Update product-os/flowzone action to v22.12.49

[klutchell-renovate]

This PR contains the following updates:

Package	Type	Update	Change
product-os/flowzone	action	patch	v22.12.43 → v22.12.49

---

Release Notes

product-os/flowzone (product-os/flowzone)

v22.12.49

Compare Source

Update dependency node-26 to v26.3.1

Notable changes

• (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
• (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
• (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
• (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
• (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
• (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
• (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
• (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
• (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
• (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low
• (CVE-2026-48936) permission: guard pipe open and chmod with net scope (RafaelGSS) – Low
• [98fbc89211] - (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) nodejs-private/node-private#878
• [110840f2c7] - deps: update llhttp to 9.4.2 (Antoine du Hamel) nodejs-private/node-private#890
• [8d36d522b2] - deps: update undici to 8.5.0 (Node.js GitHub Bot) #​63903
• [2e6d03993a] - deps: update undici to 8.4.0 (Node.js GitHub Bot) #​63779
• [5a17d5b07a] - deps: update archs files for openssl-3.5.7 (Node.js GitHub Bot) #​63820
• [362725d4e5] - deps: upgrade openssl sources to openssl-3.5.7 (Node.js GitHub Bot) #​63820
• [bd1214ab01] - (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) nodejs-private/node-private#868
• [bc0b53813e] - (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) nodejs-private/node-private#846
• [87d847bc70] - (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) nodejs-private/node-private#855
• [9308084fcb] - (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) nodejs-private/node-private#867
• [a67dd46891] - (CVE-2026-48936) permission: guard pipe open and chmod with net scope (RafaelGSS) nodejs-private/node-private#885
• [7057c3f16c] - (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) nodejs-private/node-private#873
• [6bc17a6b51] - (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) nodejs-private/node-private#870
• [c8668beff8] - test: add session reuse host verification regressions (Matteo Collina) nodejs-private/node-private#854
• [d1be630415] - (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) nodejs-private/node-private#854
• [a14c158bb3] - (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) nodejs-private/node-private#857
• [ebda73470d] - (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) nodejs-private/node-private#869

nodejs/node (node-26)

v26.3.1: 2026-06-18, Version 26.3.1 (Current), @​&#​8203;aduh95

Compare Source

This is a security release.

Notable Changes

• (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
• (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
• (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
• (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
• (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
• (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
• (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
• (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
• (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
• (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low
• (CVE-2026-48936) permission: guard pipe open and chmod with net scope (RafaelGSS) – Low

Commits

• [98fbc89211] - (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) nodejs-private/node-private#878
• [110840f2c7] - deps: update llhttp to 9.4.2 (Antoine du Hamel) nodejs-private/node-private#890
• [8d36d522b2] - deps: update undici to 8.5.0 (Node.js GitHub Bot) #​63903
• [2e6d03993a] - deps: update undici to 8.4.0 (Node.js GitHub Bot) #​63779
• [5a17d5b07a] - deps: update archs files for openssl-3.5.7 (Node.js GitHub Bot) #​63820
• [362725d4e5] - deps: upgrade openssl sources to openssl-3.5.7 (Node.js GitHub Bot) #​63820
• [bd1214ab01] - (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) nodejs-private/node-private#868
• [bc0b53813e] - (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) nodejs-private/node-private#846
• [87d847bc70] - (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) nodejs-private/node-private#855
• [9308084fcb] - (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) nodejs-private/node-private#867
• [a67dd46891] - (CVE-2026-48936) permission: guard pipe open and chmod with net scope (RafaelGSS) nodejs-private/node-private#885
• [7057c3f16c] - (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) nodejs-private/node-private#873
• [6bc17a6b51] - (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) nodejs-private/node-private#870
• [c8668beff8] - test: add session reuse host verification regressions (Matteo Collina) nodejs-private/node-private#854
• [d1be630415] - (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) nodejs-private/node-private#854
• [a14c158bb3] - (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) nodejs-private/node-private#857
• [ebda73470d] - (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) nodejs-private/node-private#869

List of commits

4d039b1 (Update dependency node-26 to v26.3.1, 2026-06-18)

v22.12.48

Compare Source

Update dependency docker/buildx to v0.35.0

Notable changes

• CrazyMax
• Tõnis Tiigi
• Sebastiaan van Stijn
• Areeb Ahmed
• Jiří Moravčík
• Sopho Merkviladze
• Akihiro Suda
• Jonathan A. Sternberg
• Local output now supports a mode=delete attribute for build and bake commands. This mode replaces the destination directory with the build result instead of merging it. Similar to the --delete flag in rsync. For safety, this mode is only allowed if the destination directory is a subdirectory of the working directory. To export to other destinations, --allow=buildx.local.delete needs to be provided or the action confirmed by the user in the TUI. When exporting multi-platform results, this mode requires BuildKit v0.31.0+. #​3883
• Source policies now support the new exec proxy feature of BuildKit v0.31.0+ that captures the network traffic of your build steps. To opt in to network proxy, your Dockerfile.rego source policy needs to return caps: { "exec.proxy": true } in the evaluation decision. After opting in, you can control what network requests are allowed to be made by the run steps with policy rules for regular input.http sources, similar to how this was done for direct HTTP build sources before. You can also opt in your whole builder with --buildkitd-flags '--proxy-network' in buildx create. #​3895
• Resource limits can now be set for CPU and memory using the --resource flag in build and the resource key in bake commands. This feature requires BuildKit v0.31.0+ and Dockerfile v0.25.0+. #​3876 #​3900
• Fix possible "closed channel" panic. #​3886
• github.com/aws/aws-sdk-go-v2 v1.41.7 -> v1.42.0
• github.com/aws/aws-sdk-go-v2/config v1.32.17 -> v1.32.24
• github.com/aws/aws-sdk-go-v2/credentials v1.19.16 -> v1.19.23
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.23 -> v1.18.29
• github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23 -> v1.4.29
• github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23 -> v2.7.29
• github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.24 -> v1.4.30
• github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9 -> v1.13.12
• github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23 -> v1.13.29
• github.com/aws/aws-sdk-go-v2/service/signin v1.0.11 -> v1.1.5
• github.com/aws/aws-sdk-go-v2/service/sso v1.30.17 -> v1.31.3
• github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.21 -> v1.36.6
• github.com/aws/aws-sdk-go-v2/service/sts v1.42.1 -> v1.43.3
• github.com/aws/smithy-go v1.25.1 -> v1.27.2
• github.com/containerd/containerd/v2 v2.2.3 -> v2.2.4
• github.com/containerd/continuity v0.4.5 -> v0.5.0
• github.com/containerd/platforms v1.0.0-rc.2 -> v1.0.0-rc.4
• github.com/containerd/typeurl/v2 v2.2.3 -> v2.3.0
• github.com/docker/cli v29.4.3 -> v29.5.3
• github.com/docker/distribution v2.8.3 new
• github.com/docker/docker-credential-helpers v0.9.5 -> v0.9.8
• github.com/go-openapi/analysis v0.24.3 -> v0.25.2
• github.com/go-openapi/jsonpointer v0.22.5 -> v0.23.1
• github.com/go-openapi/jsonreference v0.21.5 -> v0.21.6
• github.com/go-openapi/runtime v0.29.3 -> v0.32.3
• github.com/go-openapi/runtime/server-middleware v0.30.0 new
• github.com/go-openapi/spec v0.22.4 -> v0.22.5
• github.com/go-openapi/strfmt v0.26.1 -> v0.26.3
• github.com/go-openapi/swag v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/cmdutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/conv v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/fileutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/jsonname v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/jsonutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/loading v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/mangling v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/netutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/stringutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/typeutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/yamlutils v0.25.5 -> v0.26.0
• github.com/go-openapi/validate v0.25.2 -> v0.25.3
• github.com/google/certificate-transparency-go v1.3.2 -> v1.3.3
• github.com/google/go-containerregistry v0.20.7 -> v0.21.6
• github.com/gorilla/mux v1.8.1 new
• github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 -> v2.29.0
• github.com/in-toto/attestation v1.1.2 -> v1.2.0
• github.com/moby/buildkit v0.30.0 -> v0.31.0
• github.com/moby/policy-helpers a39d601 -> d5411a9
• github.com/moby/sys/sequential v0.6.0 -> v0.7.0
• github.com/pelletier/go-toml/v2 v2.2.4 -> v2.3.1
• github.com/prometheus/common v0.66.1 -> v0.67.5
• github.com/prometheus/procfs v0.17.0 -> v0.20.1
• github.com/secure-systems-lab/go-securesystemslib v0.10.0 -> v0.11.0
• github.com/sigstore/protobuf-specs v0.5.0 -> v0.5.1
• github.com/sigstore/rekor v1.5.0 -> v1.5.2
• github.com/sigstore/rekor-tiles/v2 v2.0.1 -> 5d098a2
• github.com/sigstore/sigstore v1.10.5 -> v1.10.8
• github.com/sigstore/sigstore-go v1.1.4 -> v1.2.1
• github.com/sigstore/timestamp-authority/v2 v2.0.6 -> v2.1.2
• github.com/theupdateframework/go-tuf/v2 v2.4.1 -> v2.4.2
• github.com/tonistiigi/fsutil a2aa163 -> 0257b33
• github.com/transparency-dev/formats 404c0d5 -> v0.1.1
• github.com/youmark/pkcs8 a2c0da2 new
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.68.0 -> v0.69.0
• go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.68.0 -> v0.69.0
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 -> v0.69.0
• go.opentelemetry.io/otel v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.42.0 -> v1.44.0
• go.opentelemetry.io/otel/metric v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/sdk v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/sdk/metric v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/trace v1.43.0 -> v1.44.0
• go.yaml.in/yaml/v2 v2.4.3 -> v2.4.4
• google.golang.org/genproto/googleapis/api 6f92a3b -> 3dc84a4
• google.golang.org/genproto/googleapis/rpc 6f92a3b -> 3dc84a4
• google.golang.org/grpc v1.80.0 -> v1.81.1
• google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 -> v1.6.1
• k8s.io/klog/v2 v2.130.1 -> v2.140.0

docker/buildx (docker/buildx)

v0.35.0

Compare Source

buildx 0.35.0

Welcome to the v0.35.0 release of buildx!

Please try out the release binaries and report any issues at
https://github.com/docker/buildx/issues.

Contributors

• CrazyMax
• Tõnis Tiigi
• Sebastiaan van Stijn
• Areeb Ahmed
• Jiří Moravčík
• Sopho Merkviladze
• Akihiro Suda
• Jonathan A. Sternberg

Notable Changes

• Local output now supports a mode=delete attribute for build and bake commands. This mode replaces the destination directory with the build result instead of merging it. Similar to the --delete flag in rsync. For safety, this mode is only allowed if the destination directory is a subdirectory of the working directory. To export to other destinations, --allow=buildx.local.delete needs to be provided or the action confirmed by the user in the TUI. When exporting multi-platform results, this mode requires BuildKit v0.31.0+. #​3883
• Source policies now support the new exec proxy feature of BuildKit v0.31.0+ that captures the network traffic of your build steps. To opt in to network proxy, your Dockerfile.rego source policy needs to return caps: { "exec.proxy": true } in the evaluation decision. After opting in, you can control what network requests are allowed to be made by the run steps with policy rules for regular input.http sources, similar to how this was done for direct HTTP build sources before. You can also opt in your whole builder with --buildkitd-flags '--proxy-network' in buildx create. #​3895
• Resource limits can now be set for CPU and memory using the --resource flag in build and the resource key in bake commands. This feature requires BuildKit v0.31.0+ and Dockerfile v0.25.0+. #​3876 #​3900
• Fix possible "closed channel" panic. #​3886

Dependency Changes

• github.com/aws/aws-sdk-go-v2 v1.41.7 -> v1.42.0
• github.com/aws/aws-sdk-go-v2/config v1.32.17 -> v1.32.24
• github.com/aws/aws-sdk-go-v2/credentials v1.19.16 -> v1.19.23
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.23 -> v1.18.29
• github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23 -> v1.4.29
• github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23 -> v2.7.29
• github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.24 -> v1.4.30
• github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9 -> v1.13.12
• github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23 -> v1.13.29
• github.com/aws/aws-sdk-go-v2/service/signin v1.0.11 -> v1.1.5
• github.com/aws/aws-sdk-go-v2/service/sso v1.30.17 -> v1.31.3
• github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.21 -> v1.36.6
• github.com/aws/aws-sdk-go-v2/service/sts v1.42.1 -> v1.43.3
• github.com/aws/smithy-go v1.25.1 -> v1.27.2
• github.com/containerd/containerd/v2 v2.2.3 -> v2.2.4
• github.com/containerd/continuity v0.4.5 -> v0.5.0
• github.com/containerd/platforms v1.0.0-rc.2 -> v1.0.0-rc.4
• github.com/containerd/typeurl/v2 v2.2.3 -> v2.3.0
• github.com/docker/cli v29.4.3 -> v29.5.3
• github.com/docker/distribution v2.8.3 new
• github.com/docker/docker-credential-helpers v0.9.5 -> v0.9.8
• github.com/go-openapi/analysis v0.24.3 -> v0.25.2
• github.com/go-openapi/jsonpointer v0.22.5 -> v0.23.1
• github.com/go-openapi/jsonreference v0.21.5 -> v0.21.6
• github.com/go-openapi/runtime v0.29.3 -> v0.32.3
• github.com/go-openapi/runtime/server-middleware v0.30.0 new
• github.com/go-openapi/spec v0.22.4 -> v0.22.5
• github.com/go-openapi/strfmt v0.26.1 -> v0.26.3
• github.com/go-openapi/swag v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/cmdutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/conv v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/fileutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/jsonname v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/jsonutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/loading v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/mangling v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/netutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/stringutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/typeutils v0.25.5 -> v0.26.0
• github.com/go-openapi/swag/yamlutils v0.25.5 -> v0.26.0
• github.com/go-openapi/validate v0.25.2 -> v0.25.3
• github.com/google/certificate-transparency-go v1.3.2 -> v1.3.3
• github.com/google/go-containerregistry v0.20.7 -> v0.21.6
• github.com/gorilla/mux v1.8.1 new
• github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 -> v2.29.0
• github.com/in-toto/attestation v1.1.2 -> v1.2.0
• github.com/moby/buildkit v0.30.0 -> v0.31.0
• github.com/moby/policy-helpers a39d601 -> d5411a9
• github.com/moby/sys/sequential v0.6.0 -> v0.7.0
• github.com/pelletier/go-toml/v2 v2.2.4 -> v2.3.1
• github.com/prometheus/common v0.66.1 -> v0.67.5
• github.com/prometheus/procfs v0.17.0 -> v0.20.1
• github.com/secure-systems-lab/go-securesystemslib v0.10.0 -> v0.11.0
• github.com/sigstore/protobuf-specs v0.5.0 -> v0.5.1
• github.com/sigstore/rekor v1.5.0 -> v1.5.2
• github.com/sigstore/rekor-tiles/v2 v2.0.1 -> 5d098a2
• github.com/sigstore/sigstore v1.10.5 -> v1.10.8
• github.com/sigstore/sigstore-go v1.1.4 -> v1.2.1
• github.com/sigstore/timestamp-authority/v2 v2.0.6 -> v2.1.2
• github.com/theupdateframework/go-tuf/v2 v2.4.1 -> v2.4.2
• github.com/tonistiigi/fsutil a2aa163 -> 0257b33
• github.com/transparency-dev/formats 404c0d5 -> v0.1.1
• github.com/youmark/pkcs8 a2c0da2 new
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.68.0 -> v0.69.0
• go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.68.0 -> v0.69.0
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 -> v0.69.0
• go.opentelemetry.io/otel v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.42.0 -> v1.44.0
• go.opentelemetry.io/otel/metric v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/sdk v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/sdk/metric v1.43.0 -> v1.44.0
• go.opentelemetry.io/otel/trace v1.43.0 -> v1.44.0
• go.yaml.in/yaml/v2 v2.4.3 -> v2.4.4
• google.golang.org/genproto/googleapis/api 6f92a3b -> 3dc84a4
• google.golang.org/genproto/googleapis/rpc 6f92a3b -> 3dc84a4
• google.golang.org/grpc v1.80.0 -> v1.81.1
• google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 -> v1.6.1
• k8s.io/klog/v2 v2.130.1 -> v2.140.0

Previous release can be found at v0.34.1

List of commits

962123c (Update dependency docker/buildx to v0.35.0, 2026-06-18)

v22.12.47

Compare Source

Update dependency helm/helm to v4.2.2

Notable changes

• Join the discussion in Kubernetes Slack:
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages
• Revert: Fixed a race condition in WaitForDelete where the status observer canceled the watch too early, causing intermittent failures when running a full test suite #​32214
• MacOS amd64 (checksum / 10c1e36ee8c5f2e2ee25a16599cb03ab74c0953cd889cacb980a49ba4b6574ba)
• MacOS arm64 (checksum / 5410a0dae3d5d91f45653b161260d9301aabc4ae80ae50a6605d66884b6df8ea)
• Linux amd64 (checksum / 9adafecab4d406853bba163a70e9f104f47dbbf65ce24b7653bae7e36150bcb6)
• Linux arm (checksum / 7e9490169874695e04ab1af47c5620621fc13c84219a258fcc1afdcd40ca7438)
• Linux arm64 (checksum / 78803142087a0069fa4b50d3f32a84d3ef25c14d1ee8a40fbccf86a6216d2f36)
• Linux i386 (checksum / 8e1fdcda4a476ffc5d1179c7f16d33a3d54267efa08fd720f7678277d68bc2d5)
• Linux loong64 (checksum / b8bfe96b8b0b0e2af51af4a00ef521cc5a7e03793aea3568cf8500a63ae05041)
• Linux ppc64le (checksum / 814a80fd98eb9e4c5a9d610f3b9c15ffe120c2f5e39df16a2f491723ebc90126)
• Linux s390x (checksum / d84cdf1123f20cfbef19a2af1cd6afe8b00626bd9846bccb9dae978c810c8274)
• Linux riscv64 (checksum / f07c105180dff2619ab45134b9b47b7845387e8f3299e12ebe0efb87c7548717)
• Windows amd64 (checksum / 5fad8562e98c34fa5af3ef904086a5874a6701050f9bf36e30238c975df94dcd)
• Windows arm64 (checksum / 2e993d6a1dd8197a33e65d8e90b26df9d248ff3501701dea401856aa265a2dab)
• 4.2.3 and 3.21.2 are the next patch releases scheduled for July 8, 2026
• 4.3.0 and 3.22.0 are the next minor releases scheduled for September 9, 2026
• Revert "fix(kube): prevent spurious early exit in WaitForDelete during informer sync" b05881c (George Jenkins)

helm/helm (helm/helm)

v4.2.2: Helm v4.2.2

Compare Source

Helm v4.2.2 is a patch release. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Notable Changes

• Revert: Fixed a race condition in WaitForDelete where the status observer canceled the watch too early, causing intermittent failures when running a full test suite #​32214

Installation and Upgrading

Download Helm v4.2.2. The common platform binaries are here:

• MacOS amd64 (checksum / 10c1e36ee8c5f2e2ee25a16599cb03ab74c0953cd889cacb980a49ba4b6574ba)
• MacOS arm64 (checksum / 5410a0dae3d5d91f45653b161260d9301aabc4ae80ae50a6605d66884b6df8ea)
• Linux amd64 (checksum / 9adafecab4d406853bba163a70e9f104f47dbbf65ce24b7653bae7e36150bcb6)
• Linux arm (checksum / 7e9490169874695e04ab1af47c5620621fc13c84219a258fcc1afdcd40ca7438)
• Linux arm64 (checksum / 78803142087a0069fa4b50d3f32a84d3ef25c14d1ee8a40fbccf86a6216d2f36)
• Linux i386 (checksum / 8e1fdcda4a476ffc5d1179c7f16d33a3d54267efa08fd720f7678277d68bc2d5)
• Linux loong64 (checksum / b8bfe96b8b0b0e2af51af4a00ef521cc5a7e03793aea3568cf8500a63ae05041)
• Linux ppc64le (checksum / 814a80fd98eb9e4c5a9d610f3b9c15ffe120c2f5e39df16a2f491723ebc90126)
• Linux s390x (checksum / d84cdf1123f20cfbef19a2af1cd6afe8b00626bd9846bccb9dae978c810c8274)
• Linux riscv64 (checksum / f07c105180dff2619ab45134b9b47b7845387e8f3299e12ebe0efb87c7548717)
• Windows amd64 (checksum / 5fad8562e98c34fa5af3ef904086a5874a6701050f9bf36e30238c975df94dcd)
• Windows arm64 (checksum / 2e993d6a1dd8197a33e65d8e90b26df9d248ff3501701dea401856aa265a2dab)

This release was signed by @​​gjenkins8 with key BF88 8333 D96A 1C18 E268 2AAE D79D 67C9 EC01 6739, which can be found at https://keys.openpgp.org/vks/v1/by-fingerprint/BF888333D96A1C18E2682AAED79D67C9EC016739. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 4.2.3 and 3.21.2 are the next patch releases scheduled for July 8, 2026
• 4.3.0 and 3.22.0 are the next minor releases scheduled for September 9, 2026

Changelog

• Revert "fix(kube): prevent spurious early exit in WaitForDelete during informer sync" b05881c (George Jenkins)

Full Changelog: helm/helm@v4.2.1...v4.2.2

List of commits

7027efd (Update dependency helm/helm to v4.2.2, 2026-06-17)

v22.12.46

Compare Source

28dc745 (Update zulip/github-actions-zulip digest to f675f2b, 2026-06-17)

v22.12.45

Compare Source

921fcd6 (patch: Specify tool versions, 2026-06-16)

v22.12.44

Compare Source

Update balena-io/deploy-to-balena-action action to v2.3.1

Notable changes

balena-io/deploy-to-balena-action (balena-io/deploy-to-balena-action)

[v2.3.1](https://redirect.github.com/balena-io/deploy-to-balena-action/blob/HEAD/CHANGELOG.md#v231

List of commits

97c9768 (Update balena-io/deploy-to-balena-action action to v2.3.1, 2026-06-16)

---

Configuration

📅 Schedule: (in timezone America/New_York)

• Branch creation
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.