Skip to content

build(deps): bump the security group across 1 directory with 10 updates #3225

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

build(deps): bump the security group across 1 directory with 10 updates #3225

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 20, 2025
edited
Loading

Bumps the security group with 8 updates in the / directory:

Package From To
github.com/vmware-tanzu/velero 1.17.0 1.17.1
helm.sh/helm/v3 3.19.0 3.19.2
k8s.io/api 0.34.1 0.34.2
k8s.io/apiextensions-apiserver 0.34.1 0.34.2
k8s.io/cli-runtime 0.34.1 0.34.2
k8s.io/component-helpers 0.34.1 0.34.2
k8s.io/kubectl 0.34.1 0.34.2
sigs.k8s.io/controller-runtime 0.22.3 0.22.4

Updates github.com/vmware-tanzu/velero from 1.17.0 to 1.17.1

Release notes

Sourced from github.com/vmware-tanzu/velero's releases.

v1.17.1

Download

https://github.com/vmware-tanzu/velero/releases/tag/v1.17.1

Container Image

velero/velero:v1.17.1

Documentation

https://velero.io/docs/v1.17/

Upgrading

https://velero.io/docs/v1.17/upgrade-to-1.17/

All Changes

v1.17.1-rc.1

v1.17.1

Download

https://github.com/vmware-tanzu/velero/releases/tag/v1.17.1-rc.1

Container Image

velero/velero:v1.17.1-rc.1

Documentation

https://velero.io/docs/v1.17/

Upgrading

https://velero.io/docs/v1.17/upgrade-to-1.17/

All Changes

... (truncated)

Commits
  • 94f6463 Merge pull request #9385 from Lyndon-Li/release-1.17
  • bf0f30d 1.17.1 changelog
  • d89ab43 Merge pull request #9378 from vmware-tanzu/1.17_e2e_fix
  • 8704b4d Add Windows support for release dev branch.
  • 4ce4a48 Merge pull request #9376 from Lyndon-Li/release-1.17
  • ec7fe10 issue 9365: prevent multiple update of PVR
  • 3ae7183 Merge pull request #9371 from blackpiglet/1.17.1_bump
  • bd4c53d Bump base image and Golang version for v1.17.1
  • 988bfa5 Merge pull request #9341 from Lyndon-Li/release-1.17
  • 71ad893 issue 9332: make bytesDone correct for incremental backup
  • Additional commits viewable in compare view

Updates helm.sh/helm/v3 from 3.19.0 to 3.19.2

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.19.2 is a patch release. It is a rebuild of the v3.19.1 release with no code changes.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.19.2. The common platform binaries are here:

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.19.3 and 4.0.1 are the next patch releases and will be on December 10, 2025
  • 3.20.0 and 4.1.0 is the next minor releases and will be on January 21, 2026

Changelog

  • [backport] fix: get-helm-3 script use helm3-latest-version 8766e718a0119851f10ddbe4577593a45fadf544 (George Jenkins)

Helm v3.19.1 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.19.1. The common platform binaries are here:

... (truncated)

Commits
  • 8766e71 [backport] fix: get-helm-3 script use helm3-latest-version
  • 4f953c2 chore(deps): bump github.com/containerd/containerd from 1.7.28 to 1.7.29
  • 6801f4d jsonschema: warn and ignore unresolved URN $ref to match v3.18.4
  • 2f619be Avoid "panic: interface conversion: interface {} is nil"
  • 8112d47 Fix helm pull untar dir check with repo urls
  • 5dff7ce Fix deprecation warning
  • 2dad4d2 chore(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10
  • a833710 Add timeout flag to repo add and update flags
  • 3f5d2e2 Merge pull request #31407 from dirkmueller/release-3.19
  • 2e12c81 chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.43.0
  • See full diff in compare view

Updates k8s.io/api from 0.34.1 to 0.34.2

Commits

Updates k8s.io/apiextensions-apiserver from 0.34.1 to 0.34.2

Commits

Updates k8s.io/apimachinery from 0.34.1 to 0.34.2

Commits

Updates k8s.io/cli-runtime from 0.34.1 to 0.34.2

Commits

Updates k8s.io/client-go from 0.34.1 to 0.34.2

Commits
  • 54601aa Update dependencies to v0.34.2 tag
  • 1bb1ad2 Merge pull request #134589liggitt/automated-cherry-pick-of-#134588
  • 2505205 Remove invalid SAN certificate construction
  • 7ffba0f Merge pull request #134004DerekFrank/automated-cherry-pick-of-#133573
  • 145cb8f gofmt and review feedback
  • ddcdc12 fix: Update unit test to catch actual nil Labels case and fix functionality t...
  • See full diff in compare view

Updates k8s.io/component-helpers from 0.34.1 to 0.34.2

Commits

Updates k8s.io/kubectl from 0.34.1 to 0.34.2

Commits
  • f38518e Update dependencies to v0.34.2 tag
  • fea1142 Merge pull request #134912rikatz/automated-cherry-pick-of-#134833
  • 5687721 Return error in case of discovery client failure
  • See full diff in compare view

Updates sigs.k8s.io/controller-runtime from 0.22.3 to 0.22.4

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.22.4

What's Changed

Full Changelog: kubernetes-sigs/controller-runtime@v0.22.3...v0.22.4

Commits
  • 7a1b16d Merge pull request #3378 from k8s-infra-cherrypick-robot/cherry-pick-3376-to-...
  • 539c94f cache: Allow fine-granular configuration of SyncPeriod
  • 8be8410 Merge pull request #3377 from k8s-infra-cherrypick-robot/cherry-pick-3372-to-...
  • 3f86a10 envtest: respect pre-configured binary paths in ControlPlane
  • 64152a0 Merge pull request #3371 from alvaroaleman/cp-fix
  • b3eff6d priority queue: properly sync the waiter manipulation
  • 88269f3 Merge pull request #3357 from k8s-infra-cherrypick-robot/cherry-pick-3353-to-...
  • c7df7c9 add namespace for test with namespace_client
  • 04b5a29 Merge pull request #3352 from k8s-infra-cherrypick-robot/cherry-pick-3351-to-...
  • f5a9781 update List in namespaced client
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the security group across 1 directory with 10 updates
d832d93 
Bumps the security group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/vmware-tanzu/velero](https://github.com/vmware-tanzu/velero) | `1.17.0` | `1.17.1` |
| [helm.sh/helm/v3](https://github.com/helm/helm) | `3.19.0` | `3.19.2` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.34.1` | `0.34.2` |
| [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) | `0.34.1` | `0.34.2` |
| [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) | `0.34.1` | `0.34.2` |
| [k8s.io/component-helpers](https://github.com/kubernetes/component-helpers) | `0.34.1` | `0.34.2` |
| [k8s.io/kubectl](https://github.com/kubernetes/kubectl) | `0.34.1` | `0.34.2` |
| [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) | `0.22.3` | `0.22.4` |



Updates `github.com/vmware-tanzu/velero` from 1.17.0 to 1.17.1
- [Release notes](https://github.com/vmware-tanzu/velero/releases)
- [Changelog](https://github.com/vmware-tanzu/velero/blob/main/CHANGELOG.md)
- [Commits](vmware-tanzu/velero@v1.17.0...v1.17.1)

Updates `helm.sh/helm/v3` from 3.19.0 to 3.19.2
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.19.0...v3.19.2)

Updates `k8s.io/api` from 0.34.1 to 0.34.2
- [Commits](kubernetes/api@v0.34.1...v0.34.2)

Updates `k8s.io/apiextensions-apiserver` from 0.34.1 to 0.34.2
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](kubernetes/apiextensions-apiserver@v0.34.1...v0.34.2)

Updates `k8s.io/apimachinery` from 0.34.1 to 0.34.2
- [Commits](kubernetes/apimachinery@v0.34.1...v0.34.2)

Updates `k8s.io/cli-runtime` from 0.34.1 to 0.34.2
- [Commits](kubernetes/cli-runtime@v0.34.1...v0.34.2)

Updates `k8s.io/client-go` from 0.34.1 to 0.34.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.34.1...v0.34.2)

Updates `k8s.io/component-helpers` from 0.34.1 to 0.34.2
- [Commits](kubernetes/component-helpers@v0.34.1...v0.34.2)

Updates `k8s.io/kubectl` from 0.34.1 to 0.34.2
- [Commits](kubernetes/kubectl@v0.34.1...v0.34.2)

Updates `sigs.k8s.io/controller-runtime` from 0.22.3 to 0.22.4
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](kubernetes-sigs/controller-runtime@v0.22.3...v0.22.4)

---
updated-dependencies:
- dependency-name: github.com/vmware-tanzu/velero
  dependency-version: 1.17.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.19.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/api
  dependency-version: 0.34.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-version: 0.34.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.34.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/cli-runtime
  dependency-version: 0.34.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/client-go
  dependency-version: 0.34.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/component-helpers
  dependency-version: 0.34.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: k8s.io/kubectl
  dependency-version: 0.34.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-version: 0.22.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: security
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 22, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Nov 22, 2025
@dependabot dependabot bot deleted the dependabot/go_modules/security-275dd6dcda branch November 22, 2025 19:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies go type::chore

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant