Update all dependencies#25
Open
missingcharacter wants to merge 1 commit into
Open
Conversation
missingcharacter
force-pushed
the
renovate/all
branch
from
18f65e8 to
54cb891
Compare
missingcharacter
force-pushed
the
renovate/all
branch
from
54cb891 to
fd64586
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v6→v79.5.1→9.6.04.2.1→4.2.224.16.0→24.17.03.246.0→3.247.03.13.14→3.14.61.3.9→1.15.60.11.21→0.11.22Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
actions/checkout (actions/checkout)
v7.0.0Compare Source
v7Compare Source
gradle/gradle (gradle)
v9.6.0Compare Source
helm/helm (helm)
v4.2.2: Helm v4.2.2Compare Source
Helm v4.2.2 is a patch release. Users are encouraged to upgrade for the best experience.
The community keeps growing, and we'd love to see you there!
Notable Changes
Installation and Upgrading
Download Helm v4.2.2. The common platform binaries are here:
This release was signed by @gjenkins8 with key BF88 8333 D96A 1C18 E268 2AAE D79D 67C9 EC01 6739, which can be found at https://keys.openpgp.org/vks/v1/by-fingerprint/BF888333D96A1C18E2682AAED79D67C9EC016739. Please use the attached signatures for verifying this release using gpg.
The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with
bash.What's Next
Changelog
b05881c(George Jenkins)Full Changelog: helm/helm@v4.2.1...v4.2.2
nodejs/node (node)
v24.17.0: 2026-06-18, Version 24.17.0 'Krypton' (LTS), @aduh95Compare Source
This is a security release.
Notable Changes
Commits
9e4dfc7bba] - (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) nodejs-private/node-private#878cb2aed980c] - deps: update llhttp to 9.4.2 (Antoine du Hamel) nodejs-private/node-private#890a8a0d12875] - (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 (Tim Perry) #6289166e6203c1c] - (SEMVER-MAJOR) deps: update nghttp2 to 1.69.0 (Node.js GitHub Bot) #62891dd627ced27] - deps: update archs files for openssl-3.5.7 (Node.js GitHub Bot) #63820684bae568f] - deps: upgrade openssl sources to openssl-3.5.7 (Node.js GitHub Bot) #638203a631e7f83] - deps: fix aix implicit declaration in OpenSSL (Abdirahim Musse) #62656cf44df3996] - deps: update undici to 7.28.0 (Node.js GitHub Bot) #63703138c70294b] - (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) nodejs-private/node-private#868be7e719c3f] - (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) nodejs-private/node-private#846cc7c11b4d1] - (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) nodejs-private/node-private#8559224427b92] - (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) nodejs-private/node-private#867cf85d54839] - (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) nodejs-private/node-private#873a1bbc24f96] - (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) nodejs-private/node-private#870e3723ff2d6] - test: add session reuse host verification regressions (Matteo Collina) nodejs-private/node-private#854a77af4867b] - (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) nodejs-private/node-private#85431beb4f707] - (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) nodejs-private/node-private#8578e75c73f91] - (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) nodejs-private/node-private#869pulumi/pulumi (pulumi)
v3.247.0Compare Source
Bug Fixes
pulumi logoutclears the current tokenless backend in coding agent environments #23540Improvements
Features
pulumi config setto avoid stripping newlines when input is piped through stdin #23593Bug Fixes
Features
--providerflag to pull provider config to use from existing provider state #23560--disable-integrationsflag topulumi neothat runs the task with no integration credentials #23531Bug Fixes
Miscellaneous
pulumi plugin runcommand by including it in the generated CLI docs #23559Improvements
Features
Improvements
Features
Improvements
plugin.Hostinterface is now stateless with respect to workspaces; host methods that boot or resolve plugins take aplugin.Contextcarrying the workspace state, and closing aplugin.Contextno longer closes a host that was passed in to its constructor #23508Features
Bug Fixes
pulumi package addfailing with pnpm when the generated SDK has a scoped package name (@-prefix), caused by pnpm'spkg setrejecting@in dot-notation property paths #23365Improvements
Features
Output.recoverto catch and recover from exceptions in outputs #23591Improvements
Features
{{% ref <target> %}}to reference other schema components in markdown descriptions. Such as `{{% ref #21369Miscellaneous
Features
credentials.jsoncarries an OAuth refresh token, the CLI now auto-refreshes the access token on 401 and retries the request once, instead of returning a "login required" error #23430Bug Fixes
python/cpython (python)
v3.14.6Compare Source
v3.14.5Compare Source
v3.14.4Compare Source
v3.14.3Compare Source
v3.14.2Compare Source
v3.14.1Compare Source
v3.14.0Compare Source
hashicorp/terraform (terraform)
v1.15.6Compare Source
1.15.6 (June 10, 2026)
BUG FIXES:
Fixed an issue where resources being removed from state via
removedblock were incorrectly listed underplanned_valuesin json representations of the plan file. (#38665)console: Fixed a panic caused by evaluating an expression involving deprecated values (#38676)
Fix exit code for plan, query, and refresh commands for variable-related errors (#38685)
Fix two module installation edge cases with
nulland sensitive/ephemeral module sources (#38704)v1.15.5Compare Source
1.15.5 (May 27, 2026)
ENHANCEMENTS:
null(in the context of dynamic module sources) (#38632)BUG FIXES:
initfor modules with empty source (#38628)v1.15.4Compare Source
1.15.4 (May 20, 2026)
NEW FEATURES:
BUG FIXES:
v1.15.3Compare Source
1.15.3 (May 13, 2026)
BUG FIXES:
stacks: Fixed a bug that prevented migrating resources under multiple layers of module nesting with implicit provider configuration. (#38528)
cloud backend will now forward -generate-config-out flag usage to query create request (#38539)
Fix crash during provider installation when there is no config (#38560)
v1.15.2Compare Source
1.15.2 (May 6, 2026)
ENHANCEMENTS:
BUG FIXES:
v1.15.1Compare Source
1.15.1 (May 1, 2026)
BUG FIXES:
Fixed crash when configuration has an invalid
action_triggernested block indataorephemerallifecycle blocks (#38402)validate: Removed validation of attributes inside
backendblocks due to incompatibility with workflows using the-backend-configflag. (#38466)Fix non-const variable checks on
init(#38470)Avoid warnings in 'terraform output -raw' (#38487)
Ignore undeclared variable values from the cloud backend (#38490)
Fix panic for types modules with no expanded instances (#38491)
Fixed "unknown provider function" errors occurring during init (#38472)
init: Fixed a bug that impacted use of provider pre-releases during init (#38496)
v1.15.0Compare Source
1.15.0 (April 29, 2026)
NEW FEATURES:
We now produce builds for Windows ARM64 (#32719)
You can set a
deprecatedattribute on variable and output blocks to indicate that they are deprecated. This will produce warnings when passing in a value for a deprecated variable or when referencing a deprecated output. (#38001)backend/s3: Support authentication via
aws login(#37976)validate: The validate command now checks the
backendblock. This ensures the backend type exists, that all required attributes are present, and that the backend's own validation logic passes. (#38021)convertfunction, which allows for precise inline type conversions (#38160)Terraform now supports variables and locals in module source and version attributes (#38217)
ENHANCEMENTS:
config:
outputblocks now can have an explicit type constraints (#36411)ssh-based provisioner (file + remote-exec): Re-enable support for PowerShell (#37794)
terraform init log timestamps include millisecond precision (#37818)
init: skip dependencies declared in development override. This allows you to use
terraform initwith developer overrides and install dependencies that are not declared in the override file. (#37884)Terraform Test: Allow functions within mock blocks (#34672)
improve detection of deprecated resource attributes / blocks (#38077)
Deprecation messages providers set on resources / blocks / attributes are now part of the deprecation warning (#38135)
Include which attribute paths are marked as sensitive in list_start JSON logs (#38197)
Add input variable validation for Stacks (#38240)
When comparing a container value to null, only top level marks are now considered for the result. (#38270)
As part of supporting variables in module sources, most commands now accept variable values (#38276)
BUG FIXES:
testing: File-level error diagnostics are now included in JUnit XML skipped test elements, ensuring CI/CD pipelines can detect validation failures (#37801)
A refresh-only plan could result in a non-zero exit code with no changes (#37406)
cli: Fixed crash in
terraform show -jsonwhen plan contains ephemeral resources with preconditions or postconditions (#37834)cli: Fixed
terraform init -jsonto properly format all backend configuration messages as JSON instead of plain text (#37911)state show: Thestate showcommand will now explicitly fail and return code 1 when it fails to render the named resources state (#37933)apply: Terraform will raise an explicit error if a plan file intended for one workspace is applied against another workspace (#37954)
lifecycle:
replace_triggered_bynow reports an error when given an invalid attribute reference that does not exist in the target resource (#36740)backend: Fix nil pointer dereference crash during
terraform initwhen the destination backend returns an error (#38027)stacks: send progress events if the plan fails for better UI integration (#38039)
stacks: component instances should report no-op plan/apply. This solves a UI inconsistency with convergence destroy plans (#38049)
backend/http: Return conflicting lock info from HTTP backend instead of the lock that failed to be taken (#38144)
states: fixed a bug that caused Terraform to be unable to identify when two states had different output values. This may have caused issues in specific circumstances like backend migrations. (#38181)
cloud: terraform cloud and registry discovery network requests are now more resilient, making temporary network or service related errors less common (#38064)
Enable formatting of
.tfquery.hclfiles byterraform fmt(#38398)Fix
validatenot returning JSON for some early diagnostics (#38400)Fix Terraform Stacks plugin installation error (#38406)
NOTES:
initializing_provider_plugin_message). The change should not have any end-user impact aside from theinitcommand output. (#38227)UPGRADE NOTES:
AWS_USE_FIPS_ENDPOINTandAWS_USE_DUALSTACK_ENDPOINTenvironment variables now only respecttrueorfalsevalues, aligning with the AWS SDK for Go. This replaces the previous behavior which treated any non-empty value astrue. (#37601)Previous Releases
For information on prior major and minor releases, refer to their changelogs:
v1.14.9Compare Source
1.14.9 (April 20, 2026)
BUG FIXES:
v1.14.8Compare Source
1.14.8 (March 25, 2026)
BUG FIXES:
v1.14.7Compare Source
1.14.7 (March 11, 2026)
NOTES:
v1.14.6Compare Source
1.14.6 (February 25, 2026)
BUG FIXES:
v1.14.5Compare Source
1.14.5 (February 11, 2026)
BUG FIXES:
v1.14.4Compare Source
1.14.4 (January 28, 2026)
BUG FIXES:
backend: Fix nil pointer dereference crash during
terraform initwhen the destination backend returns an error (#38027)Fixes an issue where any warning diagnostics generated during terraform query execution failed to render in the cloud backend session (#38040)
actions in modules without instances failed the plan graph (#38089)
v1.14.3Compare Source
1.14.3 (December 17, 2025)
BUG FIXES:
v1.14.2Compare Source
1.14.2 (December 11, 2025)
ENHANCEMENTS:
BUG FIXES:
stacks: surface runtime issues with local values to user during plan (#37980)
resource instance apply failures should not cause the resource instance state to be empty. (#37981)
v1.14.1Compare Source
1.14.1 (December 3, 2025)
BUG FIXES:
test: allow ephemeral outputs in root modules (#37813)
Combinations of replace_triggered_by and -replace could result in some instances not being replaced (#37833)
providers lock: include providers required by terraform test (#37851)
Set state information in the proto request for the
GenerateResourceConfigRPC (#37896)actions: make after_create & after_update actions run after the resource has applied (#37936)
v1.14.0Compare Source
1.14.0 (November 19, 2025)
NEW FEATURES:
List Resources: List resources can be defined in
*.tfquery.hclfiles and allow querying and filterting existing infrastructure.A new Terraform command
terraform query: Executes list operations against existing infrastructure and displays the results. The command can optionally generate configuration for importing results into Terraform.A new GenerateResourceConfiguration RPC allows providers to create more precise configuration values during import. (#37515)
New top-level Actions block: Actions are provider defined and meant to codify use cases outside the normal CRUD model in your Terraform configuration. Providers can define Actions like
aws_lambda_invokeoraws_cloudfront_create_invalidationthat do something imparative outside of Terraforms normal CRUD model. You can configure such a side-effect with an action block and have actions triggered through the lifecycle of a resource or through passing the-invokeCLI flag. (#37553)ENHANCEMENTS:
terraform test: expected diagnostics will be included in test output when running in verbose mode" (#37362)
terraform test: ignore prevent_destroy attribute during when cleaning up tests" (#37364)
terraform stackscommand support for-helpflag (#37645)query: support offline validation of query files via -query flag in the validate command (#37671)
Updates to support the AWS European Sovereign Cloud (#37721)
BUG FIXES:
Retrieve all workspace variables while doing a
terraform import, include variables inherited from variable sets but not overwritten by the workspace. (#37241)Fix OSS backend proxy support by adding a proxy layer for OSS backend operations. Resolves #36897. (#36897)
console and test: return explicit diagnostics when referencing resources that were not included in the most recent operation. (#37663)
query: generate unique resource identifiers for results of expanded list resources (#37681)
The CLI now summarizes the number of actions invoked during
terraform apply, matching the plan output. (#37689)Allow filesystem functions to return inconsistent results when evaluated within provider configuration (#37854)
query: improve error handling for missing identity schemas (#37863)
UPGRADE NOTES:
The parallelism of Terraform operations within container runtimes may be reduced depending on the CPU bandwidth limit setting. (#37436)
Building Terraform 1.14 requires macOS Monterey or later (due to being built on Go 1.25 which imposes these requirements) (#37436)
Previous Releases
For information on prior major and minor releases, refer to their changelogs:
v1.13.5Compare Source
1.13.5 (November 5, 2025)
BUG FIXES:
impure functions could cause templatefile to incorrectly fail consistency checks (#37807)
Allow filesystem functions to return inconsistent results when evaluated within provider configuration (#37854)
v1.13.4Compare Source
1.13.4 (October 15, 2025)
BUG FIXES:
v1.13.3Compare Source
1.13.3 (September 17, 2025)
BUG FIXES:
v1.13.2Compare Source
1.13.2 (September 10, 2025)
BUG FIXES:
test: Fix the order of execution of cleanup nodes (#37546)
apply: hide sensitive inputs when values have changed between plan and apply (#37582)
v1.13.1Compare Source
1.13.1 (August 27, 2025)
BUG FIXES:
Fix regression that caused
terraform testwith zero tests to return a non-zero exit code. (#37477)terraform test: prevent panic when resolving incomplete references (#37484)
v1.13.0Compare Source
1.13.0 (August 20, 2025)
NEW FEATURES:
terraform stacksexposes some stack operations through the cli. Useterraform stacks -usageto see available commands. (#36931)ENHANCEMENTS:
Filesystem functions are now checked for consistent results to catch invalid data during apply (#37001)
Allow successful init when provider constraint matches at least one valid version (#37137)
Performance fix for evaluating high cardinality resources (#37154)
TF Test: Allow parallel execution of teardown operations (#37169)
terraform test: Test authors can now specify definitions for external variables that are referenced within test files directly within the test file itself. (#37195)terraform test: File-level variable blocks can now reference run outputs and other variables." (#37205)skip redundant comparisons when comparing planned set changes (#37280)
type checking: improve error message on type mismatches. (#37298)
BUG FIXES:
Added a missing warning diagnostic that alerts users when child module contains an ignored
cloudblock. (#37180)Nested module outputs could lose sensitivity, even when marked as such in the configuration (#37212)
workspace: Updated validation to reject workspaces named "" (#37267)
workspace: Updated the
workspace deletecommand to reject""as an invalid workspace name (#37275)plan: truncate invalid or dynamic references in the relevant attributes (#37290)
Test run Parallelism of 1 should not result in deadlock (#37292)
static validation: detect invalid static references via indexes on objects. (#37298)
Fixes resource identity being dropped from state in certain cases (#37396)
NOTES:
terraform rpcapiis now generally available. It is not intended for public consumption, but exposes certain Terraform operations through an RPC interface compatible with go-plugin. (#37067)UPGRADE NOTES:
terraform test: External variables referenced within test files should now be accompanied by avariabledefinition block within the test file. This is optional, but users with complex external variables may see error diagnostics without the additional variable definition. (#37195)Previous Releases
For information on prior major and minor releases, refer to their changelogs:
v1.12.2Compare Source
1.12.2 (June 11, 2025)
BUG FIXES:
v1.12.1Compare Source
1.12.1 (May 21, 2025)
BUG FIXES:
Include resource identity in import apply UI output (#37044)
Fix regression during provider installation by reverting back to not sending HEAD requests. (#36998)
Avoid crash on test failure in comparison in function call (#37071)
v1.12.0Compare Source
1.12.0 (May 14, 2025)
NEW FEATURES:
ENHANCEMENTS:
Terraform Test command now accepts a -parallelism=n option, which sets the number of parallel operations in a test run's plan/apply operation. (#34237)
Logical binary operators can now short-circuit (#36224)
Terraform Test: Runs can now be annotated for possible parallel execution. (#34180)
Allow terraform init when tests are present but no configuration files are directly inside the current directory (#35040)
Terraform Test: Continue subsequent test execution when an expected failure is not encountered. (#34969)
Produce detailed diagnostic objects when test run assertions fail ([#34428](https://redirect.github.com/hashicorp/ter
Configuration
📅 Schedule: (UTC)
* 0-3 * * *)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate.