Bump the flux-deps group across 1 directory with 4 updates

[dependabot]

Bumps the flux-deps group with 3 updates in the / directory: github.com/fluxcd/pkg/http/fetch, github.com/fluxcd/pkg/runtime and github.com/fluxcd/source-controller/api.

Updates github.com/fluxcd/pkg/http/fetch from 0.10.0 to 0.11.0

Commits

• a5896a6 git/internal/e2e: update dependencies
• 00f6465 git/gogit: update dependencies
• acf35bd git: update dependencies
• eda77cf ssh: update dependencies
• 41b3167 Merge pull request #504 from fluxcd/misc-update-deps
• 9a579c9 ssa: update dependencies
• 5185f64 http/fetch: update dependencies
• 3caadb0 oci/tests: update dependencies
• 6f300e8 oci: update dependencies
• 527a993 Merge pull request #503 from fluxcd/kustomize-update-deps
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.45.0 to 0.47.1

Commits

• adcfcbe Merge pull request #769 from fluxcd/controller-runtime-v0.18.1
• 0e74a82 Update runtime pkg docs
• b329d92 Update dependencies to controller-runtime v0.18.1
• d0bf8ed Merge pull request #768 from fluxcd/dependabot/github_actions/ci-b93eff89fb
• 14f05d7 build(deps): bump actions/checkout from 4.1.3 to 4.1.4 in the ci group
• 3790516 Merge pull request #767 from fluxcd/up-internal-deps
• 37ea30c Update internal dependencies
• e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
• 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
• 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/tar from 0.6.0 to 0.7.0

Commits

• f70757d Merge pull request #408 from fluxcd/fix-e2e
• 5723219 build: Fix e2e tests broken after #402
• 286ec55 Merge pull request #402 from pjbgf/git-repository
• 1337974 git: Move repository options to git/repository
• 6db7f53 git: Move pkg/gitutil into pkg/git
• dccd499 git: Consolidate the use of ClientOption
• 4d71f21 git: Rename git.RepositoryClient to repository.Client
• aec27af Merge pull request #407 from fluxcd/update-internal-pkgs
• 8429132 Update internal dependencies
• 7741c5f Merge pull request #403 from pjbgf/update-deps
• Additional commits viewable in compare view

Updates github.com/fluxcd/source-controller/api from 1.2.4 to 1.3.0

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.3.0

Changelog

v1.3.0 changelog

Container images

• docker.io/fluxcd/source-controller:v1.3.0
• ghcr.io/fluxcd/source-controller:v1.3.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.5

Changelog

v1.2.5 changelog

Container images

• docker.io/fluxcd/source-controller:v1.2.5
• ghcr.io/fluxcd/source-controller:v1.2.5

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.3.0

Release date: 2024-05-03

This minor release promotes the Helm APIs to GA, and comes with new features, improvements and bug fixes.

HelmRepository

The HelmRepository API has been promoted from v1beta2 to v1 (GA). The v1 API is backwards compatible with v1beta2.

For HelmRepository of type oci, the .spec.insecure field allows connecting over HTTP to an insecure non-TLS container registry.

To upgrade from v1beta2, after deploying the new CRD and controller, set apiVersion: source.toolkit.fluxcd.io/v1 in the YAML files that contain HelmRepository definitions. Bumping the API version in manifests can be done gradually. It is advised not to delay this procedure as the beta versions will be removed after 6 months.

HelmChart

The HelmChart API have been promoted from v1beta2 to v1 (GA). The v1 API is backwards compatible with v1beta2, with the exception of the removal of the deprecated field .spec.valuesFile which was replaced with spec.valuesFiles.

The HelmChart API was extended with support for Notation signature verification of Helm OCI charts.

A new optional field .spec.ignoreMissingValuesFiles has been added, which allows the controller to ignore missing values files rather than failing to reconcile the HelmChart.

OCIRepository

The OCIRepository API was extended with support for Notation signature verification of OCI artifacts.

A new optional field .spec.ref.semverFilter has been added, which allows the controller to filter the tags based on regular expressions before applying the semver range. This allows picking the latest release candidate instead of the latest stable release.

In addition, the controller has been updated to Kubernetes v1.30.0, Helm v3.14.4, and various other dependencies to their latest version to patch upstream CVEs.

... (truncated)

Commits

• a80a99b Merge pull request #1472 from fluxcd/release-v1.3.0
• 70901f8 Release v1.3.0
• 05ab8b1 Add changelog entry for v1.3.0
• c9bf167 Merge pull request #1298 from fluxcd/phony-build
• cc3d495 ci: Print controller logs after e2e run
• 0bd5b95 Rename make target build to manager
• edccfe9 Merge pull request #1470 from fluxcd/dependabot/github_actions/ci-b23e0286c6
• 9ce2d61 build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 in the ci group
• 16eeeef Merge pull request #1469 from fluxcd/dependabot/go_modules/go-deps-4411c5bc33
• 8598b8d build(deps): bump google.golang.org/api
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.