Skip to content

[ci] Bump the production-dependencies group across 1 directory with 8 updates#5442

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/cluster/pulumi/production-dependencies-db34ec3cb7
Open

[ci] Bump the production-dependencies group across 1 directory with 8 updates#5442
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/cluster/pulumi/production-dependencies-db34ec3cb7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 7, 2026
edited
Loading

Bumps the production-dependencies group with 8 updates in the /cluster/pulumi directory:

Package From To
@google-cloud/sql 0.24.0 0.24.1
@dotenvx/dotenvx 1.61.0 1.64.0
@pulumi/gcp 9.18.0 9.21.0
@pulumi/kubernetes 4.28.0 4.30.0
@pulumi/pulumi 3.230.0 3.234.0
auth0 5.6.0 5.9.0
zod 4.3.6 4.4.1
@pulumi/auth0 3.39.0 3.41.0

Updates @google-cloud/sql from 0.24.0 to 0.24.1

Release notes

Sourced from @​google-cloud/sql's releases.

sql: v0.24.1

0.24.1 (2026-05-01)

Bug Fixes

  • Change the copyright year for files in the packages folder (#8109) (c1a03fe)
  • Do not publish the protos to npm (#8079) (816216b)
  • Revert "fix: Do not publish the protos to npm" (#8096) (ac0fbb6)
Changelog

Sourced from @​google-cloud/sql's changelog.

0.24.1 (2026-05-01)

Bug Fixes

  • Change the copyright year for files in the packages folder (#8109) (c1a03fe)
  • Do not publish the protos to npm (#8079) (816216b)
  • Revert "fix: Do not publish the protos to npm" (#8096) (ac0fbb6)
Commits

Updates @dotenvx/dotenvx from 1.61.0 to 1.64.0

Release notes

Sourced from @​dotenvx/dotenvx's releases.

v1.64.0

see CHANGELOG

v1.63.0

see CHANGELOG

v1.62.0

see CHANGELOG

v1.61.6

see CHANGELOG

v1.61.5

see CHANGELOG

v1.61.4

see CHANGELOG

v1.61.3

see CHANGELOG

v1.61.2

see CHANGELOG

v1.61.1

see CHANGELOG

Changelog

Sourced from @​dotenvx/dotenvx's changelog.

1.64.0 (2026-04-27)

Added

  • Add optional dotenvx armor command.
    • armor up armor private key
    • armor down dearmor private key
    • armor push push armored key (from .env.keys)
    • armor pull pull armored key (into .env.keys)

Move private keys off device and under access control with Dotenvx Ops ⛨. Learn more

1.63.0 (2026-04-24)

Added

  • Add support for encrypted values passed to --env flag (#804)
  • Add support for --format=colon in order to support cloudflare's wrangler --var flag format (#804)

1.62.0 (2026-04-23)

Added

  • Add support for config({ envs }). unlocks simpler cloudflare worker integration (#803)
$ dotenvx encrypt -f .env.txt
// src/index.js
import envSrc from '../.env.txt'
import dotenvx from '@dotenvx/dotenvx'
const config = dotenvx.config({ envs: [{ type: 'env', value: envSrc, privateKeyName: 'DOTENV_PRIVATE_KEY' }] })
const envx = config.parsed
export default {
async fetch(request, env, ctx) {
return new Response(Hello ${envx.HELLO})
}
}

"scripts": {
  "deploy": "wrangler deploy",
  "dev": "wrangler dev --var $(dotenvx keypair -f .env.txt --format=colon)",
  "start": "wrangler dev --var $(dotenvx keypair -f .env.txt --format=colon)",
  "test": "vitest"
},

... (truncated)

Commits

Updates @pulumi/gcp from 9.18.0 to 9.21.0

Release notes

Sourced from @​pulumi/gcp's releases.

v9.21.0

What's Changed

New Contributors

Full Changelog: pulumi/pulumi-gcp@v9.20.0...v9.21.0

v9.20.0

What's Changed

Full Changelog: pulumi/pulumi-gcp@v9.19.0...v9.20.0

v9.19.0

What's Changed

Full Changelog: pulumi/pulumi-gcp@v9.18.0...v9.19.0

Commits

Updates @pulumi/kubernetes from 4.28.0 to 4.30.0

Release notes

Sourced from @​pulumi/kubernetes's releases.

v4.30.0

4.30.0 (April 24, 2026)

Fixed

  • #4295Fix kustomize.v2.Directory resource output type in the schema to properly support array outputs. Previously, the resources field was incorrectly typed as a string in the schema. This fix updates the type to an array of Any, aligning the schema with the provider's Go implementation (pulumi.ArrayOutput). This resolves a regression that caused the Kustomize v2 resource to fail in the Python SDK.
  • #2997 Stop stripping null values when unmarshaling, fixing Helm chart default deletion and valueYamlFiles null handling. Deprecate allowNullValues (no longer needed).

Changed

  • Upgrade Kubernetes schema and libraries to v1.35.4.
  • Upgrade Kubernetes schema and libraries to v1.36.0.

v4.29.0

Fixed

pulumi/pulumi-kubernetes#2926 Use client-side create for new resources instead of server-side apply.

Users may observe stricter errors on some Create operations. Please read carefully.

When a resource already exists in the cluster, the API server now returns an AlreadyExists error instead of silently updating the existing object. This prevents data loss from create-then-delete scenarios (e.g. renaming a Pulumi resource or replacing an explicitly-named resource). A new provider config option upsertExistingObjects (default false) restores the previous upsert behavior for users who intentionally adopt existing cluster resources. To manage fields on existing objects without owning their lifecycle, use Patch resources (e.g. NamespacePatch).

Added

pulumi/pulumi-kubernetes#2280 Add enablePatchForce provider config option to force SSA patch conflicts on a per-stack basis.

Changed

Upgrade Kubernetes schema and libraries to v1.35.3.

Changelog

Sourced from @​pulumi/kubernetes's changelog.

CHANGELOG

Unreleased

Added

  • #2744 Advertise a helm mapping for terraform conversion so pulumi import --from terraform and pulumi convert --from terraform recognize helm_release and emit kubernetes:helm.sh/v3:Release.

Fixed

  • #4295Fix kustomize.v2.Directory resource output type in the schema to properly support array outputs. Previously, the resources field was incorrectly typed as a string in the schema. This fix updates the type to an array of Any, aligning the schema with the provider's Go implementation (pulumi.ArrayOutput). This resolves a regression that caused the Kustomize v2 resource to fail in the Python SDK.
  • #2997 Stop stripping null values when unmarshaling, fixing Helm chart default deletion and valueYamlFiles null handling. Deprecate allowNullValues (no longer needed).
  • #4261 Fix CRD parameterization: implement Parameterize(Value) so subsequent runs can reconstruct the CRD schema from saved state, and flatten array-of-objects in OpenAPI specs so nested fields like spec.listeners generate typed args.

Changed

  • Upgrade Kubernetes schema and libraries to v1.35.4.
  • Upgrade Kubernetes schema and libraries to v1.36.0.

4.29.0 (April 15, 2026)

Fixed

  • #2926 Use client-side create for new resources instead of server-side apply.

    Users may observe stricter errors on some Create operations. Please read carefully.

    When a resource already exists in the cluster, the API server now returns an AlreadyExists error instead of silently updating the existing object. This prevents data loss from create-then-delete scenarios (e.g. renaming a Pulumi resource or replacing an explicitly-named resource). A new provider config option upsertExistingObjects (default false) restores the previous upsert behavior for users who intentionally adopt existing cluster resources. To manage fields on existing objects without owning their lifecycle, use Patch resources (e.g. NamespacePatch).

Added

  • #2280 Add enablePatchForce provider config option to force SSA patch conflicts on a per-stack basis.

Changed

  • Upgrade Kubernetes schema and libraries to v1.35.3.
Commits
Install script changes

This version modifies install script that runs during installation. Review the package contents before updating.


Updates @pulumi/pulumi from 3.230.0 to 3.234.0

Release notes

Sourced from @​pulumi/pulumi's releases.

v3.234.0

3.234.0 (2026-05-01)

Features

  • [cli/cloud] Add pulumi cloud api describe for inspecting the parameters, request body, and response schema of any Pulumi Cloud API operation, with text, markdown, and JSON output

    #22770

  • [cli/cloud] Add pulumi cloud api list for browsing every endpoint exposed by the Pulumi Cloud OpenAPI spec, with table and JSON output

    #22769

Bug Fixes

  • [engine] Revert changes to property path parsing that resulted in errors for currently valid paths

v3.233.0

3.233.0 (2026-04-30)

Features

  • [auto/python] Expose the auto-generated Pulumi CLI interface as workspace.cli_api #22638

  • [cli] Add encrypted logging to ~/.pulumi/logs; use the PULUMI_ENABLE_AUTOMATIC_LOGGING feature flag to turn it on #22494

  • [cli] Implement the filesystem__grep and filesystem__content_replace local tools for pulumi neo. grep runs a regex search across files in the project root with an optional include glob filter and returns results in path:lineno: line form. content_replace performs a literal multi-file search-and-replace with a file_pattern glob and dry_run preview mode. Both tools skip binary files, hidden directories, and node_modules, and reject paths outside the project root. Their input schemas match the cloud-side tool definitions.

    #22655

  • [cli] Add pulumi_preview and pulumi_up as local tools for the experimental pulumi neo agent. The Neo TUI renders a persistent bordered block for each operation that streams changed resources and diagnostics as the engine runs and finalizes with a summary of the op counts. Hidden behind PULUMI_EXPERIMENTAL.

    #22697

... (truncated)

Changelog

Sourced from @​pulumi/pulumi's changelog.

3.234.0 (2026-05-01)

Features

  • [cli/cloud] Add pulumi cloud api describe for inspecting the parameters, request body, and response schema of any Pulumi Cloud API operation, with text, markdown, and JSON output

    #22770

  • [cli/cloud] Add pulumi cloud api list for browsing every endpoint exposed by the Pulumi Cloud OpenAPI spec, with table and JSON output

    #22769

Bug Fixes

  • [engine] Revert changes to property path parsing that resulted in errors for currently valid paths

3.233.0 (2026-04-30)

Features

  • [auto/python] Expose the auto-generated Pulumi CLI interface as workspace.cli_api #22638

  • [cli] Add encrypted logging to ~/.pulumi/logs; use the PULUMI_ENABLE_AUTOMATIC_LOGGING feature flag to turn it on #22494

  • [cli] Implement the filesystem__grep and filesystem__content_replace local tools for pulumi neo. grep runs a regex search across files in the project root with an optional include glob filter and returns results in path:lineno: line form. content_replace performs a literal multi-file search-and-replace with a file_pattern glob and dry_run preview mode. Both tools skip binary files, hidden directories, and node_modules, and reject paths outside the project root. Their input schemas match the cloud-side tool definitions.

    #22655

  • [cli] Add pulumi_preview and pulumi_up as local tools for the experimental pulumi neo agent. The Neo TUI renders a persistent bordered block for each operation that streams changed resources and diagnostics as the engine runs and finalizes with a summary of the op counts. Hidden behind PULUMI_EXPERIMENTAL.

    #22697

  • [engine] Add List to the provider protocol and schema

... (truncated)

Commits

Updates auth0 from 5.6.0 to 5.9.0

Release notes

Sourced from auth0's releases.

v5.9.0

Added

  • feat: add events SSE streaming, bulk refresh token revocation, and query string builder #1331 (fern-api[bot])

v5.8.0

⚠️ BREAKING CHANGES

  • Removed invitation_landing_client_id and allowed_roles fields from ClientMyOrganizationPatchConfiguration, ClientMyOrganizationPostConfiguration, and ClientMyOrganizationResponseConfiguration #1328 (fern-api[bot])

Added

  • Session Transfer Delegation: new delegation property on ClientSessionTransferConfiguration with ClientSessionTransferDelegationConfiguration interface supporting allow_delegated_access and enforce_device_binding options #1328 (fern-api[bot])
  • Self-Service SSO Ticket Features: new enabled_features property on CreateSelfServiceProfileSsoTicketRequestContent with SelfServiceProfileSsoTicketEnabledFeatures interface supporting sso, domain_verification, and provisioning toggles #1328 (fern-api[bot])
  • Self-Service SSO Ticket Domain Aliases: new pending_domains field on SelfServiceProfileSsoTicketDomainAliasesConfig #1328 (fern-api[bot])

Changed

  • Updated JSDoc descriptions for default_for field across Client Grant response types and CreateClientGrantRequestContent #1328 (fern-api[bot])

v5.7.0

Added

  • feat: add third-party client security, synchronized groups, and new event stream types #1326 (fern-api[bot])
Changelog

Sourced from auth0's changelog.

v5.9.0 (2026-04-30)

Full Changelog

Added

  • feat: add events SSE streaming, bulk refresh token revocation, and query string builder #1331 (fern-api[bot])

v5.8.0 (2026-04-22)

Full Changelog

⚠️ BREAKING CHANGES

  • Removed invitation_landing_client_id and allowed_roles fields from ClientMyOrganizationPatchConfiguration, ClientMyOrganizationPostConfiguration, and ClientMyOrganizationResponseConfiguration #1328 (fern-api[bot])

Added

  • Session Transfer Delegation: new delegation property on ClientSessionTransferConfiguration with ClientSessionTransferDelegationConfiguration interface supporting allow_delegated_access and enforce_device_binding options #1328 (fern-api[bot])
  • Self-Service SSO Ticket Features: new enabled_features property on CreateSelfServiceProfileSsoTicketRequestContent with SelfServiceProfileSsoTicketEnabledFeatures interface supporting sso, domain_verification, and provisioning toggles #1328 (fern-api[bot])
  • Self-Service SSO Ticket Domain Aliases: new pending_domains field on SelfServiceProfileSsoTicketDomainAliasesConfig #1328 (fern-api[bot])

Changed

  • Updated JSDoc descriptions for default_for field across Client Grant response types and CreateClientGrantRequestContent #1328 (fern-api[bot])

v5.7.0 (2026-04-17)

Full Changelog

Added

  • feat: add third-party client security, synchronized groups, and new event stream types #1326 (fern-api[bot])
Commits

Updates zod from 4.3.6 to 4.4.1

Release notes

Sourced from zod's releases.

v4.4.1

Commits:

  • 481f7be4238c83ed58183f921b2646f340a91c6a ci: gate release publishing on full test workflow
  • 95ccab423aec720b2523c3a64cdc7e3204537cc7 test(v3): restore optional undefined expectations
  • cede2c63739a5823d6aa5093d291e9a111da943d fix(v4): reject tuple holes before required defaults (#5900)
  • edd0bf0f5ada4a8dc581c259407d7bbad0a71ea7 release: 4.4.1
  • 180d83d1dbe6a59260710cc8637a3dea2281ee56 docs: remove Jazz featured sponsor

v4.4.0

4.4.0

This is a minor release with a wide set of correctness and soundness fixes. Some fixes intentionally make Zod stricter, so code that depended on previously accepted invalid or ambiguous inputs may need small updates.

Potentially breaking bug fixes

Tuple defaults now materialize output values correctly

Fixed in #5661. Tuple parsing now more accurately reflects defaults, optional tails, explicit undefined, and under-filled inputs. The headline behavior is that defaults in tuple positions now properly appear in parsed output.

const schema = z.tuple([
  z.string(),
  z.string().default("fallback"),
]);
schema.parse(["a"]);
// ["a", "fallback"]

Trailing optional elements that are absent still stay absent; they are not filled with undefined.

const schema = z.tuple([
  z.string(),
  z.string().optional(),
]);
schema.parse(["a"]);
// ["a"]

But explicit undefined values supplied by the caller are preserved.

schema.parse(["a", undefined]);
// ["a", undefined]

When optional elements appear before later defaults, the parsed tuple is now dense so array operations behave predictably.

... (truncated)

Commits
  • 180d83d docs: remove Jazz featured sponsor
  • edd0bf0 release: 4.4.1
  • cede2c6 fix(v4): reject tuple holes before required defaults (#5900)
  • 95ccab4 test(v3): restore optional undefined expectations
  • 481f7be ci: gate release publishing on full test workflow
  • d05f026 release: 4.4.0
  • f778e02 build: bump zshy for JSR wildcard exports
  • 6db607b fix(release): keep JSR manifest publishable
  • ad0b827 ci: update release workflow for trusted publishing
  • b6066b3 fix(v4): align object and tuple optionality handling (#5661)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for zod since your current version.


Updates @pulumi/auth0 from 3.39.0 to 3.41.0

Release notes

Sourced from @​pulumi/auth0's releases.

v3.41.0

What's Changed

Full Changelog: pulumi/pulumi-auth0@v3.40.0...v3.41.0

v3.40.0

What's Changed

Full Changelog: pulumi/pulumi-auth0@v3.39.0...v3.40.0

Commits

@dependabot dependabot Bot added the static Used to label PRs for which static tests suffice label May 7, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/cluster/pulumi/production-dependencies-db34ec3cb7 branch from b388130 to 9f7a6c0 Compare May 7, 2026 18:49
@dependabot
[ci] Bump the production-dependencies group across 1 directory with 8…
1e2dc61 
… updates

Bumps the production-dependencies group with 8 updates in the /cluster/pulumi directory:

| Package | From | To |
| --- | --- | --- |
| [@google-cloud/sql](https://github.com/googleapis/google-cloud-node/tree/HEAD/packages/google-cloud-sql) | `0.24.0` | `0.24.1` |
| [@dotenvx/dotenvx](https://github.com/dotenvx/dotenvx) | `1.61.0` | `1.64.0` |
| [@pulumi/gcp](https://github.com/pulumi/pulumi-gcp) | `9.18.0` | `9.21.0` |
| [@pulumi/kubernetes](https://github.com/pulumi/pulumi-kubernetes) | `4.28.0` | `4.30.0` |
| [@pulumi/pulumi](https://github.com/pulumi/pulumi/tree/HEAD/sdk/nodejs) | `3.230.0` | `3.234.0` |
| [auth0](https://github.com/auth0/node-auth0) | `5.6.0` | `5.9.0` |
| [zod](https://github.com/colinhacks/zod) | `4.3.6` | `4.4.1` |
| [@pulumi/auth0](https://github.com/pulumi/pulumi-auth0) | `3.39.0` | `3.41.0` |



Updates `@google-cloud/sql` from 0.24.0 to 0.24.1
- [Release notes](https://github.com/googleapis/google-cloud-node/releases)
- [Changelog](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-sql/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-cloud-node/commits/v0.24.1/packages/google-cloud-sql)

Updates `@dotenvx/dotenvx` from 1.61.0 to 1.64.0
- [Release notes](https://github.com/dotenvx/dotenvx/releases)
- [Changelog](https://github.com/dotenvx/dotenvx/blob/main/CHANGELOG.md)
- [Commits](dotenvx/dotenvx@v1.61.0...v1.64.0)

Updates `@pulumi/gcp` from 9.18.0 to 9.21.0
- [Release notes](https://github.com/pulumi/pulumi-gcp/releases)
- [Changelog](https://github.com/pulumi/pulumi-gcp/blob/master/CHANGELOG_OLD.md)
- [Commits](pulumi/pulumi-gcp@v9.18.0...v9.21.0)

Updates `@pulumi/kubernetes` from 4.28.0 to 4.30.0
- [Release notes](https://github.com/pulumi/pulumi-kubernetes/releases)
- [Changelog](https://github.com/pulumi/pulumi-kubernetes/blob/master/CHANGELOG.md)
- [Commits](pulumi/pulumi-kubernetes@v4.28.0...v4.30.0)

Updates `@pulumi/pulumi` from 3.230.0 to 3.234.0
- [Release notes](https://github.com/pulumi/pulumi/releases)
- [Changelog](https://github.com/pulumi/pulumi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/pulumi/pulumi/commits/v3.234.0/sdk/nodejs)

Updates `auth0` from 5.6.0 to 5.9.0
- [Release notes](https://github.com/auth0/node-auth0/releases)
- [Changelog](https://github.com/auth0/node-auth0/blob/master/CHANGELOG.md)
- [Commits](auth0/node-auth0@v5.6.0...v5.9.0)

Updates `zod` from 4.3.6 to 4.4.1
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v4.3.6...v4.4.1)

Updates `@pulumi/auth0` from 3.39.0 to 3.41.0
- [Release notes](https://github.com/pulumi/pulumi-auth0/releases)
- [Changelog](https://github.com/pulumi/pulumi-auth0/blob/master/CHANGELOG_OLD.md)
- [Commits](pulumi/pulumi-auth0@v3.39.0...v3.41.0)

---
updated-dependencies:
- dependency-name: "@dotenvx/dotenvx"
  dependency-version: 1.64.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@google-cloud/sql"
  dependency-version: 0.24.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@pulumi/auth0"
  dependency-version: 3.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@pulumi/gcp"
  dependency-version: 9.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@pulumi/kubernetes"
  dependency-version: 4.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@pulumi/pulumi"
  dependency-version: 3.232.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: auth0
  dependency-version: 5.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: zod
  dependency-version: 4.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/cluster/pulumi/production-dependencies-db34ec3cb7 branch from 9f7a6c0 to 1e2dc61 Compare May 8, 2026 18:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@martinflorian-da martinflorian-da

@mblaze-da mblaze-da

@krzysztofczyz-da krzysztofczyz-da

Labels

static Used to label PRs for which static tests suffice

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@martinflorian-da @mblaze-da @krzysztofczyz-da