dependabot[bot]
fcaf85cff6
build(deps): bump github/codeql-action from 4.34.1 to 4.35.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.34.1 to 4.35.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3869755554...c10b8064desupport@github.com >
2026-03-27 17:54:16 +00:00
Jean-Philippe Evrard
08b436aeed
Merge pull request #1303 from evrardjp/update-comment
...
Update upload-artifact comment
2026-03-26 04:22:29 +01:00
Jean-Philippe Evrard
99ada00506
Update upload-artifact comment
...
Fixes dependabot incorrect comment update in PR#1299
Signed-off-by: Jean-Philippe Evrard <open-source@a.spamming.party >
2026-03-26 03:59:14 +01:00
Jean-Philippe Evrard
66cf0ccc5d
Merge pull request #1299 from kubereboot/dependabot/github_actions/actions/upload-artifact-7.0.0
...
build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0
2026-03-26 03:56:26 +01:00
Jean-Philippe Evrard
b18f7398eb
Merge pull request #1298 from kubereboot/dependabot/github_actions/lycheeverse/lychee-action-2.8.0
...
build(deps): bump lycheeverse/lychee-action from 2.7.0 to 2.8.0
2026-03-26 03:53:50 +01:00
Jean-Philippe Evrard
6bd56b8dc5
Merge pull request #1300 from kubereboot/dependabot/github_actions/jdx/mise-action-4.0.1
...
build(deps): bump jdx/mise-action from 3.6.1 to 4.0.1
2026-03-26 03:52:49 +01:00
Jean-Philippe Evrard
157d027d6c
Merge pull request #1301 from kubereboot/dependabot/github_actions/docker/setup-qemu-action-4.0.0
...
build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0
2026-03-26 03:51:40 +01:00
Jean-Philippe Evrard
ebbca87f4e
Merge pull request #1302 from kubereboot/dependabot/github_actions/docker/metadata-action-6.0.0
...
build(deps): bump docker/metadata-action from 5.10.0 to 6.0.0
2026-03-26 03:51:14 +01:00
dependabot[bot]
1ac5bd69bf
build(deps): bump docker/metadata-action from 5.10.0 to 6.0.0
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 5.10.0 to 6.0.0.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](c299e40c65...030e881283support@github.com >
2026-03-24 17:53:25 +00:00
dependabot[bot]
20168b53cc
build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0
...
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 3.7.0 to 4.0.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](c7c5346462...ce360397ddsupport@github.com >
2026-03-24 17:53:20 +00:00
dependabot[bot]
da72996abe
build(deps): bump jdx/mise-action from 3.6.1 to 4.0.1
...
Bumps [jdx/mise-action](https://github.com/jdx/mise-action ) from 3.6.1 to 4.0.1.
- [Release notes](https://github.com/jdx/mise-action/releases )
- [Changelog](https://github.com/jdx/mise-action/blob/main/CHANGELOG.md )
- [Commits](6d1e696aa2...1648a7812bsupport@github.com >
2026-03-24 17:53:13 +00:00
dependabot[bot]
757cb25fe8
build(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](b7c566a772...bbbca2ddaasupport@github.com >
2026-03-24 17:53:01 +00:00
dependabot[bot]
72b55a5ed4
build(deps): bump lycheeverse/lychee-action from 2.7.0 to 2.8.0
...
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action ) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/lycheeverse/lychee-action/releases )
- [Commits](a8c4c7cb88...8646ba3053support@github.com >
2026-03-24 17:52:57 +00:00
Jean-Philippe Evrard
334fb5f99c
Merge pull request #1289 from evrardjp/include-comment-for-dependabot
...
Fix dependabot bumping
2026-03-24 09:58:48 +01:00
Jean-Philippe Evrard
ee13c5c40a
Unpin actions to fix dependabot bumping
...
Since September 2025, dependabot does not update some actions
anymore. Putting in a comment the _version tag_ (next to the
sha) make it clear that the intent is not to pin and should
allow further bumping by dependabot.
This was not necessary in the past and seem required now.
Signed-off-by: Jean-Philippe Evrard <open-source@a.spamming.party >
2026-03-24 09:50:55 +01:00
Jean-Philippe Evrard
01317d3e0a
Merge pull request #1293 from kubereboot/dependabot/github_actions/github/codeql-action-4.34.1
2026-03-23 22:20:50 +01:00
Jean-Philippe Evrard
25951e7834
Merge pull request #1285 from kubereboot/dependabot/github_actions/actions/checkout-6.0.2
2026-03-23 22:18:55 +01:00
Jean-Philippe Evrard
4e4371b81a
Merge pull request #1292 from kubereboot/dependabot/go_modules/k8s.io/kubectl-0.35.3
2026-03-23 22:18:05 +01:00
dependabot[bot]
b281833696
build(deps): bump actions/checkout from 5.0.0 to 6.0.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5.0.0 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](08c6903cd8...de0fac2e45support@github.com >
2026-03-23 21:04:52 +00:00
Jean-Philippe Evrard
87a8aa6fb6
Merge pull request #1297 from kubereboot/dependabot/github_actions/actions/setup-go-6.3.0
2026-03-23 22:04:23 +01:00
dependabot[bot]
a266787b94
build(deps): bump k8s.io/kubectl from 0.35.2 to 0.35.3
...
Bumps [k8s.io/kubectl](https://github.com/kubernetes/kubectl ) from 0.35.2 to 0.35.3.
- [Commits](https://github.com/kubernetes/kubectl/compare/v0.35.2...v0.35.3 )
---
updated-dependencies:
- dependency-name: k8s.io/kubectl
dependency-version: 0.35.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-23 21:01:02 +00:00
Jean-Philippe Evrard
ae33ad8879
Merge pull request #1294 from kubereboot/dependabot/go_modules/k8s.io/api-0.35.3
2026-03-23 21:59:30 +01:00
Jean-Philippe Evrard
4b15eeb4a5
Merge pull request #1295 from kubereboot/dependabot/github_actions/docker/setup-buildx-action-4.0.0
2026-03-23 21:59:01 +01:00
Jean-Philippe Evrard
8c77afaa5b
Merge pull request #1296 from kubereboot/dependabot/github_actions/docker/build-push-action-7.0.0
2026-03-23 21:58:36 +01:00
dependabot[bot]
0330c1737c
build(deps): bump actions/setup-go from 6.0.0 to 6.3.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 6.0.0 to 6.3.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](4469467582...4b73464bb3support@github.com >
2026-03-23 05:48:59 +00:00
dependabot[bot]
0faf1d812b
build(deps): bump docker/build-push-action from 6.18.0 to 7.0.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 6.18.0 to 7.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](263435318d...d08e5c354asupport@github.com >
2026-03-23 05:48:01 +00:00
dependabot[bot]
ca152e76f7
build(deps): bump docker/setup-buildx-action from 3.11.1 to 4.0.0
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 3.11.1 to 4.0.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](e468171a9d...4d04d5d948support@github.com >
2026-03-23 05:47:52 +00:00
dependabot[bot]
99a7bc9559
build(deps): bump k8s.io/api from 0.35.2 to 0.35.3
...
Bumps [k8s.io/api](https://github.com/kubernetes/api ) from 0.35.2 to 0.35.3.
- [Commits](https://github.com/kubernetes/api/compare/v0.35.2...v0.35.3 )
---
updated-dependencies:
- dependency-name: k8s.io/api
dependency-version: 0.35.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-23 05:47:50 +00:00
dependabot[bot]
8302d7d6f9
build(deps): bump github/codeql-action from 3.30.6 to 4.34.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.6 to 4.34.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](64d10c1313...3869755554support@github.com >
2026-03-23 05:47:46 +00:00
Jean-Philippe Evrard
6a5dc5081b
Merge pull request #1268 from evrardjp/update-policy-on-kube-versions
2026-03-23 06:46:42 +01:00
Jean-Philippe Evrard
fe114765ef
Manually bump trivy
...
Without this, the CI will fail to use trivy.
Multiple reasons:
- We used shas + tags in the past. This was to guarantee the
version matches the release. Sadly that behaviour has changed
since september 2025, and dependabot does not update anymore
the sha pinned actions unless the version is also in comment.
This will be fixed in another PR.
- Trivy releases had to be republished since trivy security
incident.
- Old releases should not be used, so bumping is necessary.
Signed-off-by: Jean-Philippe Evrard <open-source@a.spamming.party >
2026-03-19 18:53:25 +01:00
Jean-Philippe Evrard
168fe81bb4
Update policy for kube version
...
We have historically decided to support AND TEST 3 versions
of kubernetes. For that, we lagged behind in terms of client versions.
Lagging behind one version allowed us, thanks to kubernetes client version skew,
to support 3 versions at relatively low cost.
However, maintaining 3 versions has always been a pain.
For that, we pinned old versions of kubernetes clients/api and test tooling.
In december 2025 community meeting, we decided to only maintain two
versions: the most current one, and the previous one.
This allows us to bump more regularly and be more secure.
We can also more easily use dependabot this way.
Signed-off-by: Jean-Philippe Evrard <open-source@a.spamming.party >
2026-03-19 06:07:15 +01:00
Jean-Philippe Evrard
4d5ca31338
Merge pull request #1279 from kubereboot/dependabot/github_actions/docker/metadata-action-5.10.0
2026-02-22 08:17:34 +01:00
Jean-Philippe Evrard
6a1ba49eb6
Merge pull request #1278 from kubereboot/dependabot/github_actions/docker/login-action-3.7.0
2026-02-22 08:17:07 +01:00
Jean-Philippe Evrard
cbc7da275f
Merge pull request #1277 from kubereboot/dependabot/github_actions/jdx/mise-action-3.6.1
2026-02-22 08:16:32 +01:00
Jean-Philippe Evrard
763aea8976
Merge pull request #1276 from kubereboot/dependabot/github_actions/actions/upload-artifact-6.0.0
2026-02-22 08:15:54 +01:00
Jean-Philippe Evrard
bf9ecd8566
Merge pull request #1270 from kubereboot/dependabot/go_modules/github.com/sirupsen/logrus-1.9.4
2026-02-22 08:15:30 +01:00
dependabot[bot]
743cc1a13f
build(deps): bump docker/metadata-action from 5.8.0 to 5.10.0
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 5.8.0 to 5.10.0.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](c1e51972af...c299e40c65support@github.com >
2026-01-30 17:54:53 +00:00
dependabot[bot]
ef88f700e8
build(deps): bump docker/login-action from 3.6.0 to 3.7.0
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](5e57cd1181...c94ce9fb46support@github.com >
2026-01-30 17:54:40 +00:00
dependabot[bot]
31c2febd45
build(deps): bump jdx/mise-action from 3.5.1 to 3.6.1
...
Bumps [jdx/mise-action](https://github.com/jdx/mise-action ) from 3.5.1 to 3.6.1.
- [Release notes](https://github.com/jdx/mise-action/releases )
- [Changelog](https://github.com/jdx/mise-action/blob/main/CHANGELOG.md )
- [Commits](146a281750...6d1e696aa2support@github.com >
2026-01-30 17:54:34 +00:00
dependabot[bot]
e68a556b8d
build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](330a01c490...b7c566a772support@github.com >
2026-01-30 17:54:27 +00:00
dependabot[bot]
583d38be01
build(deps): bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4
...
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus ) from 1.9.3 to 1.9.4.
- [Release notes](https://github.com/sirupsen/logrus/releases )
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4 )
---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
dependency-version: 1.9.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-01-30 07:31:36 +00:00
Jean-Philippe Evrard
1f7961dc47
Merge pull request #1248 from kubereboot/dependabot/github_actions/jdx/mise-action-3.4.0
2026-01-30 08:30:16 +01:00
Jean-Philippe Evrard
efedb85f53
Merge pull request #1255 from kubereboot/dependabot/github_actions/step-security/harden-runner-2.13.2
2026-01-30 08:29:15 +01:00
Jean-Philippe Evrard
35b7a2d9c6
Merge pull request #1256 from kubereboot/dependabot/github_actions/docker/setup-qemu-action-3.7.0
2026-01-30 08:28:24 +01:00
Jean-Philippe Evrard
a387ec5d91
Merge pull request #1266 from kubereboot/dependabot/go_modules/github.com/prometheus/common-0.67.5
2026-01-30 08:27:52 +01:00
Jean-Philippe Evrard
530d030285
Merge pull request #1275 from kubereboot/dependabot/docker/alpine-3.23.3
2026-01-30 08:26:33 +01:00
dependabot[bot]
605d025509
build(deps): bump alpine from 3.22.2 to 3.23.3
...
Bumps alpine from 3.22.2 to 3.23.3.
---
updated-dependencies:
- dependency-name: alpine
dependency-version: 3.23.3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-01-28 17:52:50 +00:00
Jean-Philippe Evrard
779a332867
Merge pull request #1272 from kubereboot/prepare-release-1.21.0
...
chore: update release
2026-01-22 18:58:22 +01:00
Jean-Philippe Evrard
c966c3370b
chore: update release
...
Signed-off-by: Jean-Philippe Evrard <open-source@a.spamming.party >
2026-01-22 18:42:18 +01:00
