Skip to content

🌱 Update Builder Image group #320

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

🌱 Update Builder Image group #320

wants to merge 1 commit into from

Conversation

@cluster-stack-bot
Copy link
Contributor

@cluster-stack-bot cluster-stack-bot bot commented Oct 1, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
docker.io/aquasec/trivy (source) stage minor 0.66.0 -> 0.67.2
docker.io/hadolint/hadolint stage minor v2.13.1-alpine -> v2.14.0-alpine
docker.io/library/alpine stage patch 3.22.1 -> 3.22.2
golangci/golangci-lint minor v2.4.0 -> v2.6.2
helm/helm major v3.19.0 -> v4.0.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

aquasecurity/trivy (docker.io/aquasec/trivy)

v0.67.2

Compare Source

Changelog

  • 60c57ad release: v0.67.2 [release/v0.67] (#​9639)
  • f3ee80c fix: Use fetch-level: 1 to check out trivy-repo in the release workflow [backport: release/v0.67] (#​9638)

v0.67.1

Compare Source

Changelog

  • cbed239 release: v0.67.1 [release/v0.67] (#​9614)
  • 1a84093 fix: restore compatibility for google.protobuf.Value [backport: release/v0.67] (#​9631)
  • 3bc1490 fix: using SrcVersion instead of Version for echo detector [backport: release/v0.67] (#​9629)
  • 542eee7 fix: add buildInfo for BlobInfo in rpc package [backport: release/v0.67] (#​9615)
  • f65dd05 fix(vex): don't use reused BOM [backport: release/v0.67] (#​9612)

v0.67.0

Compare Source

Features
Bug Fixes
  • aws: use BuildableClient insead of xhttp.Client (#​9436) (fa6f1bf)
  • close file descriptors and pipes on error paths (#​9536) (a4cbd6a)
  • db: Dowload database when missing but metadata still exists (#​9393) (92ebc7e)
  • k8s: disable parallel traversal with fs cache for k8s images (#​9534) (c0c7a6b)
  • misconf: handle tofu files in module detection (#​9486) (bfd2f6b)
  • misconf: strip build metadata suffixes from image history (#​9498) (c938806)
  • misconf: unmark cty values before access (#​9495) (8e40d27)
  • misconf: wrap legacy ENV values in quotes to preserve spaces (#​9497) (267a970)
  • nodejs: parse workspaces as objects for package-lock.json files (#​9518) (404abb3)
  • nodejs: use snapshot string as Package.ID for pnpm packages (#​9330) (4517e8c)
  • vex: don't suppress vulns for packages with infinity loop (#​9465) (78f0d4a)
  • vuln: compare nuget package names in lower case (#​9456) (1ff9ac7)
hadolint/hadolint (docker.io/hadolint/hadolint)

v2.14.0

Compare Source

What's Changed

New Contributors

Full Changelog: hadolint/hadolint@v2.13.1...v2.14.0

golangci/golangci-lint (golangci/golangci-lint)

v2.6.2

Compare Source

Released on 2025-11-14

  1. Bug fixes
    • fmt command with symlinks
    • use file depending on build configuration to invalidate cache
  2. Linters bug fixes
    • testableexamples: from 1.0.0 to 1.0.1
    • testpackage: from 1.1.1 to 1.1.2

v2.6.1

Compare Source

Released on 2025-11-04

  1. Linters bug fixes
    • copyloopvar: from 1.2.1 to 1.2.2
    • go-critic: from 0.14.0 to 0.14.2

v2.6.0

Compare Source

Released on 2025-10-29

  1. New linters
    • Add modernize analyzer suite
  2. Linters new features or changes
    • arangolint: from 0.2.0 to 0.3.1
    • dupword: from 0.1.6 to 0.1.7 (new option comments-only)
    • go-critic: from 0.13.0 to 0.14.0 (new rules/checkers: zeroByteRepeat, dupOption)
    • gofumpt: from 0.9.1 to 0.9.2 ("clothe" naked returns is now controlled by the extra-rules option)
    • perfsprint: from 0.9.1 to 0.10.0 (new options: concat-loop, loop-other-ops)
    • wsl: from 5.2.0 to 5.3.0
  3. Linters bug fixes
    • dupword: from 0.1.6 to 0.1.7
    • durationcheck: from 0.0.10 to 0.0.11
    • exptostd: from 0.4.4 to 0.4.5
    • fatcontext: from 0.8.1 to 0.9.0
    • forbidigo: from 2.1.0 to 2.3.0
    • ginkgolinter: from 0.21.0 to 0.21.2
    • godoc-lint: from 0.10.0 to 0.10.1
    • gomoddirectives: from 0.7.0 to 0.7.1
    • gosec: from 2.22.8 to 2.22.10
    • makezero: from 2.0.1 to 2.1.0
    • nilerr: from 0.1.1 to 0.1.2
    • paralleltest: from 1.0.14 to 1.0.15
    • protogetter: from 0.3.16 to 0.3.17
    • unparam: from 0df0534 to 5beb8c8
  4. Misc.
    • fix: ignore some files to hash the version for custom build

v2.5.0

Compare Source

Released on 2025-09-21

  1. New linters
  2. Linters new features or changes
    • embeddedstructfieldcheck: from 0.3.0 to 0.4.0 (new option: empty-line)
    • err113: from aea10b5 to 0.1.1 (skip internals of Is methods for error type)
    • ginkgolinter: from 0.20.0 to 0.21.0 (new option: force-tonot)
    • gofumpt: from 0.8.0 to 0.9.1 (new rule is to "clothe" naked returns for the sake of clarity)
    • ineffassign: from 0.1.0 to 0.2.0 (new option: check-escaping-errors)
    • musttag: from 0.13.1 to 0.14.0 (support interface methods)
    • revive: from 1.11.0 to 1.12.0 (new options: identical-ifelseif-branches, identical-ifelseif-conditions, identical-switch-branches, identical-switch-conditions, package-directory-mismatch, unsecure-url-scheme, use-waitgroup-go, useless-fallthrough)
    • thelper: from 0.6.3 to 0.7.1 (skip t.Helper in functions passed to synctest.Test)
    • wsl: from 5.1.1 to 5.2.0 (improvements related to subexpressions)
  3. Linters bug fixes
    • asciicheck: from 0.4.1 to 0.5.0
    • errname: from 1.1.0 to 1.1.1
    • fatcontext: from 0.8.0 to 0.8.1
    • go-printf-func-name: from 0.1.0 to 0.1.1
    • godot: from 1.5.1 to 1.5.4
    • gosec: from 2.22.7 to 2.22.8
    • nilerr: from 0.1.1 to a temporary fork
    • nilnil: from 1.1.0 to 1.1.1
    • protogetter: from 0.3.15 to 0.3.16
    • tagliatelle: from 0.7.1 to 0.7.2
    • testifylint: from 1.6.1 to 1.6.4
  4. Misc.
    • fix: "no export data" errors are now handled as a standard typecheck error
  5. Documentation
    • Improve nolint section about syntax
helm/helm (helm/helm)

v4.0.0: Helm v4.0.0

Compare Source

The Helm Team is proud to announce the first stable release of Helm 4.

New Features

Helm 4 has numerous new features, but a few deserve highlighting here:

  • Redesigned plugin system that supports Web Assembly based plugins
  • Post-renderers are now plugins
  • Server side apply is now supported
  • Improved resource watching, to support waiting, based on kstatus
  • Local Content-based caching (e.g. for charts)
  • Logging via slog enabling SDK logging to integrate with modern loggers
  • Reproducible builds of chart archives
  • Updated SDK API including support for multiple chart API versions (new experimental v3 chart API version coming soon)

For full release notes, please see: https://helm.sh/docs/overview/

Compatibility with Helm v3

Helm v4 is a major version with backward incompatible changes including to the flags and output of the Helm CLI and to the SDK.

Please evaluate the changes to your workflows. The changes are not as extensive as those from Helm v2 to v3, with the goal that the majority of workflows remain compatible between Helm v3 and v4.

Helm charts apiVersion v2 (majority of today's charts) will continue to be supported in Helm v4. Existing charts should continue to install, upgrade, and otherwise work. Please test the installation and upgrade of charts to ensure it works as expected. Changes (e.g., server side apply) may impact the experience.

Community

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v4.0.0. The common platform binaries are here:

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.19.3 and 4.0.1 are the next patch releases and will be on December 10, 2025
  • 3.20.0 and 4.1.0 is the next minor releases and will be on January 21, 2026

Thank You!

The Helm project has enjoyed code contributions from many community members. Many more community members have assisted by filing issues and working with us to identify and eliminate bugs while adding new features. The #helm-users slack channel has long been a friendly and open forum for getting help and learning more about Helm. We cannot thank you enough for making this a helpful, friendly, and welcoming community for all.

❤️ The Helm Team

v3.19.2: Helm v3.19.2

Compare Source

Helm v3.19.2 is a patch release. It is a rebuild of the v3.19.1 release with no code changes.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.19.2. The common platform binaries are here:

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.19.3 and 4.0.1 are the next patch releases and will be on December 10, 2025
  • 3.20.0 and 4.1.0 is the next minor releases and will be on January 21, 2026

Changelog

  • [backport] fix: get-helm-3 script use helm3-latest-version 8766e71 (George Jenkins)

v3.19.1: Helm v3.19.1

Compare Source

Helm v3.19.1 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.19.1. The common platform binaries are here:

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 4.0.0 is the next major release and will be on November 12, 2025
  • 3.19.2 and 4.0.01 are the next patch releases and will be on December 10, 2025
  • 3.20.0 and 4.1.0 is the next minor releases and will be on January 21, 2026

Changelog

  • chore(deps): bump github.com/containerd/containerd from 1.7.28 to 1.7.29 4f953c2 (dependabot[bot])
  • jsonschema: warn and ignore unresolved URN $ref to match v3.18.4 6801f4d (Benoit Tigeot)
  • Avoid "panic: interface conversion: interface {} is nil" 2f619be (Benoit Tigeot)
  • Fix helm pull untar dir check with repo urls 8112d47 (Luna Stadler)
  • Fix deprecation warning 5dff7ce (Benoit Tigeot)
  • chore(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10 2dad4d2 (dependabot[bot])
  • Add timeout flag to repo add and update flags a833710 (Reinhard Nägele)
  • chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.43.0 2e12c81 (Dirk Müller)

Configuration

📅 Schedule: Branch creation - "on the first day of the month" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch from dc76c4e to 68f6214 Compare October 9, 2025 11:22
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch 2 times, most recently from ea7f4bf to 480be26 Compare October 11, 2025 11:18
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch 2 times, most recently from bd2b24f to 0f3d518 Compare November 4, 2025 11:22
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch 2 times, most recently from c711262 to 0c695b1 Compare November 13, 2025 11:24
@cluster-stack-bot
🌱 Update Builder Image group
d8a3031 
| datasource  | package                     | from    | to      |
| ----------- | --------------------------- | ------- | ------- |
| docker      | docker.io/aquasec/trivy     | 0.66.0  | 0.67.2  |
| docker      | docker.io/hadolint/hadolint | v2.13.1 | v2.14.0 |
| docker      | docker.io/library/alpine    | 3.22.1  | 3.22.2  |
| github-tags | golangci/golangci-lint      | v2.4.0  | v2.6.2  |
| github-tags | helm/helm                   | v3.19.0 | v4.0.0  |
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch from 0c695b1 to d8a3031 Compare November 15, 2025 11:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

type/major type/minor type/patch update/container

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant