfarina/bump-min-version
b610837 bumping min version in go.mod based on what's tested
a4cccd8 Merge pull request #246 from mattfarina/bump-go-1.23
7c178cf Updating the testing version of Go used
29f94c1 Merge pull request #241 from grosser/grosser/validate
2cf1b16 Merge pull request #245 from mattfarina/remove-vert
b55476a Removing reference to vert
d07450b simplify StrictNewVersion
Additional commits viewable in compare view

Updates github.com/containers/image/v5 from 5.23.0 to 5.32.2

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.32.2

This adds the ability to accept sigstore signatures signed by any key from a set of several (huge thanks to @dcermak and @danishprakash for doing almost all the work), and Rekor log presence proofs signed by any key from a set of several keys.

v5.32.1

What's Changed

Bump c/storage to v1.55.0, c/image to v5.32.0 by @TomSweeneyRedHat in containers/image#2495

fix(deps): update module github.com/vbauerster/mpb/v8 to v8.7.5 by @renovate in containers/image#2496

Record (TOC digest → DiffID) mapping in BlobInfoCache by @mtrmac in containers/image#2321

Revamp codespell by @kolyshkin in containers/image#2498

fix(deps): update module golang.org/x/oauth2 to v0.22.0 by @renovate in containers/image#2501

fix(deps): update module golang.org/x/sync to v0.8.0 by @renovate in containers/image#2502

manifest: LayerInfos: preallocate the slice by @kolyshkin in containers/image#2499

zstd:chunked refactoring for early review by @mtrmac in containers/image#2503

fix(deps): update module golang.org/x/crypto to v0.26.0 by @renovate in containers/image#2504

Record zstd:chunked format, and annotations, in BlobInfoCache by @mtrmac in containers/image#2487

Full Changelog: https://github.com/containers/image/compare/v5.32.0...v5.32.1

v5.29.5

What's Changed

[release-5.29] Don't abort listing tags when we encounter a digest by @TomSweeneyRedHat in containers/image#2453

Full Changelog: https://github.com/containers/image/compare/v5.29.4...v5.29.5

v5.32.0

What's Changed

Bump to c/storage v1.54.0 then c/image to v5.31.0 and then to v5.31.1-dev by @TomSweeneyRedHat in containers/image#2425

Bump to v5.32.0-dev by @TomSweeneyRedHat in containers/image#2430

fix(deps): update module github.com/docker/docker-credential-helpers to v0.8.2 by @renovate in containers/image#2433

fix(deps): update module github.com/burntsushi/toml to v1.4.0 by @renovate in containers/image#2434

[CI:DOCS] Update dependency golangci/golangci-lint to v1.59.0 by @renovate in containers/image#2427

fix(deps): update module github.com/sigstore/sigstore to v1.8.4 by @renovate in containers/image#2436

blobinfocache: add function to delete the cache directory by @giuseppe in containers/image#2435

chore(deps): update dependency containers/automation_images to v20240529 by @renovate in containers/image#2414

fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.7 by @renovate in containers/image#2437

Update github.com/letsencrypt/boulder by @mtrmac in containers/image#2438

fix(deps): update golang.org/x/exp digest to fd00a4e by @renovate in containers/image#2439

Don't abort listing tags when we encounter a digest by @mtrmac in containers/image#2440

fix(deps): update module golang.org/x/oauth2 to v0.21.0 by @renovate in containers/image#2441

[Additional Layer Store] Enable Additional Layer Store to perform registry authentication by @ktock in containers/image#2417

fix(deps): update module golang.org/x/crypto to v0.24.0 by @renovate in containers/image#2442

fix(deps): update module github.com/docker/cli to v26.1.4+incompatible by @renovate in containers/image#2444

[CI:DOCS] Update dependency golangci/golangci-lint to v1.59.1 by @renovate in containers/image#2446

fix(deps): update module github.com/klauspost/compress to v1.17.9 by @renovate in containers/image#2448

fix(deps): update module github.com/sylabs/sif/v2 to v2.17.0 by @renovate in containers/image#2455

Add more context to errors when obtaining a registry access token by @mtrmac in containers/image#2454

fix(deps): update module github.com/docker/docker to v27 by @renovate in containers/image#2459

fix(deps): update module github.com/docker/cli to v27 by @renovate in containers/image#2457

... (truncated)

Commits

0b425a4 Release 5.32.2
2a87b21 Support accepting multiple Rekor public keys
95c0635 Add field KeyPaths and KeyDatas to prSigstoreSigned
d42de59 Split verifySigstorePayloadBlobSignature from VerifySigstorePayload
a5ea016 Use loadBytesFromConfigSources in prSignedBy.isSignatureAuthorAccepted
03550b4 Turn loadBytesFromDataOrPath into loadBytesFromConfigSources
c0c8d34 Use InvalidPolicyFormatError for invalid sigstore options
4bcaca1 Merge pull request #2511 from mtrmac/5.32-version
c94eadb Fix the version number
6a17c28 Merge pull request #2508 from mtrmac/5.32-zstd
Additional commits viewable in compare view

Updates github.com/cyphar/filepath-securejoin from 0.2.4 to 0.3.1

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.3.1

By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll to do the necessary "partial lookups", Open(at)InRoot now does less work for both implementations (resulting in a many-fold decrease in the number of operations for openat2, and a modest improvement for non-openat2) and is far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT) behaviour.

We now use readlinkat(fd, "") where possible. For Open(at)InRoot this effectively just means that we no longer risk getting spurious errors during rename races. However, for our hardened procfs handler, this in theory should prevent mount attacks from tricking us when doing magic-link readlinks (even when using the unsafe host /proc handle). Unfortunately Reopen is still potentially vulnerable to those kinds of somewhat-esoteric attacks.

Technically this will only work on post-2.6.39 kernels but it seems incredibly unlikely anyone is using filepath-securejoin on a pre-2011 kernel.

Several improvements were made to the errors returned by Open(at)InRoot and MkdirAll when dealing with invalid paths under the emulated (ie. non-openat2) implementation. Previously, some paths would return the wrong error (ENOENT when the last component was a non-directory), and other paths would be returned as though they were acceptable (trailing-slash components after a non-directory would be ignored by Open(at)InRoot).

These changes were done to match openat2's behaviour and purely is a consistency fix (most users are going to be using openat2 anyway).

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

v0.3.0

This release contains no changes to SecureJoin.

However, it does introduce a new *os.File-based API which is much safer to use for most usecases. These are adapted from [libpathrs][1] and are the bare minimum to be able to operate more safely on an untrusted rootfs where an attacker has write access (something that SecureJoin cannot protect against). The new APIs are:

OpenInRoot, which resolves a path inside a rootfs and returns an *os.File handle to the path. Note that the file handle returned by OpenInRoot is an O_PATH handle, which cannot be used for reading or writing (as well as some other operations -- see open(2) for more details).

Reopen, which takes an O_PATH file handle and safely re-opens it to "upgrade" it to a regular handle.

... (truncated)

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.3.1] - 2024-07-23

Changed

By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll to do the necessary "partial lookups", Open(at)InRoot now does less work for both implementations (resulting in a many-fold decrease in the number of operations for openat2, and a modest improvement for non-openat2) and is far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT) behaviour.

We now use readlinkat(fd, "") where possible. For Open(at)InRoot this effectively just means that we no longer risk getting spurious errors during rename races. However, for our hardened procfs handler, this in theory should prevent mount attacks from tricking us when doing magic-link readlinks (even when using the unsafe host /proc handle). Unfortunately Reopen is still potentially vulnerable to those kinds of somewhat-esoteric attacks.

Technically this will only work on post-2.6.39 kernels but it seems incredibly unlikely anyone is using filepath-securejoin on a pre-2011 kernel.

Fixed

Several improvements were made to the errors returned by Open(at)InRoot and MkdirAll when dealing with invalid paths under the emulated (ie. non-openat2) implementation. Previously, some paths would return the wrong error (ENOENT when the last component was a non-directory), and other paths would be returned as though they were acceptable (trailing-slash components after a non-directory would be ignored by Open(at)InRoot).

These changes were done to match openat2's behaviour and purely is a consistency fix (most users are going to be using openat2 anyway).

[0.3.0] - 2024-07-11

Added

A new set of *os.File-based APIs have been added. These are adapted from [libpathrs][] and we strongly suggest using them if possible (as they provide far more protection against attacks than SecureJoin):

Open(at)InRoot resolves a path inside a rootfs and returns an *os.File handle to the path. Note that the handle returned is an O_PATH handle, which cannot be used for reading or writing (as well as some other operations -- [see open(2) for more details][open.2])

Reopen takes an O_PATH file handle and safely re-opens it to upgrade it to a regular handle. This can also be used with non-O_PATH handles, but O_PATH is the most obvious application.

MkdirAll is an implementation of os.MkdirAll that is safe to use to

... (truncated)

Commits

ce7b28a VERSION: release v0.3.1
a2c14f8 CHANGELOG: add readlinkat(fd, "") shout-out
4ea279f merge #22 into cyphar/filepath-securejoin:main
16e1bec CHANGELOG: add initial changelog with current history
2404ffb merge #21 into cyphar/filepath-securejoin:main
f29b7a4 lookup: handle // and trailing slash components correctly
ecd61ca merge #19 into cyphar/filepath-securejoin:main
38b1220 procfs: refactor statx mnt_id logic
45c4415 procfs: use readlink(fd, "") for magic-links
edab538 merge #17 into cyphar/filepath-securejoin:main
Additional commits viewable in compare view

Updates github.com/fatih/color from 1.15.0 to 1.16.0

Release notes

Sourced from github.com/fatih/color's releases.

v1.16.0

What's Changed

Update dependabot.yml by @ilyabrin in fatih/color#200

color: add newline after wrapping text by @fatih in fatih/color#192

[Test] Nil check added by @hyunsooda in fatih/color#203

fixes #206 (using underline with a different fg color breaks) by @gregpoirson in fatih/color#210

Dependency updates

Bump dominikh/staticcheck-action from 1.2.0 to 1.3.0 by @dependabot in fatih/color#201

Bump github.com/mattn/go-isatty from 0.0.17 to 0.0.18 by @dependabot in fatih/color#193

Bump golang.org/x/sys from 0.6.0 to 0.8.0 by @dependabot in fatih/color#195

Bump github.com/mattn/go-isatty from 0.0.18 to 0.0.19 by @dependabot in fatih/color#196

Bump golang.org/x/sys from 0.8.0 to 0.10.0 by @dependabot in fatih/color#199

Bump github.com/mattn/go-isatty from 0.0.19 to 0.0.20 by @dependabot in fatih/color#212

Bump golang.org/x/sys from 0.10.0 to 0.13.0 by @dependabot in fatih/color#209

Bump actions/setup-go from 3 to 4 by @dependabot in fatih/color#202

Bump actions/checkout from 3 to 4 by @dependabot in fatih/color#208

Bump golang.org/x/sys from 0.13.0 to 0.14.0 by @dependabot in fatih/color#213

New Contributors

@ilyabrin made their first contribution in fatih/color#200

@hyunsooda made their first contribution in fatih/color#203

@gregpoirson made their first contribution in fatih/color#210

Full Changelog: https://github.com/fatih/color/compare/v1.15.0...v1.16.0

Commits

0f9779e Merge pull request #213 from fatih/dependabot/go_modules/golang.org/x/sys-0.14.0
0c78604 Bump golang.org/x/sys from 0.13.0 to 0.14.0
96e0f73 Merge pull request #208 from fatih/dependabot/github_actions/actions/checkout-4
4c66e32 Bump actions/checkout from 3 to 4
2fb03d6 Merge pull request #202 from fatih/dependabot/github_actions/actions/setup-go-4
8ba7bbd Bump actions/setup-go from 3 to 4
e3f97f3 Merge pull request #209 from fatih/dependabot/go_modules/golang.org/x/sys-0.13.0
e146575 Bump golang.org/x/sys from 0.10.0 to 0.13.0
d2d7a5e Merge pull request #212 from fatih/dependabot/go_modules/github.com/mattn/go-...
f3e45da Merge branch 'main' into dependabot/go_modules/github.com/mattn/go-isatty-0.0.20
Additional commits viewable in compare view

Updates github.com/fluxcd/flux2/v2 from 2.0.0-rc.3 to 2.3.0

Release notes

Sourced from github.com/fluxcd/flux2/v2's releases.

v2.3.0

Highlights

Flux v2.3.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.3 GA blog post.

This release marks the General Availability (GA) of Flux Helm features and APIs, including helm-controller, the HelmRelease, HelmChart, and HelmRepository APIs.

The HelmRepository v2 API comes with new features, such as the ability to reference Helm charts from OCIRepository sources, reuse existing HelmChart resources, and verify the integrity of Helm chart artifacts signed with Notary Notation.

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version Minimum required

v1.28 >= 1.28.0

v1.29 >= 1.29.0

v1.30 >= 1.30.0

[!NOTE] Note that the Flux project offers support only for the latest three minor versions of Kubernetes. Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as ControlPlane that provide enterprise support for Flux.

API changes

HelmRelease v2

The HelmRelease kind was promoted from v2beta2 to v2 (GA).

The v2 API is backwards compatible with v2beta2, with the exception of the deprecated fields which have been removed.

Removed fields:

.spec.chart.spec.valuesFile replaced by .spec.chart.spec.valuesFiles.

.spec.postRenderers.kustomize.patchesJson6902 replaced by .spec.postRenderers.kustomize.patches.

.spec.postRenderers.kustomize.patchesStrategicMerge replaced by .spec.postRenderers.kustomize.patches.

.status.lastAppliedRevision replaced by .status.history.chartVersion.

New fields:

.spec.chartRef allows referencing chart artifacts from OCIRepository and HelmChart objects.

.spec.chart.spec.ignoreMissingValuesFiles allows ignoring missing values files instead of failing to reconcile.

HelmChart v1

Kubernetes version	Minimum required
`v1.28`	`>= 1.28.0`
`v1.29`	`>= 1.29.0`
`v1.30`	`>= 1.30.0`

... (truncated)

Commits

896e0fa Merge pull request #4785 from fluxcd/dependabot/github_actions/ci-f6abfb4cf0
8d75df8 build(deps): bump the ci group with 3 updates
dd7ef7d Merge pull request #4766 from fluxcd/reconcile-hr-with-chartref
5feee5c Add support for creating HR with .spec.ChartRef
0d0285a Enable reconciling HelmReleases with ChartRef
86b3581 Merge pull request #4783 from fluxcd/conformance-tests
32804f6 ci: Consolidate conformance tests
070fa0f Merge pull request #4781 from fluxcd/drop-kubernetes-eol
9ef9464 Update kubectl to 1.30.0 in flux-cli image
d8e6199 Set Kubernetes 1.28 as min required version
Additional commits viewable in compare view

Updates github.com/fluxcd/go-git-providers from 0.18.1-0.20230706132206-211750e8915d to 0.20.1

Release notes

Sourced from github.com/fluxcd/go-git-providers's releases.

v0.20.1

CHANGELOG

PR #271 Update go-github to v61

v0.20.0

CHANGELOG

PR #270 Update dependencies to Go 1.22

PR #266 build(deps): bump the ci group with 2 updates

PR #265 Update Soule BA Affiliation

PR #263 Change Max's affiliation to Associmates

PR #262 Change Stefan Prodan's affiliation to ControlPlane

v0.19.3

CHANGELOG

PR #261 Adapt workflows

PR #260 build(deps): bump the ci group with 2 updates

PR #259 Updating dependencies and fix go-git CVE

PR #257 changing Soule info

PR #256 github: fix defer in for loop

v0.19.2

CHANGELOG

PR #254 Updating dependencies

PR #253 build(deps): bump the ci group with 1 update

v0.19.1

CHANGELOG

PR #252 build(deps): bump golang.org/x/net from 0.16.0 to 0.17.0

v0.19.0

CHANGELOG

PR #250 Validate user ref when creating user repository

PR #249 updating go and dependencies versions

PR #248 build(deps): bump the ci group with 1 update

PR #247 build(deps): bump the ci group with 2 updates

PR #246 build(deps): bump the ci group with 1 update

PR #244 build(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3

PR #243 build(deps): bump the ci group with 1 update

PR #242 ci: Group dependabot updates

PR #241 build(deps): bump actions/checkout from 3.5.3 to 3.6.0

PR #240 build(deps): bump actions/setup-go from 4.0.1 to 4.1.0

PR #238 Pin GitLab version in e2e tests

PR #237 fix panic when gitea commit object contains nil pointers

Commits

See full diff in compare view

Updates github.com/fluxcd/kustomize-controller/api from 1.1.0 to 1.3.0

Release notes

Sourced from github.com/fluxcd/kustomize-controller/api's releases.

v1.3.0

Changelog

v1.3.0 changelog

Container images

docker.io/fluxcd/kustomize-controller:v1.3.0

ghcr.io/fluxcd/kustomize-controller:v1.3.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.2

Changelog

v1.2.2 changelog

Container images

docker.io/fluxcd/kustomize-controller:v1.2.2

ghcr.io/fluxcd/kustomize-controller:v1.2.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.1

Changelog

v1.2.1 changelog

Container images

docker.io/fluxcd/kustomize-controller:v1.2.1

ghcr.io/fluxcd/kustomize-controller:v1.2.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.0

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/kustomize-controller/api's changelog.

1.3.0

Release date: 2024-05-06

This minor release comes with new features, improvements and bug fixes.

The controller has been updated to Kustomize v5.4, please see the kubernetes-sigs/kustomize changelog for more details.

The Flux Kustomization API gains two optional fields .spec.namePrefix and .spec.nameSuffix that can be used to specify a prefix and suffix to be added to the names of all managed resources.

The controller now supports the --feature-gates=StrictPostBuildSubstitutions=true flag, when enabled the post-build substitutions will fail if a variable without a default value is declared in files but is missing from the input vars.

When using variable substitution with values that are numbers or booleans, it is now possible to covert the values to strings, for more details see the post-build documentation.

In addition, the controller dependencies have been updated to Kubernetes v1.30 and controller-runtime v0.18. Various other dependencies have also been updated to their latest version to patch upstream CVEs.

Lastly, the controller is now built with Go 1.22.

Improvements:

Implement name prefix/suffix transformers #1134

Add StrictPostBuildSubstitutions feature flag #1130

Document how to use numbers and booleans in post build substitutions #1129

Remove deprecated aad pod identity from API docs #1152

api: Refer condition type constants from fluxcd/pkg/apis #1144

Update dependencies to Kustomize v5.4.0 #1128

Various dependency updates #1155 #1121 #1139 #1122

Fixes:

Fix requeue warning introduced by controller-runtime

... (truncated)

Commits

83fbfee Merge pull request #1157 from fluxcd/release-v1.3.0
458d7e2 Release v1.3.0
4a02b3f Add changelog entry for v1.3.0
882f6a7 Merge pull request #1154 from fluxcd/dependabot/github_actions/ci-b23e0286c6
dfcd4ed Merge pull request #1155 from fluxcd/source-controller-1.3.0
e81120a build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 in the ci group
780954f Update source-controller API to v1.3.0
99792de Merge pull request #1152 from dipti-pai/remove-deprecated-aad-podidentity-ref
fc663de Remove references aad pod identity
f0f9b03 Merge pull request #1149 from fluxcd/dependabot/github_actions/ci-cfa2b75493
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.1.2 to 1.5.0

Commits

e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
2b974af Update sigs.k8s.io/controller-tools to v0.15.0
52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
c906252 Update dependencies to Kubernetes 1.30
92c1348 Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560
ccb916a build(deps): bump the ci group with 3 updates
6081556 Merge pull request #761 from fluxcd/kustomize-name-prefix-suffix
abf5675 kustomize: Add support for namePrefix and nameSuffix
98d2522 Merge pull request #760 from fluxcd/dependabot/github_actions/ci-8f082d4f6d
efcd824 build(deps): bump docker/setup-buildx-action in the ci group
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/git from 0.11.0 to 0.19.0

Commits

e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
2b974af Update sigs.k8s.io/controller-tools to v0.15.0
52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
c906252 Update dependencies to Kubernetes 1.30
92c1348 Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560
ccb916a build(deps): bump the ci group with 3 updates
6081556 Merge pull request #761 from fluxcd/kustomize-name-prefix-suffix
abf5675 kustomize: Add support for namePrefix and nameSuffix
98d2522 Merge pull request #760 from fluxcd/dependabot/github_actions/ci-8f082d4f6d
efcd824 build(deps): bump docker/setup-buildx-action in the ci group
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/git/gogit from 0.8.1 to 0.19.0

Commits

e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
2b974af Update sigs.k8s.io/controller-tools to v0.15.0
52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
c906252 Update dependencies to Kubernetes 1.30
92c1348 Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560
ccb916a build(deps): bump the ci group with 3 updates
6081556 Merge pull request #761 from fluxcd/kustomize-name-prefix-suffix
abf5675 kustomize: Add support for namePrefix and nameSuffix
98d2522 Merge pull request #760 from fluxcd/dependabot/github_actions/ci-8f082d4f6d
efcd824 build(deps): bump docker/setup-buildx-action in the ci group
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/kustomize from 1.3.4 to 1.11.0

Commits

3790516 Merge pull request #767 from fluxcd/up-internal-deps
37ea30c Update internal dependencies
e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
2b974af Update sigs.k8s.io/controller-tools to v0.15.0
52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
c906252 Update dependencies to Kubernetes 1.30
92c1348 Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560
ccb916a build(deps): bump the ci group with 3 updates
6081556 Merge pull request #761 from fluxcd/kustomize-name-prefix-suffix
abf5675 kustomize: Add support for namePrefix and nameSuffix
Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/ssa from 0.28.2 to 0.39.1

Commits

adcfcbe Merge pull request #769 from fluxcd/controller-runtime-v0.18.1
0e74a82 Update runtime pkg docs
b329d92 Update dependencies to controller-runtime v0.18.1
d0bf8ed Merge pull request #768 from fluxcd/dependabot/github_actions/ci-b93eff89fb
14f05d7 build(deps): bump actions/checkout from 4.1.3 to 4.1.4 in the ci group
3790516 Merge pull request #767 from fluxcd/up-internal-deps
37ea30c Update internal dependencies
e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
2b974af Update sigs.k8s.io/controller-tools to v0.15.0
52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
Additional commits viewable in compare view

Updates github.com/fluxcd/source-controller/api from 1.1.0 to 1.3.0

Release notes

Sourced from

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	6
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	0
LICENSE RISK HIGH	7
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

open-component-model / MPAS