Skip to content

chore(deps): update makefile dependencies (minor)#1285

Merged
ibakshay merged 1 commit intomainfrom
renovate/makefile-dependencies
Jan 5, 2026
Merged

chore(deps): update makefile dependencies (minor)#1285
ibakshay merged 1 commit intomainfrom
renovate/makefile-dependencies

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 19, 2025
edited
Loading

This PR contains the following updates:

Package Update Change
cloudflare/pint minor 0.74.60.78.0
helm/helm minor 3.18.63.19.4
kubernetes-sigs/kustomize minor 5.7.15.8.0
mikefarah/yq minor v4.47.1v4.50.1

Release Notes

cloudflare/pint (cloudflare/pint)

v0.78.0

Compare Source

Fixed

v0.77.1

Compare Source

Fixed
  • Fixed a panic when parsing incomplete rules using relaxed mode.

v0.77.0

Compare Source

Added

  • The promql/impossible check will now warn about aggregations and
    and binary operations that try to operate on labels that are already removed in the query.
    Example:

    - record: foo
  expr: sum(foo) / on(cluster) sum(bar)

    The above tries to join two series on the cluster label, but sum(...) already removed labels
    from the results on both side, so there will be no such label on join on.

  • The promql/impossible check will now warn about label joins
    using group_left(...) and group_right(...) that are not possible or not used in any way.

Fixed
  • For queries using binary expressions between two vectors Prometheus will remove the metric name
    from resulting series, pint will now also apply the same logic when checking queries.

v0.76.1

Compare Source

Fixed
  • CI comments would sometimes print the problematic query fragment twice.

v0.76.0

Compare Source

Added
  • Added support for toDuration and now template functions added in Prometheus v3.6.
Fixed
  • Some checks would fail to run queries against Prometheus servers if the query had comments in it.

v0.75.0

Compare Source

Added

v0.74.8

Compare Source

Fixed
  • Fixed incorrect suggestions from query/cost for function calls with different arguments.

v0.74.7

Compare Source

Fixed
  • Fixed a bug in GitLab integration causing problems fail to create comments when they are reported on deleted lines.
  • Fixed incorrect suggestions from query/cost for rules joining on multiple metrics.
helm/helm (helm/helm)

v3.19.4: Helm v3.19.4

Compare Source

Helm v3.19.4 is a security fix for a Go CVE in the previous tag. This patch release rebuilds the Helm v3.19.3 release with the latest Go toolchain, to fix the Go CVE. Users are encouraged to upgrade.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.19.4. The common platform binaries are here:

This release was signed with 208D D36E D5BB 3745 A167 43A4 C7C6 FBB5 B91C 1155 and can be found at @​scottrigby keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.19.5 and 4.0.4 are the next patch releases and will be on January 14, 2026
  • 3.20.0 and 4.1.0 is the next minor releases and will be on January 21, 2026

Changelog

  • Use latest patch release of Go in releases 7cfb6e4 (Matt Farina)
  • chore(deps): bump github.com/gofrs/flock from 0.12.1 to 0.13.0 59c951f (dependabot[bot])
  • chore(deps): bump github.com/cyphar/filepath-securejoin d45f3f1 (dependabot[bot])
  • chore(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 d459544 (dependabot[bot])
  • chore(deps): bump golang.org/x/term from 0.36.0 to 0.37.0 becd387 (dependabot[bot])
  • chore(deps): bump the k8s-io group with 7 updates edb1579 (dependabot[bot])

v3.19.3: Helm v3.19.3

Compare Source

Helm v3.19.3 is a patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.19.3. The common platform binaries are here:

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.20.0 and 4.1.0 is the next minor releases and will be on January 21, 2026

Changelog

  • Bump golang.org/x/crypto to v0.45.0 0707f56 (Dirk Müller)
  • [backport] fix: get-helm-3 script use helm3-latest-version 8766e71 (George Jenkins)

v3.19.2: Helm v3.19.2

Compare Source

Helm v3.19.2 is a patch release. It is a rebuild of the v3.19.1 release with no code changes.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.19.2. The common platform binaries are here:

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.19.3 and 4.0.1 are the next patch releases and will be on December 10, 2025
  • 3.20.0 and 4.1.0 is the next minor releases and will be on January 21, 2026

Changelog

  • [backport] fix: get-helm-3 script use helm3-latest-version 8766e71 (George Jenkins)

v3.19.1: Helm v3.19.1

Compare Source

Helm v3.19.1 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.19.1. The common platform binaries are here:

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 4.0.0 is the next major release and will be on November 12, 2025
  • 3.19.2 and 4.0.01 are the next patch releases and will be on December 10, 2025
  • 3.20.0 and 4.1.0 is the next minor releases and will be on January 21, 2026

Changelog

  • chore(deps): bump github.com/containerd/containerd from 1.7.28 to 1.7.29 4f953c2 (dependabot[bot])
  • jsonschema: warn and ignore unresolved URN $ref to match v3.18.4 6801f4d (Benoit Tigeot)
  • Avoid "panic: interface conversion: interface {} is nil" 2f619be (Benoit Tigeot)
  • Fix helm pull untar dir check with repo urls 8112d47 (Luna Stadler)
  • Fix deprecation warning 5dff7ce (Benoit Tigeot)
  • chore(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10 2dad4d2 (dependabot[bot])
  • Add timeout flag to repo add and update flags a833710 (Reinhard Nägele)
  • chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.43.0 2e12c81 (Dirk Müller)

v3.19.0: Helm v3.19.0

Compare Source

Helm v3.19.0 is a feature release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

  • Fixed a helm pull regression from 3.18 - error pulling OCI charts with --password #​31230
  • Fixed a helm lint regression from Helm 3.18 - rejected JSON Schema $ref URLs that worked in 3.17.x #​31166
  • Fixed go mod tidy #​31154
  • Fixed k8s version parsing not matching original #​31091
  • Fixed charts failing when using a redirect registry #​31087
  • Fixed missing debug logging for OCI transport
  • Fixed broken legacy docker support for login #​30941
  • Fixed bugs from the move to ORAS v2
  • Fixed processing all hook deletions on failure #​30673
  • Feature for helm create added httproute from gateway-api to create chart template #​30658

Installation and Upgrading

Download Helm v3.19.0. The common platform binaries are here:

This release was signed with 208D D36E D5BB 3745 A167 43A4 C7C6 FBB5 B91C 1155 and can be found at @​scottrigby keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.19.1 will contain only bug fixes.
  • 3.20.0 is the next feature release.

Changelog

  • bump version to v3.19.0 3d8990f (Scott Rigby)
  • fix: use username and password if provided 9a54bf1 (Evans Mungai)
  • chore(deps): bump the k8s-io group with 7 updates 5af0f68 (dependabot[bot])
  • chore(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 e485606 (dependabot[bot])
  • chore(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 6355c3d (dependabot[bot])
  • chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 ec61f66 (dependabot[bot])
  • fix(helm-lint): fmt b278020 (Isaiah Lewis)
  • fix(helm-lint): Add TLSClientConfig d33ac5e (Isaiah Lewis)
  • fix(helm-lint): Add HTTP/HTTPS URL support for json schema references 8543709 (Isaiah Lewis)
  • chore(deps): bump the k8s-io group with 7 updates 89a3f90 (dependabot[bot])
  • fix: go mod tidy for v3 da4c583 (Terry Howe)
  • chore(deps): bump golang.org/x/crypto from 0.40.0 to 0.41.0 e40b1b3 (dependabot[bot])
  • chore(deps): bump golang.org/x/term from 0.33.0 to 0.34.0 a27e9db (dependabot[bot])
  • fix Chart.yaml handling f13afaa (Matt Farina)
  • Handle messy index files 039b0b1 (Matt Farina)
  • chore(deps): bump github.com/containerd/containerd from 1.7.27 to 1.7.28 bec98a9 (dependabot[bot])
  • json schema fix 6d9509a (Robert Sirchia)
  • fix: k8s version parsing to match original 807225e (Borys Hulii)
  • chore(deps): bump sigs.k8s.io/yaml from 1.5.0 to 1.6.0 cbbd569 (dependabot[bot])
  • Do not explicitly set SNI in HTTPGetter 5e8ff72 (Terry Howe)
  • chore(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 5b5fb5b (dependabot[bot])
  • chore(deps): bump the k8s-io group with 7 updates d12538a (dependabot[bot])
  • chore(deps): bump golang.org/x/crypto from 0.39.0 to 0.40.0 303f803 (dependabot[bot])
  • chore(deps): bump golang.org/x/term from 0.32.0 to 0.33.0 abcc2ed (dependabot[bot])
  • chore(deps): bump golang.org/x/text from 0.26.0 to 0.27.0 521c67b (dependabot[bot])
  • Disabling linter due to unknown issue 227c9cb (Matt Farina)
  • Updating link handling 4389fa6 (Matt Farina)
  • Bump github.com/Masterminds/semver/v3 from 3.3.0 to 3.3.1 372e403 (dependabot[bot])
  • build(deps): bump the k8s-io group with 7 updates 4fa5a64 (dependabot[bot])
  • build(deps): bump sigs.k8s.io/yaml from 1.4.0 to 1.5.0 6284ed8 (dependabot[bot])
  • fix: user username password for login 2c55a4e (Terry Howe)
  • Update pkg/registry/transport.go a16e986 (Terry Howe)
  • Update pkg/registry/transport.go cea26d8 (Terry Howe)
  • fix: add debug logging to oci transport b52bb41 (Terry Howe)
  • build(deps): bump golang.org/x/crypto from 0.38.0 to 0.39.0 45075cf (dependabot[bot])
  • build(deps): bump golang.org/x/text from 0.25.0 to 0.26.0 73a7826 (dependabot[bot])
  • fix: legacy docker support broken for login 733f94c (Terry Howe)
  • fix: plugin installer test with no Internet fc36041 (Terry Howe)
  • Handle an empty registry config file. cfe8cef (Matt Farina)
  • Prevent fetching newReference again as we have in calling method c33215d (Benoit Tigeot)
  • Prevent failure when resolving version tags in oras memory store f552b67 (Benoit Tigeot)
  • fix(client): skipnode utilization for PreCopy a18a52e (Brandt Keller)
  • test: Skip instead of returning early. looks more intentional fedf502 (Jesse Simpson)
  • test: tests repo stripping functionality fe512ba (Jesse Simpson)
  • test: include tests for Login based on different protocol prefixes 099a9e1 (Jesse Simpson)
  • fix(client): layers now returns manifest - remove duplicate from descriptors b07ab77 (Brandt Keller)
  • fix(client): return nil on non-allowed media types c225c12 (Brandt Keller)
  • Fix 3.18.0 regression: registry login with scheme c0f3ace (Scott Rigby)
  • Update pkg/plugin/plugin.go dce60ad (Benoit Tigeot)
  • Update pkg/plugin/plugin.go cda0865 (Benoit Tigeot)
  • Wait for Helm v4 before raising when platformCommand and Command are set 5d9d9a0 (Benoit Tigeot)
  • Revert "fix (helm) : toToml` renders int as float [ backport to v3 ]" c5249c1 (Matt Farina)
  • build(deps): bump the k8s-io group with 7 updates 5b0520d (dependabot[bot])
  • chore: update generalization warning message afefca8 (Feng Cao)
  • build(deps): bump oras.land/oras-go/v2 from 2.5.0 to 2.6.0 8d6d27c (dependabot[bot])
  • build(deps): bump the k8s-io group with 7 updates 502c0d5 (dependabot[bot])
  • build(deps): bump golang.org/x/crypto from 0.37.0 to 0.38.0 92be9ac (dependabot[bot])
  • fix: move warning to top of block eb5b6d5 (Feng Cao)
  • fix: govulncheck workflow 6b15f26 (Matthieu MOREL)
  • fix: replace fmt warning with slog 6b5c944 (Feng Cao)
  • fix: add warning when ignore repo flag 247bf7c (Feng Cao)
  • bump version to v3.18.0 9404459 (Robert Sirchia)
  • backport #​30673 to dev-v3 0a800e8 (Gerard Nguyen)
  • feat: add httproute from gateway-api to create chart template bd1b67b (Henrik Gerdes)

Full Changelog: helm/helm@v3.18.6...v3.19.0

kubernetes-sigs/kustomize (kubernetes-sigs/kustomize)

v5.8.0

Compare Source

Highlights

implements to replacements value in the structured data

Now, We can edit yaml/json in yaml manifests with replacements transformer.
See #​5679

For example
## source
apiVersion: v1
kind: ConfigMap
metadata:
  name: source-configmap
data:
  HOSTNAME: www.example.com
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: target-configmap
data:
  config.json: |-
    {"config": {
      "id": "42",
      "hostname": "REPLACE_TARGET_HOSTNAME"
    }}
## replacement
replacements:
- source:
    kind: ConfigMap
    name: source-configmap
    fieldPath: data.HOSTNAME
  targets:
  - select:
      kind: ConfigMap
      name: target-configmap
    fieldPaths:
    - data.config\.json.config.hostname
fix: Propagate Namespace correctly to Helm

The long-standing bug where kustomize's namespace transformer did not pass namespaces to helmCharts has been fixed.
See #​5940

For example
## define namespace
namespace: any-namespace

helmCharts:
- name: minecraft
  repo: https://kubernetes-charts.storage.googleapis.com
  version: v1.2.0
  # namespace: any-namespace   ## propagates without additional namespace specific
  valuesFile: values.yaml

Feature

#​5679: implements to replacements value in the structured data
#​5863: Add regex support for Replacement selectors
#​5930: feat: add PatchArgs API type to populate patch options

fix

#​5940: fix: Propagate Namespace correctly to Helm
#​5971: fix: performance recession when propagating namespace to helm
#​5942: fix fnplugin storagemounts validation
#​5958: fix: make AbsorbAll conflict error more verbose
#​5961: refactor: nested format string
#​5967: Fix infinite loop in HTTP client by validating URLs before requests
#​5985: fix(kyaml/yaml): minor nil safety fix for RNode.Content etc
#​5991: Fix duplicate key error when adding multiple labels with --without-selector

Dependencies

#​5962: chore: update dependencies from security alert
#​5959: update go 1.24.6

chore

#​6007: Update kyaml to v0.21.0
#​6008: Update cmd/config to v0.21.0
#​6009: Update api to v0.21.0

mikefarah/yq (mikefarah/yq)

v4.50.1: - HCL!

Compare Source

  • Added HCL Support - First cut - hopefully it works well! (#​1844)
  • Fixing handling of CRLF #​2352
  • Bumped dependencies

v4.49.2

Compare Source

v4.49.1: - Security Flags and TOML fixes

Compare Source

  • Added --security flags to disable env and file ops #​2515
    • Fixing TOML ArrayTable parsing issues #​1758
    • Fixing parsing of escaped characters #​2506

v4.48.2

Compare Source

v4.48.1: - First and Parents Operators

Compare Source

  • Added 'parents' operator, to return a list of all the hierarchical parents of a node
    • Added 'first(exp)' operator, to return the first entry matching an expression in an array
    • Fixed xml namespace prefixes #​1730 (thanks @​baodrate)
    • Fixed out of range panic in yaml decoder #​2460 (thanks @​n471d)
    • Bumped dependencies

v4.47.2

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested review from a team as code owners November 19, 2025 13:51
@renovate renovate bot force-pushed the renovate/makefile-dependencies branch 2 times, most recently from e26d15c to 66cd411 Compare November 25, 2025 01:52
@renovate renovate bot force-pushed the renovate/makefile-dependencies branch from 66cd411 to aac96d0 Compare December 1, 2025 18:38
@renovate renovate bot force-pushed the renovate/makefile-dependencies branch 3 times, most recently from cdf1b01 to 8213221 Compare December 13, 2025 00:39
@renovate renovate bot force-pushed the renovate/makefile-dependencies branch from 8213221 to 9d58eeb Compare December 14, 2025 08:46
@ibakshay ibakshay merged commit 581e335 into main Jan 5, 2026
7 checks passed
@ibakshay ibakshay deleted the renovate/makefile-dependencies branch January 5, 2026 13:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ibakshay ibakshay ibakshay approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ibakshay