Skip to content

Bump github.com/fluxcd/source-controller/api from 1.8.5 to 1.9.0#280

Merged
bigkevmcd merged 1 commit into
mainfrom
dependabot/go_modules/github.com/fluxcd/source-controller/api-1.9.0
Jun 23, 2026
Merged

Bump github.com/fluxcd/source-controller/api from 1.8.5 to 1.9.0#280
bigkevmcd merged 1 commit into
mainfrom
dependabot/go_modules/github.com/fluxcd/source-controller/api-1.9.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/fluxcd/source-controller/api from 1.8.5 to 1.9.0.

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.9.0

Changelog

v1.9.0 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.9.0
  • ghcr.io/fluxcd/source-controller:v1.9.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.9.0

Release date: 2026-06-17

This minor release comes with new authentication and verification features for the source APIs, along with various improvements, fixes and dependency updates.

GitRepository

The GitRepository controller now supports AWS CodeCommit as a Git provider, allowing authentication to CodeCommit repositories.

Git commit and tag verification now supports SSH signatures in addition to OpenPGP, so commits and tags signed with SSH keys can be verified via .spec.verify.

OCIRepository

The OCIRepository controller now supports configuring a custom Sigstore trusted root for keyless signature verification, via a Secret referenced in the verification configuration.

OCI artifacts are now resolved and stored strictly by their content digest.

Fixes:

  • cosign: fix v3 bundle verify on http and private CA registries and pass TLS to Rekor #2061
  • Close OCI blob reader and wrap errors consistently across controllers #2066
  • Remove unimplemented field from HelmChart CRD #2080

Improvements:

  • AWS CodeCommit support #2035
  • Add git commit/tag SSH signature verification #2077
  • Add custom Sigstore trusted root support #2003
  • Ensure OCI artifacts are handled strictly by digest #2075
  • build: target host architecture for local builds and envtest #2076
  • Various dependency updates #2067 #2071 #2072 #2073 #2078

... (truncated)

Commits
  • 57734ac Merge pull request #2082 from fluxcd/release-v1.9.0
  • 565d3f0 Release v1.9.0
  • 63e7ba2 Add changelog entry for v1.9.0
  • 16e724e Merge pull request #2081 from fluxcd/update-pkg-deps/main
  • e3d8a3f Fix tests for lazy artifact registry credentials
  • d00344a Update fluxcd/pkg dependencies
  • 54f9f98 Merge pull request #2080 from fluxcd/fix-hc-trusted-root
  • 1ecb593 fix: remove unimplemented field from HelmChart CRD
  • bed4f74 Merge pull request #2079 from fluxcd/update-pkg-deps/main
  • 9ab0968 Update fluxcd/pkg dependencies
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/fluxcd/source-controller/api](https://github.com/fluxcd/source-controller) from 1.8.5 to 1.9.0.
- [Release notes](https://github.com/fluxcd/source-controller/releases)
- [Changelog](https://github.com/fluxcd/source-controller/blob/main/CHANGELOG.md)
- [Commits](fluxcd/source-controller@v1.8.5...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/fluxcd/source-controller/api
  dependency-version: 1.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 22, 2026
@bigkevmcd bigkevmcd merged commit 0ce7625 into main Jun 23, 2026
1 check passed
@dependabot dependabot Bot deleted the dependabot/go_modules/github.com/fluxcd/source-controller/api-1.9.0 branch June 23, 2026 06:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant