build(deps): bump the actions group across 1 directory with 3 updates

[dependabot]

Bumps the actions group with 3 updates in the / directory: fluxcd/flux2, goreleaser/goreleaser-action and azure/setup-kubectl.

Updates fluxcd/flux2 from 2.8.6 to 2.8.7

Release notes

Sourced from fluxcd/flux2's releases.

v2.8.7

Highlights

Flux v2.8.7 is a patch release that includes a bug fix in kustomize-controller, a CVE fix in source-controller and image-automation-controller via go-git v5.19.0, and dependency updates. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Fix management of objects annotated with kustomize.toolkit.fluxcd.io/ssa: IfNotPresent where non-namespaced resources were being deleted and recreated on each reconciliation (kustomize-controller)

Improvements:

• Update go-git to v5.19.0 which fixes CVE-2026-45022 (source-controller, image-automation-controller)
• Update fluxcd/pkg dependencies (source-controller, kustomize-controller, image-automation-controller)

Components changelog

• helm-controller v1.5.4
• image-automation-controller v1.1.3
• kustomize-controller v1.8.5
• notification-controller v1.8.4
• source-controller v1.8.4

CLI changelog

• Update toolkit components by @​fluxcdbot in fluxcd/flux2#5891

Full Changelog: fluxcd/flux2@v2.8.6...v2.8.7

Commits

• 54e4ba3 Merge pull request #5891 from fluxcd/update-components-release/v2.8.x
• d2fbb16 Update toolkit components
• 66533d7 Merge pull request #5882 from fluxcd/backport-5881-to-release/v2.8.x
• 7ac3623 include source-watcher in install manifests
• See full diff in compare view

Updates goreleaser/goreleaser-action from 7.2.1 to 7.2.2

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.2.2

What's Changed

• ci(deps): bump the actions group with 3 updates by @​dependabot[bot] in goreleaser/goreleaser-action#560
• fix: nightly resolution to select newest published release by @​Copilot in goreleaser/goreleaser-action#562

New Contributors

• @​Copilot made their first contribution in goreleaser/goreleaser-action#562

Full Changelog: goreleaser/goreleaser-action@v7...v7.2.2

Commits

• 5daf1e9 fix: nightly resolution to select newest published release (#562)
• 5cc7ebb ci: update actions
• 702f5f9 ci(deps): bump the actions group with 3 updates (#560)
• See full diff in compare view

Updates azure/setup-kubectl from 5.0.0 to 5.1.0

Release notes

Sourced from azure/setup-kubectl's releases.

v5.1.0

Changed

• #243 Migrate to ESM with esbuild and vitest
  • Replaced @vercel/ncc with esbuild for ESM bundling
  • Replaced jest/ts-jest with vitest for testing
  • Upgraded @actions/core to ^3.0.0, @actions/exec to ^3.0.0, @actions/tool-cache to ^4.0.0
  • Updated tsconfig.json to NodeNext module resolution
• Add npm run build step to CI unit-tests workflow

Security

• #242 Bump picomatch
• #244 Bump handlebars from 4.7.8 to 4.7.9
• #247 Bump vite from 8.0.3 to 8.0.5
• #245 Bump github/codeql-action in CI workflows

Changelog

Sourced from azure/setup-kubectl's changelog.

Changelog

[5.1.0] - 2026-04-11

Changed

• #243 Migrate to ESM with esbuild and vitest
  • Replaced @vercel/ncc with esbuild for ESM bundling
  • Replaced jest/ts-jest with vitest for testing
  • Upgraded @actions/core to ^3.0.0, @actions/exec to ^3.0.0, @actions/tool-cache to ^4.0.0
  • Updated tsconfig.json to NodeNext module resolution
• Add npm run build step to CI unit-tests workflow

Security

• #242 Bump picomatch
• #244 Bump handlebars from 4.7.8 to 4.7.9
• #247 Bump vite from 8.0.3 to 8.0.5
• #245 Bump github/codeql-action in CI workflows

[5.0.0] - 2026-03-25

Changed

• #233 Update Node.js runtime from node20 to node24
• #228 Replace cdn.dl.k8s.io with dl.k8s.io
• #219 Remove download redirects, use cdn.dl.k8s.io domain
• #190 Update stableVersionUrl to dl.k8s.io
• #235 Bump undici from 6.23.0 to 6.24.1
• #226 Bump undici and @​actions/http-client
• #230 Bump minimatch

Added

• #172 Enhance version handling: auto-resolve kubectl major.minor to latest patch
• #171 Add husky precommit check

[4.0.1] - 2025-06-17

• Remove erronious 'v' prefix on previous changelog for v4.0.0 that led to "vv4.0.0" tag issue
• Dependabot fixes

[4.0.0] - 2024-01-30

Changed

• #90 Migrate to node 20 as node 16 is deprecated

Commits

• 8293235 build
• 6522dcd release: prepare v5.1.0 (#249)
• 06b670f Bump vite from 8.0.3 to 8.0.5 (#247)
• 5f8d819 Migrate to ESM with esbuild and vitest (#243)
• 08845d9 Bump github/codeql-action in /.github/workflows in the actions group (#245)
• f59556b Bump handlebars from 4.7.8 to 4.7.9 (#244)
• 50eb415 Bump picomatch (#242)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.