chore(deps): update ghcr.io/fluxcd/flux-manifests docker tag to v2.8.8 #7

Open

renovate-bot wants to merge 1 commit from renovate/ghcr.io-fluxcd-flux-manifests-2.x into main

pull from: renovate/ghcr.io-fluxcd-flux-manifests-2.x

merge into: public:main

public:main

public:renovate/docker.io-linuxserver-jellyfin-10.x

public:renovate/ghcr.io-esphome-esphome-2026.x

public:renovate/ghcr.io-mealie-recipes-mealie-3.x

public:renovate/ghcr.io-gramps-project-grampsweb-26.x

public:renovate/kube-prometheus-stack-85.x

public:renovate/crossplane-2.x

public:renovate/docker.io-renovate-renovate-43.x

public:renovate/docker.io-linuxserver-homeassistant-2026.x

public:renovate/authentik-2026.x

public:renovate/minecraft-5.x

public:renovate/traefik-40.x

public:renovate/minecraft-proxy-3.x

public:renovate/mc-router-1.x

public:renovate/external-secrets-2.x

public:renovate/ghcr.io-valkey-io-valkey-9.x

public:renovate/ghcr.io-0xerr0r-blocky-0.x

public:renovate/docker.io-valkey-valkey-9.x

public:renovate/docker.io-linuxserver-qbittorrent-5.x

public:renovate/docker.io-codercom-code-server-4.x

public:renovate/rabbitmq-operator-2.x

public:renovate/metallb-0.x

public:renovate/velero-velero-plugin-for-aws-1.x

public:renovate/cilium-1.x

public:renovate/ghcr.io-rabbitmq-messaging-topology-operator-1.x

public:renovate/docker.io-koenkk-zigbee2mqtt-2.x

public:renovate/docker.io-klutchell-unbound-1.x

public:renovate/docker.io-actualbudget-actual-server-26.x

public:renovate/messaging-topology-operator-1.x

public:renovate/fluxcd-flux2-2.x

public:renovate/reflector-10.x

public:renovate/kube-prometheus-stack-84.x

public:renovate/crowdsec-0.x

public:renovate/cloudnative-pg-0.x

public:renovate/alpine-3.x

public:renovate/ghcr.io-immich-app-postgres-18.x

public:renovate/docker.io-linuxserver-qbittorrent-20.x

public:renovate/ghcr.io-recyclarr-recyclarr-8.x

public:renovate/ghcr.io-linuxserver-unifi-network-application-10.x

public:renovate/docker.io-nixos-nix-2.x

public:renovate/docker.io-library-alpine-3.x

public:renovate/ghcr.io-ferretdb-ferretdb-1.x

Conversation 0 Commits 1 Files changed 1 +1 -1

renovate-bot commented 2026-05-21 20:01:41 +00:00

Member

Copy link

This PR contains the following updates:

Package	Update	Change
ghcr.io/fluxcd/flux-manifests	patch	v2.8.6 → v2.8.8

---

⚠️ Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

fluxcd/flux2 (ghcr.io/fluxcd/flux-manifests)

v2.8.8

Compare Source

Highlights

Flux v2.8.8 is a patch release that includes CVE fixes via go-git v5.19.1 (source-controller, image-automation-controller), reliability fixes in helm-controller and source-controller, the move of Helm back to upstream v4.2.0, support for GCP sovereign cloud artifact registries, and dependency updates. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Add a configurable HTTP timeout for artifact fetching, preventing fetches that could block indefinitely and stall reconciliations (helm-controller)
• Fix unbounded memory growth caused by a Kubernetes client transport retry wrapper accumulating on every reconcile (helm-controller)
• Stop force-applying non-CRD objects placed under a chart's crds/ directory (helm-controller)
• Fix the Helm test action failing to find releases with names longer than 53 characters (helm-controller)
• Improve path handling in the source reconcilers (source-controller)
• Support Helm semver build-metadata encoding in OCIRepository tags (source-controller)

Improvements:

• Update go-git to v5.19.1 which fixes CVE-2026-45571 and CVE-2026-45570 (source-controller, image-automation-controller)
• Move Helm back to upstream v4.2.0 (source-controller, helm-controller)
• Add support for GCP sovereign cloud artifact registries (source-controller, image-reflector-controller)
• Upgrade Kubernetes to 1.36.1 (source-controller, helm-controller)
• Update fluxcd/pkg dependencies

Components changelog

• helm-controller v1.5.5
• image-automation-controller v1.1.4
• image-reflector-controller v1.1.2
• source-controller v1.8.5

CLI changelog

• Update toolkit components by @​fluxcdbot in #​5904

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8

v2.8.7

Compare Source

Highlights

Flux v2.8.7 is a patch release that includes a bug fix in kustomize-controller, a CVE fix in source-controller and image-automation-controller via go-git v5.19.0, and dependency updates. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Fix management of objects annotated with kustomize.toolkit.fluxcd.io/ssa: IfNotPresent where non-namespaced resources were being deleted and recreated on each reconciliation (kustomize-controller)

Improvements:

• Update go-git to v5.19.0 which fixes CVE-2026-45022 (source-controller, image-automation-controller)
• Update fluxcd/pkg dependencies (source-controller, kustomize-controller, image-automation-controller)

Components changelog

• helm-controller v1.5.4
• image-automation-controller v1.1.3
• kustomize-controller v1.8.5
• notification-controller v1.8.4
• source-controller v1.8.4

CLI changelog

• Update toolkit components by @​fluxcdbot in #​5891

Full Changelog: https://github.com/fluxcd/flux2/compare/v2.8.6...v2.8.7

---

Configuration

📅 Schedule: (in timezone America/Toronto)

• Branch creation
  • "after 19:00 on friday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/fluxcd/flux-manifests](https://github.com/fluxcd/flux2) | patch | `v2.8.6` → `v2.8.8` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/1) for more information. --- ### Release Notes <details> <summary>fluxcd/flux2 (ghcr.io/fluxcd/flux-manifests)</summary> ### [`v2.8.8`](https://github.com/fluxcd/flux2/releases/tag/v2.8.8) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8) #### Highlights Flux v2.8.8 is a patch release that includes CVE fixes via go-git v5.19.1 (source-controller, image-automation-controller), reliability fixes in helm-controller and source-controller, the move of Helm back to upstream v4.2.0, support for GCP sovereign cloud artifact registries, and dependency updates. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Add a configurable HTTP timeout for artifact fetching, preventing fetches that could block indefinitely and stall reconciliations (helm-controller) - Fix unbounded memory growth caused by a Kubernetes client transport retry wrapper accumulating on every reconcile (helm-controller) - Stop force-applying non-CRD objects placed under a chart's `crds/` directory (helm-controller) - Fix the Helm test action failing to find releases with names longer than 53 characters (helm-controller) - Improve path handling in the source reconcilers (source-controller) - Support Helm semver build-metadata encoding in OCIRepository tags (source-controller) Improvements: - Update go-git to v5.19.1 which fixes [CVE-2026-45571](https://github.com/advisories/GHSA-crhj-59gh-8x96) and [CVE-2026-45570](https://github.com/advisories/GHSA-m7cr-m3pv-hgrp) (source-controller, image-automation-controller) - Move Helm back to upstream v4.2.0 (source-controller, helm-controller) - Add support for GCP sovereign cloud artifact registries (source-controller, image-reflector-controller) - Upgrade Kubernetes to 1.36.1 (source-controller, helm-controller) - Update fluxcd/pkg dependencies #### Components changelog - helm-controller [v1.5.5](https://github.com/fluxcd/helm-controller/blob/v1.5.5/CHANGELOG.md) - image-automation-controller [v1.1.4](https://github.com/fluxcd/image-automation-controller/blob/v1.1.4/CHANGELOG.md) - image-reflector-controller [v1.1.2](https://github.com/fluxcd/image-reflector-controller/blob/v1.1.2/CHANGELOG.md) - source-controller [v1.8.5](https://github.com/fluxcd/source-controller/blob/v1.8.5/CHANGELOG.md) #### CLI changelog - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5904](https://github.com/fluxcd/flux2/pull/5904) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.8.7...v2.8.8> ### [`v2.8.7`](https://github.com/fluxcd/flux2/releases/tag/v2.8.7) [Compare Source](https://github.com/fluxcd/flux2/compare/v2.8.6...v2.8.7) #### Highlights Flux v2.8.7 is a patch release that includes a bug fix in kustomize-controller, a CVE fix in source-controller and image-automation-controller via go-git v5.19.0, and dependency updates. Users are encouraged to upgrade for the best experience. ℹ️ Please follow the [Upgrade Procedure for Flux v2.7+](https://github.com/fluxcd/flux2/discussions/5572) for a smooth upgrade from Flux v2.6 to the latest version. Fixes: - Fix management of objects annotated with `kustomize.toolkit.fluxcd.io/ssa: IfNotPresent` where non-namespaced resources were being deleted and recreated on each reconciliation (kustomize-controller) Improvements: - Update go-git to v5.19.0 which fixes [CVE-2026-45022](https://github.com/advisories/GHSA-389r-gv7p-r3rp) (source-controller, image-automation-controller) - Update fluxcd/pkg dependencies (source-controller, kustomize-controller, image-automation-controller) #### Components changelog - helm-controller [v1.5.4](https://github.com/fluxcd/helm-controller/blob/v1.5.4/CHANGELOG.md) - image-automation-controller [v1.1.3](https://github.com/fluxcd/image-automation-controller/blob/v1.1.3/CHANGELOG.md) - kustomize-controller [v1.8.5](https://github.com/fluxcd/kustomize-controller/blob/v1.8.5/CHANGELOG.md) - notification-controller [v1.8.4](https://github.com/fluxcd/notification-controller/blob/v1.8.4/CHANGELOG.md) - source-controller [v1.8.4](https://github.com/fluxcd/source-controller/blob/v1.8.4/CHANGELOG.md) #### CLI changelog - Update toolkit components by [@&#8203;fluxcdbot](https://github.com/fluxcdbot) in [#&#8203;5891](https://github.com/fluxcd/flux2/pull/5891) **Full Changelog**: <https://github.com/fluxcd/flux2/compare/v2.8.6...v2.8.7> </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Toronto) - Branch creation - "after 19:00 on friday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE5MC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

renovate-bot added 1 commit 2026-05-21 20:01:41 +00:00

chore(deps): update ghcr.io/fluxcd/flux-manifests docker tag to v2.8.8 f45a775258

This pull request can be merged automatically.

This branch is out-of-date with the base branch

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/ghcr.io-fluxcd-flux-manifests-2.x:renovate/ghcr.io-fluxcd-flux-manifests-2.x

git switch renovate/ghcr.io-fluxcd-flux-manifests-2.x

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main

git merge --no-ff renovate/ghcr.io-fluxcd-flux-manifests-2.x

git switch renovate/ghcr.io-fluxcd-flux-manifests-2.x

git rebase main

git switch main

git merge --ff-only renovate/ghcr.io-fluxcd-flux-manifests-2.x

git switch renovate/ghcr.io-fluxcd-flux-manifests-2.x

git rebase main

git switch main

git merge --no-ff renovate/ghcr.io-fluxcd-flux-manifests-2.x

git switch main

git merge --squash renovate/ghcr.io-fluxcd-flux-manifests-2.x

git switch main

git merge --ff-only renovate/ghcr.io-fluxcd-flux-manifests-2.x

git switch main

git merge renovate/ghcr.io-fluxcd-flux-manifests-2.x

git push origin main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

public/ops.emnt.dev!7

No description provided.