Bump github.com/fluxcd/source-controller/api from 1.0.0-rc.1 to 1.2.1

[dependabot[bot]]

Bumps github.com/fluxcd/source-controller/api from 1.0.0-rc.1 to 1.2.1.

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.2.1

Changelog

v1.2.1 changelog

Container images

• docker.io/fluxcd/source-controller:v1.2.1
• ghcr.io/fluxcd/source-controller:v1.2.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.0

Changelog

v1.2.0 changelog

Container images

• docker.io/fluxcd/source-controller:v1.2.0
• ghcr.io/fluxcd/source-controller:v1.2.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.1.2

Changelog

v1.1.2 changelog

Container images

• docker.io/fluxcd/source-controller:v1.1.2
• ghcr.io/fluxcd/source-controller:v1.1.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.1.1

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.2.1

Release date: 2023-12-08

This patch release ensures the controller is built with the latest Go 1.21.x release, to mitigate multiple security vulnerabilities which were published shortly after the release of v1.2.0.

In addition, a small number of dependencies have been updated to their latest version.

Improvements:

• Update dependencies #1309

1.2.0

Release date: 2023-12-05

This minor release comes with API changes, bug fixes and several new features.

Bucket

A new field, .spec.prefix, has been added to the Bucket API, which enables server-side filtering of files if the object's .spec.provider is set to generic/aws/gcp.

OCIRepository and HelmChart

Two new fields, .spec.verify.matchOIDCIdentity.issuer and .spec.verify.matchOIDCIdentity.subject have been added to the HelmChart and OCIRepository APIs. If the image has been keylessly signed via Cosign, these fields can be used to verify the OIDC issuer of the Fulcio certificate and the OIDC identity's subject respectively.

HelmRepository

A new boolean field, .spec.insecure, has been introduced to the HelmRepository API, which allows connecting to a non-TLS HTTP container registry. It is only considered if the object's .spec.type is set to oci.

From this release onwards, HelmRepository objects of type OCI are treated as static objects, i.e. they have an empty status. Existing objects undergo a one-time automatic migration and new objects will be undergo a one-time reconciliation to remove any status fields.

Additionally, the controller now performs a shallow clone if the .spec.ref.name of the GitRepository object points to a branch or a tag.

Furthermore, a bug has been fixed, where the controller would try to

... (truncated)

Commits

• 20a94c0 Merge pull request #1310 from fluxcd/release-v1.2.1
• 6a3b85b Release v1.2.1
• 13f43b8 Add changelog entry for v1.2.1
• 78994d4 Merge pull request #1309 from fluxcd/backport-1308-to-release/v1.2.x
• 04b79c2 Update dependencies
• 452c308 Merge pull request #1305 from fluxcd/release-v1.2.0
• 8700ca9 Release v1.2.0
• 677b62b Add changelog entry for v1.2.0
• 00a71ad Merge pull request #1304 from fluxcd/update-deps
• 2c6bd26 Update Go dependencies
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #154.