Skip to content

chore(deps): update tools#552

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/tools
Open

chore(deps): update tools#552
renovate[bot] wants to merge 1 commit intomainfrom
renovate/tools

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Feb 17, 2026

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Update
github.com/anchore/syft v1.42.0v1.42.1 age adoption passing confidence patch
github.com/cli/cli/v2 v2.86.0v2.87.0 age adoption passing confidence minor
github.com/golangci/golangci-lint/v2 v2.9.0v2.10.1 age adoption passing confidence minor
rclone/rclone v1.73.0v1.73.1 age adoption passing confidence patch
vmware-tanzu/carvel-ytt v0.53.0v0.53.1 age adoption passing confidence patch

Release Notes

anchore/syft (github.com/anchore/syft)

v1.42.1

Compare Source

Bug Fixes
Additional Changes

(Full Changelog)

cli/cli (github.com/cli/cli/v2)

v2.87.0: GitHub CLI 2.87.0

Compare Source

gh workflow run immediately returns workflow run URL

One of our most requested features - with the latest changes in GitHub API, gh workflow run will immediately print the created workflow run URL.

Improved gh auth login experience in VM/WSL environments

We have observed rare cases of time drift between the wall and monotonic clocks, mostly in WSL or VM environments, causing failures during polling for the OAuth token. This new release implements measures to account for such situations.

If you continue to experience gh auth login issues in WSL, please comment in #​9370

:copilot: Request Copilot Code Review from gh + performance improvements

gh pr edit now supports Copilot Code Review as a reviewer. You can request a review from Copilot using the --add-reviewer @​copilot flag or interactively by selecting reviewers in the prompts.

This release also introduces a new search experience for selecting reviewers and assignees in gh pr edit. Instead of loading all collaborators and teams upfront, results are now fetched based on inputs to a new search option. Initial options are suggestions based on those involved with the pull request already.

? Reviewers  [Use arrows to move, space to select, <right> to all, <left> to none, type to filter]
  [ ]  Search (7472 more)
  [x]  BagToad (Kynan Ware)
> [x]  Copilot (AI)

This experience will follow in gh pr create and gh issue for assignees in a later release.

What's Changed

✨ Features
📚 Docs & Chores
:dependabot: Dependencies

New Contributors

Full Changelog: cli/cli@v2.86.0...v2.87.0

golangci/golangci-lint (github.com/golangci/golangci-lint/v2)

v2.10.1

Compare Source

Released on 2026-02-17

  1. Fixes
    • buildssa panic

v2.10.0

Compare Source

Released on 2026-02-17

  1. Linters new features or changes
    • ginkgolinter: from 0.22.0 to 0.23.0
    • gosec: from 2.22.11 to 2.23.0 (new rules: G117, G602, G701, G702, G703, G704, G705, G706)
    • staticcheck: from 0.6.1 to 0.7.0
  2. Linters bug fixes
    • godoclint: from 0.11.1 to 0.11.2
rclone/rclone (rclone/rclone)

v1.73.1: rclone v1.73.1

Compare Source

This is the v1.73.1 release of rclone.

Full details of the changes can be found in the changelog.

vmware-tanzu/carvel-ytt (vmware-tanzu/carvel-ytt)

v0.53.1

Compare Source

Installation and signature verification

Installation
By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/ytt/releases/download/v0.53.1/ytt-linux-amd64

# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/ytt

# Make the binary executable
chmod +x /usr/local/bin/ytt
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install ytt
$ ytt version  
Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/ytt/releases/download/v0.53.1/checksums.txt
curl -LO https://github.com/carvel-dev/ytt/releases/download/v0.53.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/ytt/releases/download/v0.53.1/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

  • Bump golang to 1.25.7 to fix CVEs in #​976 from @​CodesbyUnnati

Full Changelog: carvel-dev/ytt@v0.53.0...v0.53.1

📂 Files Checksum

2eaafe06d5e22203da2b74819685f9fd06ddc0a5cd38afc458821824990c78c0  ./ytt-darwin-arm64
36adcaa1f02681b0e7ceb73bda70ab11e3880588b51a188fd0318f6009bdeb36  ./ytt-windows-amd64.exe
5e479410a478385f6209624765e21c9880c07c6528ce6ed5e3dcca1e8b4a5677  ./ytt-linux-arm64
6b250c85d94b6b0643a58129ebf37244edb519fb9bc4aded1a8508d542d94ed3  ./ytt-linux-riscv64
764dadb577e680fa8fd09a28d281c570cb0e75accebb2ab0a328ab24b4032cfe  ./ytt-darwin-amd64
cf675039fa1bde77ebd12ed79eeaa698f7d9862a2b5fd82078260974ec311649  ./ytt-windows-arm64.exe
ecdc1439e52139335e42a23d1aa8941f575c52e70e58da709d2bad5038ecadae  ./ytt-linux-amd64


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added dependencies Pull requests that update a dependency file ok-to-test labels Feb 17, 2026
@cert-manager-prow cert-manager-prow bot added the dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. label Feb 17, 2026
@cert-manager-prow
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign jakexks for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cert-manager-prow cert-manager-prow bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Feb 17, 2026
@renovate renovate bot changed the title chore(deps): update dependency vmware-tanzu/carvel-ytt to v0.53.1 chore(deps): update tools Feb 17, 2026
Signed-off-by: Renovate Bot <renovate-bot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. dependencies Pull requests that update a dependency file ok-to-test size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants

Comments