Jean-Philippe Evrard
334fb5f99c
Merge pull request #1289 from evrardjp/include-comment-for-dependabot
...
Fix dependabot bumping
2026-03-24 09:58:48 +01:00
Jean-Philippe Evrard
ee13c5c40a
Unpin actions to fix dependabot bumping
...
Since September 2025, dependabot does not update some actions
anymore. Putting in a comment the _version tag_ (next to the
sha) make it clear that the intent is not to pin and should
allow further bumping by dependabot.
This was not necessary in the past and seem required now.
Signed-off-by: Jean-Philippe Evrard <open-source@a.spamming.party >
2026-03-24 09:50:55 +01:00
Jean-Philippe Evrard
01317d3e0a
Merge pull request #1293 from kubereboot/dependabot/github_actions/github/codeql-action-4.34.1
2026-03-23 22:20:50 +01:00
Jean-Philippe Evrard
25951e7834
Merge pull request #1285 from kubereboot/dependabot/github_actions/actions/checkout-6.0.2
2026-03-23 22:18:55 +01:00
Jean-Philippe Evrard
4e4371b81a
Merge pull request #1292 from kubereboot/dependabot/go_modules/k8s.io/kubectl-0.35.3
2026-03-23 22:18:05 +01:00
dependabot[bot]
b281833696
build(deps): bump actions/checkout from 5.0.0 to 6.0.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5.0.0 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](08c6903cd8...de0fac2e45support@github.com >
2026-03-23 21:04:52 +00:00
Jean-Philippe Evrard
87a8aa6fb6
Merge pull request #1297 from kubereboot/dependabot/github_actions/actions/setup-go-6.3.0
2026-03-23 22:04:23 +01:00
dependabot[bot]
a266787b94
build(deps): bump k8s.io/kubectl from 0.35.2 to 0.35.3
...
Bumps [k8s.io/kubectl](https://github.com/kubernetes/kubectl ) from 0.35.2 to 0.35.3.
- [Commits](https://github.com/kubernetes/kubectl/compare/v0.35.2...v0.35.3 )
---
updated-dependencies:
- dependency-name: k8s.io/kubectl
dependency-version: 0.35.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-23 21:01:02 +00:00
Jean-Philippe Evrard
ae33ad8879
Merge pull request #1294 from kubereboot/dependabot/go_modules/k8s.io/api-0.35.3
2026-03-23 21:59:30 +01:00
Jean-Philippe Evrard
4b15eeb4a5
Merge pull request #1295 from kubereboot/dependabot/github_actions/docker/setup-buildx-action-4.0.0
2026-03-23 21:59:01 +01:00
Jean-Philippe Evrard
8c77afaa5b
Merge pull request #1296 from kubereboot/dependabot/github_actions/docker/build-push-action-7.0.0
2026-03-23 21:58:36 +01:00
dependabot[bot]
0330c1737c
build(deps): bump actions/setup-go from 6.0.0 to 6.3.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 6.0.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](4469467582...4b73464bb3support@github.com >
2026-03-23 05:48:59 +00:00
dependabot[bot]
0faf1d812b
build(deps): bump docker/build-push-action from 6.18.0 to 7.0.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 6.18.0 to 7.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](263435318d...d08e5c354asupport@github.com >
2026-03-23 05:48:01 +00:00
dependabot[bot]
ca152e76f7
build(deps): bump docker/setup-buildx-action from 3.11.1 to 4.0.0
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 3.11.1 to 4.0.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](e468171a9d...4d04d5d948support@github.com >
2026-03-23 05:47:52 +00:00
dependabot[bot]
99a7bc9559
build(deps): bump k8s.io/api from 0.35.2 to 0.35.3
...
Bumps [k8s.io/api](https://github.com/kubernetes/api ) from 0.35.2 to 0.35.3.
- [Commits](https://github.com/kubernetes/api/compare/v0.35.2...v0.35.3 )
---
updated-dependencies:
- dependency-name: k8s.io/api
dependency-version: 0.35.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-23 05:47:50 +00:00
dependabot[bot]
8302d7d6f9
build(deps): bump github/codeql-action from 3.30.6 to 4.34.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.6 to 4.34.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](64d10c1313...3869755554support@github.com >
2026-03-23 05:47:46 +00:00
Jean-Philippe Evrard
6a5dc5081b
Merge pull request #1268 from evrardjp/update-policy-on-kube-versions
2026-03-23 06:46:42 +01:00
Jean-Philippe Evrard
fe114765ef
Manually bump trivy
...
Without this, the CI will fail to use trivy.
Multiple reasons:
- We used shas + tags in the past. This was to guarantee the
version matches the release. Sadly that behaviour has changed
since september 2025, and dependabot does not update anymore
the sha pinned actions unless the version is also in comment.
This will be fixed in another PR.
- Trivy releases had to be republished since trivy security
incident.
- Old releases should not be used, so bumping is necessary.
Signed-off-by: Jean-Philippe Evrard <open-source@a.spamming.party >
2026-03-19 18:53:25 +01:00
Jean-Philippe Evrard
168fe81bb4
Update policy for kube version
...
We have historically decided to support AND TEST 3 versions
of kubernetes. For that, we lagged behind in terms of client versions.
Lagging behind one version allowed us, thanks to kubernetes client version skew,
to support 3 versions at relatively low cost.
However, maintaining 3 versions has always been a pain.
For that, we pinned old versions of kubernetes clients/api and test tooling.
In december 2025 community meeting, we decided to only maintain two
versions: the most current one, and the previous one.
This allows us to bump more regularly and be more secure.
We can also more easily use dependabot this way.
Signed-off-by: Jean-Philippe Evrard <open-source@a.spamming.party >
2026-03-19 06:07:15 +01:00
Jean-Philippe Evrard
4d5ca31338
Merge pull request #1279 from kubereboot/dependabot/github_actions/docker/metadata-action-5.10.0
2026-02-22 08:17:34 +01:00
Jean-Philippe Evrard
6a1ba49eb6
Merge pull request #1278 from kubereboot/dependabot/github_actions/docker/login-action-3.7.0
2026-02-22 08:17:07 +01:00
Jean-Philippe Evrard
cbc7da275f
Merge pull request #1277 from kubereboot/dependabot/github_actions/jdx/mise-action-3.6.1
2026-02-22 08:16:32 +01:00
Jean-Philippe Evrard
763aea8976
Merge pull request #1276 from kubereboot/dependabot/github_actions/actions/upload-artifact-6.0.0
2026-02-22 08:15:54 +01:00
Jean-Philippe Evrard
bf9ecd8566
Merge pull request #1270 from kubereboot/dependabot/go_modules/github.com/sirupsen/logrus-1.9.4
2026-02-22 08:15:30 +01:00
dependabot[bot]
743cc1a13f
build(deps): bump docker/metadata-action from 5.8.0 to 5.10.0
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 5.8.0 to 5.10.0.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](c1e51972af...c299e40c65support@github.com >
2026-01-30 17:54:53 +00:00
dependabot[bot]
ef88f700e8
build(deps): bump docker/login-action from 3.6.0 to 3.7.0
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](5e57cd1181...c94ce9fb46support@github.com >
2026-01-30 17:54:40 +00:00
dependabot[bot]
31c2febd45
build(deps): bump jdx/mise-action from 3.5.1 to 3.6.1
...
Bumps [jdx/mise-action](https://github.com/jdx/mise-action ) from 3.5.1 to 3.6.1.
- [Release notes](https://github.com/jdx/mise-action/releases )
- [Changelog](https://github.com/jdx/mise-action/blob/main/CHANGELOG.md )
- [Commits](146a281750...6d1e696aa2support@github.com >
2026-01-30 17:54:34 +00:00
dependabot[bot]
e68a556b8d
build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](330a01c490...b7c566a772support@github.com >
2026-01-30 17:54:27 +00:00
dependabot[bot]
583d38be01
build(deps): bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4
...
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.3 to 1.9.4.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-version: 1.9.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-01-30 07:31:36 +00:00
Jean-Philippe Evrard
1f7961dc47
Merge pull request #1248 from kubereboot/dependabot/github_actions/jdx/mise-action-3.4.0
2026-01-30 08:30:16 +01:00
Jean-Philippe Evrard
efedb85f53
Merge pull request #1255 from kubereboot/dependabot/github_actions/step-security/harden-runner-2.13.2
2026-01-30 08:29:15 +01:00
Jean-Philippe Evrard
35b7a2d9c6
Merge pull request #1256 from kubereboot/dependabot/github_actions/docker/setup-qemu-action-3.7.0
2026-01-30 08:28:24 +01:00
Jean-Philippe Evrard
a387ec5d91
Merge pull request #1266 from kubereboot/dependabot/go_modules/github.com/prometheus/common-0.67.5
2026-01-30 08:27:52 +01:00
Jean-Philippe Evrard
530d030285
Merge pull request #1275 from kubereboot/dependabot/docker/alpine-3.23.3
2026-01-30 08:26:33 +01:00
dependabot[bot]
605d025509
build(deps): bump alpine from 3.22.2 to 3.23.3
...
Bumps alpine from 3.22.2 to 3.23.3.
---
updated-dependencies:
- dependency-name: alpine
dependency-version: 3.23.3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-01-28 17:52:50 +00:00
Jean-Philippe Evrard
779a332867
Merge pull request #1272 from kubereboot/prepare-release-1.21.0
...
chore: update release
2026-01-22 18:58:22 +01:00
Jean-Philippe Evrard
c966c3370b
chore: update release
...
Signed-off-by: Jean-Philippe Evrard <open-source@a.spamming.party >
2026-01-22 18:42:18 +01:00
dependabot[bot]
f03716f31a
build(deps): bump github.com/prometheus/common from 0.66.1 to 0.67.5
...
Bumps [github.com/prometheus/common](https://github.com/prometheus/common ) from 0.66.1 to 0.67.5.
- [Release notes](https://github.com/prometheus/common/releases )
- [Changelog](https://github.com/prometheus/common/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prometheus/common/compare/v0.66.1...v0.67.5 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/common
dependency-version: 0.67.5
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-01-22 17:38:12 +00:00
Jean-Philippe Evrard
980939a8da
Merge pull request #1267 from evrardjp/bump-to-next-kubernetes-version
...
Update Kured to support kubernetes 1.35
2026-01-22 18:37:07 +01:00
Jean-Philippe Evrard
9afdecf1ec
Update Kured to support kubernetes 1.35
...
Now that a new kind version is released supporting 1.35,
we can use it for our CI testing.
This commit:
- Bumps the kind version and its images to support the 1.35
- Ensure all the API calls are done with client-go (and other k8s deps)
supporting a maximum ranges of versions (0.34)
- Aligns Kured go version with k8s 0.34 go version.
Signed-off-by: Jean-Philippe Evrard <open-source@a.spamming.party >
2026-01-22 18:27:03 +01:00
dependabot[bot]
34177f9b57
build(deps): bump jdx/mise-action from 3.3.1 to 3.4.0
...
Bumps [jdx/mise-action](https://github.com/jdx/mise-action ) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/jdx/mise-action/releases )
- [Changelog](https://github.com/jdx/mise-action/blob/main/CHANGELOG.md )
- [Commits](e3d7b8d67a...be3be2260bsupport@github.com >
2025-12-19 18:26:29 +00:00
Jean-Philippe Evrard
9e465f89a0
Merge pull request #1263 from dharsanb/bump-go
2025-12-19 16:09:55 +01:00
Jean-Philippe Evrard
2832224a6a
Merge pull request #1262 from dharsanb/trademark-fix
...
Fix trademark usage link to the new redirect
2025-12-19 16:00:54 +01:00
Dharsan Baskar
1b53693264
fix: fix vulnerability in go std library
...
Signed-off-by: Dharsan Baskar <git@dharsanb.com >
2025-12-19 20:22:49 +05:30
Dharsan
27cd2d1971
docs: fix trademark usage link
...
Signed-off-by: Dharsan Baskar <git@dharsanb.com >
2025-12-19 06:25:32 +05:30
Jean-Philippe Evrard
9a22be71f2
Merge pull request #1251 from dharsanb/keep-prs
2025-11-14 19:42:29 +01:00
dependabot[bot]
ed77686a5c
build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0
...
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](29109295f8...c7c5346462support@github.com >
2025-11-05 17:05:06 +00:00
dependabot[bot]
1cbf1933dc
build(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.13.1 to 2.13.2.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](f4a75cfd61...95d9a5dedasupport@github.com >
2025-11-05 17:04:59 +00:00
Dharsan Baskar
453b69f199
fix: don't auto-close PRs with keep label
...
Signed-off-by: Dharsan Baskar <git@dharsanb.com >
2025-11-02 16:47:14 +05:30
Jean-Philippe Evrard
0578488672
Merge pull request #1244 from jackfrancis/update-maintainers-Dharsan-Baskar
...
update maintainers: add dharsanb, retire ckotzbauer
2025-11-02 10:56:28 +01:00
