build(deps): bump the actions group across 1 directory with 4 updates

[dependabot]

Bumps the actions group with 4 updates in the / directory: azure/setup-helm, sigstore/cosign-installer, fluxcd/flux2 and azure/setup-kubectl.

Updates azure/setup-helm from 4 to 5

Release notes

Sourced from azure/setup-helm's releases.

v5.0.0

Changed

• #259 Update Node.js runtime from node20 to node24
• #263 Bump undici
• #257 Bump undici and @​actions/http-client
• #256 Bump minimatch
• #248 Bump the actions group with 2 updates
• #247 Bump the actions group with 3 updates
• #246 Bump @​types/node from 25.0.2 to 25.0.3 in the actions group
• #245 Bump the actions group with 3 updates
• #243 Bump the actions group with 2 updates
• #240 Bump prettier from 3.6.2 to 3.7.3 in the actions group
• #229 Bump the actions group across 1 directory with 3 updates
• #231 Bump js-yaml from 3.14.1 to 3.14.2
• #234 Bump glob from 10.4.5 to 10.5.0
• #225 Fix build error
• #222 Bump @​types/node from 24.7.2 to 24.8.1 in the actions group
• #220 Bump the actions group across 1 directory with 4 updates
• #216 Bump the actions group across 1 directory with 4 updates
• #213 Bump the actions group with 2 updates
• #211 Bump undici
• #212 Bump jest from 30.0.5 to 30.1.2 in the actions group
• #210 Bump @​types/node from 24.2.1 to 24.3.0 in the actions group

v4.3.1

Changed

• #167 Pinning Action Dependencies for Security and Reliability
• #181 Fix types, and update node version.
• #191 chore(tests): Mock arch to make tests pass on arm host
• #192 chore: remove unnecessary prebuild script
• #203 Update helm version retrieval to use JSON output for latest version
• #207 ci(workflows): update helm version to v3.18.4 and add matrix for tests

Added

• #197 Add pre-commit hook

v4.3.0

• #152 feat: log when restoring from cache
• #157 Dependencies Update
• #137 Add dependabot

v4.2.0

• #124 Fix OS detection and download OS-native archive extension

v4.1.0

• #130 switches to use Helm published file to read latest version instead of using GitHub releases

Changelog

Sourced from azure/setup-helm's changelog.

[4.3.0] - 2025-02-15

• #152 feat: log when restoring from cache
• #157 Dependencies Update
• #137 Add dependabot

[4.2.0] - 2024-04-15

• #124 Fix OS detection and download OS-native archive extension

[4.1.0] - 2024-03-01

• #130 switches to use Helm published file to read latest version instead of using GitHub releases

[4.0.0] - 2024-02-12

• #121 update to node20 as node16 is deprecated

Commits

• dda3372 build
• 3894c84 chore(release): v5.0.0 (#265)
• ca66f38 Update Node.js runtime from node20 to node24 (#259)
• 316ed5a Bump undici (#263)
• bc9bc0c Bump undici and @​actions/http-client (#257)
• 16e3094 Bump minimatch (#256)
• 6e42753 Bump actions/stale in /.github/workflows in the actions group (#255)
• 9651d9d Bump actions/checkout in /.github/workflows in the actions group (#251)
• 658bff9 Bump the actions group with 2 updates (#248)
• 331c814 Bump the actions group with 3 updates (#247)
• Additional commits viewable in compare view

Updates sigstore/cosign-installer from 4.0.0 to 4.1.1

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.1.1

What's Changed

• chore: update default cosign-release to v3.0.5 in sigstore/cosign-installer#223

Full Changelog: sigstore/cosign-installer@v4.1.0...v4.1.1

v4.1.0

What's Changed

We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing with: cosign-release and strongly discourage using cosign-release unless you have a specific reason to use an older version of Cosign.

• Bump cosign to 3.0.5 in sigstore/cosign-installer#220
• fix: add retry to curl downloads for transient network failures in sigstore/cosign-installer#210

Full Changelog: sigstore/cosign-installer@v4.0.0...v4.1.0

Commits

• cad07c2 chore: update default cosign-release to v3.0.5 (#223)
• ba7bc0a fix: add retry to curl downloads for transient network failures (#210)
• 5a292e1 Bump cosign to 3.0.5 (#220)
• 351ea76 Bump actions/checkout from 6.0.1 to 6.0.2 (#217)
• c17565f test with go 1.26 too (#221)
• a6fdd19 Bump actions/setup-go from 6.1.0 to 6.3.0 (#218)
• 430b6a7 docs: fix registry from gcr.io to ghcr.io (#213)
• 4d14d7f feat: update to v3.0.3 (#212)
• f148005 fix: use env vars for template expansions; show curl errors (#207)
• c3f2d79 Bump actions/checkout from 6.0.0 to 6.0.1 (#208)
• Additional commits viewable in compare view

Updates fluxcd/flux2 from 2.8.1 to 2.8.3

Release notes

Sourced from fluxcd/flux2's releases.

v2.8.3

Highlights

Flux v2.8.3 is a patch release that fixes a regression in helm-controller. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Fix templating errors for charts that include --- in the content, e.g. YAML separators, embedded scripts, CAs inside ConfigMaps (helm-controller)

Components changelog

• helm-controller v1.5.3

CLI changelog

• [release/v2.8.x] Add target branch name to update branch by @​fluxcdbot in fluxcd/flux2#5774
• Update toolkit components by @​fluxcdbot in fluxcd/flux2#5779

Full Changelog: fluxcd/flux2@v2.8.2...v2.8.3

v2.8.2

Highlights

Flux v2.8.2 is a patch release that comes with various fixes. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Fix enqueuing new reconciliation requests for events on source Flux objects when they are already reconciling the revision present in the watch event (kustomize-controller, helm-controller)
• Fix the Go templates bug of YAML separator --- getting concatenated to apiVersion: by updating to Helm 4.1.3 (helm-controller)
• Fix canceled HelmReleases getting stuck when they don't have a retry strategy configured by introducing a new feature gate DefaultToRetryOnFailure that improves the experience when the CancelHealthCheckOnNewRevision is enabled (helm-controller)
• Fix the auth scope for Azure Container Registry to use the ACR-specific scope (source-controller, image-reflector-controller)
• Fix potential Denial of Service (DoS) during TLS handshakes (CVE-2026-27138) by building all controllers with Go 1.26.1

Components changelog

• source-controller v1.8.1
• kustomize-controller v1.8.2
• notification-controller v1.8.2
• helm-controller v1.5.2
• image-reflector-controller v1.1.1
• image-automation-controller v1.1.1
• source-watcher v2.1.1

CLI changelog

... (truncated)

Commits

• 871be9b Merge pull request #5779 from fluxcd/update-components-release/v2.8.x
• f7a1689 Update toolkit components
• bf67d77 Merge pull request #5774 from fluxcd/backport-5773-to-release/v2.8.x
• 5cb2208 Add target branch name to update branch
• bfa461e Merge pull request #5771 from fluxcd/update-pkg-deps/release/v2.8.x
• f11a921 Update fluxcd/pkg dependencies
• b248efa Merge pull request #5770 from fluxcd/backport-5769-to-release/v2.8.x
• 4d5e044 Update toolkit components
• 3c8917c Merge pull request #5767 from fluxcd/update-pkg-deps/release/v2.8.x
• c1f11bc Update fluxcd/pkg dependencies
• Additional commits viewable in compare view

Updates azure/setup-kubectl from 4 to 5

Release notes

Sourced from azure/setup-kubectl's releases.

v5.0.0

Changed

• #233 Update Node.js runtime from node20 to node24
• #228 Replace cdn.dl.k8s.io with dl.k8s.io
• #219 Remove download redirects, use cdn.dl.k8s.io domain
• #190 Update stableVersionUrl to dl.k8s.io
• #235 Bump undici from 6.23.0 to 6.24.1
• #226 Bump undici and @​actions/http-client
• #230 Bump minimatch

Added

• #172 Enhance version handling: auto-resolve kubectl major.minor to latest patch
• #171 Add husky precommit check

v4.0.1

• Remove erronious 'v' prefix on previous changelog for v4.0.0 that led to "vv4.0.0" tag issue
• Dependabot fixes

Changelog

Sourced from azure/setup-kubectl's changelog.

[5.0.0] - 2026-03-25

Changed

• #233 Update Node.js runtime from node20 to node24
• #228 Replace cdn.dl.k8s.io with dl.k8s.io
• #219 Remove download redirects, use cdn.dl.k8s.io domain
• #190 Update stableVersionUrl to dl.k8s.io
• #235 Bump undici from 6.23.0 to 6.24.1
• #226 Bump undici and @​actions/http-client
• #230 Bump minimatch

Added

• #172 Enhance version handling: auto-resolve kubectl major.minor to latest patch
• #171 Add husky precommit check

[4.0.1] - 2025-06-17

• Remove erronious 'v' prefix on previous changelog for v4.0.0 that led to "vv4.0.0" tag issue
• Dependabot fixes

[4.0.0] - 2024-01-30

Changed

• #90 Migrate to node 20 as node 16 is deprecated

Commits

• 15650b3 build
• c8baf13 release: v5.0.0 — node24 upgrade and dependency updates (#240)
• 5934a11 Bump github/codeql-action in /.github/workflows in the actions group (#237)
• 06dc4a8 Bump undici from 6.23.0 to 6.24.1 (#235)
• 2e986c3 Bump the actions group in /.github/workflows with 2 updates (#232)
• 1dbc167 Update Node version from 20 to 24 in action.yml (#233)
• 6c09a72 Bump minimatch (#230)
• a7f5116 Bump the actions group across 1 directory with 2 updates (#229)
• ef7e8f9 Replace cdn.dl.k8s.io with dl.k8s.io (#227) (#228)
• 8fd7ec0 Bump undici and @​actions/http-client (#226)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[stefanprodan]

@dependabot rebase