chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
act		patch	0.2.68 -> 0.2.69
buf		minor	1.45.0 -> 1.46.0
github.com/TBD54566975/ftl	require	minor	v0.386.3 -> v0.393.1
github.com/TBD54566975/ftl	require	minor	v0.0.0-00010101000000-000000000000 -> v0.393.1
github.com/aws/aws-sdk-go-v2	require	patch	v1.32.2 -> v1.32.3
github.com/aws/aws-sdk-go-v2/config	require	patch	v1.28.0 -> v1.28.1
github.com/aws/aws-sdk-go-v2/credentials	require	patch	v1.17.41 -> v1.17.42
github.com/aws/aws-sdk-go-v2/service/cloudformation	require	patch	v1.55.3 -> v1.55.4
github.com/aws/aws-sdk-go-v2/service/kms	require	patch	v1.37.2 -> v1.37.3
github.com/aws/aws-sdk-go-v2/service/secretsmanager	require	patch	v1.34.2 -> v1.34.3
istioctl		patch	1.23.2 -> 1.23.3
node		minor	22.10.0 -> 22.11.0
pnpm		patch	9.12.2 -> 9.12.3
python		minor	3.12 -> 3.13

---

Release Notes

nektos/act (act)

v0.2.69

Changelog

New Features

• 9142ed9 feat: improve new action cache logging (#​2474)

Bug fixes

• 2c0e3fe fix: tests with validation errors were skipped (#​2496)
• f77a443 fix: merge-multiple artifacts were broken (#​2505)
• 5ffec84 fix: if condition in composite action misbehaves (#​2473)

Other

• 0de940b chore: bump VERSION to 0.2.69
• e3b4e3a add test for listartifacts v4 filter (#​2507)
• 0c09a77 build(deps): bump github.com/go-git/go-billy/v5 from 5.5.0 to 5.6.0 (#​2506)
• 9135745 build(deps): bump github.com/opencontainers/selinux (#​2498)
• ccd28e7 build(deps): bump megalinter/megalinter from 8.0.0 to 8.1.0 (#​2485)
• 5031a9f build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (#​2484)
• bb9f36d build(deps): bump golang.org/x/term from 0.24.0 to 0.25.0 (#​2480)
• ad1cef0 build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.1 (#​2479)

bufbuild/buf (buf)

v1.46.0

• Add buf registry whoami command, which checks if you are logged in to the Buf Schema
  Registry at a given domain.

TBD54566975/ftl (github.com/TBD54566975/ftl)

v0.393.1

Compare Source

Changelog

• 6223b89 fix: build before goreleaser (#​3294)
• 21d6bf3 fix: language plugins should always include an error with level=ERROR for BuildFailure (#​3296)
• 61731fd refactor: use YAML anchors to reduce boilerplate in .goreleaser.yaml (#​3295)

v0.393.0

Compare Source

Changelog

• e0d80d9 chore: make schema test an integration test (#​3284)
• 5e2b31c chore: no LanguagePlugin interface with internalPlugin / externalPlugin (#​3285)
• 74bfd95 chore: remove rust (#​3279)
• 8fbf480 chore: remove unused verb status (#​3280)
• 7d29045 chore: split up proto files (#​3257)
• be8d02f feat: inject DB verb resources (#​2985)
• 2a95eba feat: scaffold python sdk (#​3290)
• 4083751 feat: timeline events for async calls (#​3278)
• aa878cc fix: Only generate stubs for modules once (#​3291)
• 8eb4f88 fix: release language plugins (#​3292)
• de978ba fix: secret set pw prompt (#​3288)
• 7ab17ce refactor: defer provider registry initialisation until CLI is parsed (#​3293)

v0.392.2

Compare Source

Changelog

• 5d57552 chore: don't run tests in rebuild-all (#​3275)
• 84e8f84 chore: move JVM to language plugin (#​3267)
• d5348f1 fix: JVM OTEL metrics (#​3270)

v0.392.1

Compare Source

Changelog

• 2e03dc5 fix: set the rds security group via env var (#​3269)

v0.392.0

Compare Source

Changelog

• b174d47 chore: GHA to smoke test against last released exemplar (#​2983)
• 2da5025 chore: clean up bind allocator without controller port (#​3233)
• 9917c4a chore: don't build/start console for tests unless explicitly required (#​3251)
• 5009642 ci: CI uses build/release for language plugins (#​3247)
• eb8b601 feat: console shows verb subtypes: cronjob, ingress, subscriber, all other verbs (#​3256)
• 54b8be3 feat: ftl-language-go plugin (#​3101)
• f8f8f44 fix: clear events when streaming starts (#​3266)
• 0858fb6 fix: console undefined bug (#​3258)
• 46fdd15 fix: correctly record event times (#​3254)
• 3039a2e fix: flaky e2e ingress test (#​3262)
• e6c0b2f fix: log database connections from go runtime (#​3253)
• 8d38463 fix: only start localstack when required (#​3246)
• 276153e fix: support deleting all resources from a stack (#​3252)
• 91bb27f revert: Revert "revert: "fix: reduce spammy logs for pings"" (#​3249)

v0.391.2

Compare Source

Changelog

• a803098 revert: "fix: reduce spammy logs for pings" (#​3243)

v0.391.1

Compare Source

Changelog

• 03212ac fix: add go.mod to ignore python (#​3244)
• 4806b03 fix: improve cron deletion (#​3234)
• 4681a10 fix: improve delay before subscriber receives event (#​3237)

v0.391.0

Compare Source

Changelog

• 2ff29b1 feat: hide unexported decls in console by default and provide a toggle to show (#​3236)
• d89b592 fix: fallback to asm secret provider in cluster (#​3242)
• fea8ae8 fix: handle selectedDecl edge case in console's module tree (#​3238)
• 3e2e57f fix: typos in python runtime (#​3195)

v0.390.0

Compare Source

Changelog

• 3d37c4a chore: remove dead error handling (#​3226)
• 6125749 feat: Add index to async_table to speed up lease deletions (#​3235)
• f32b906 fix: JVM method names cannot be keywords (#​3211)
• 4b2bebf fix: ftl diff no longer needs language plugins for schemas (#​3230)
• a22b133 fix: interactive console --help runs command (#​3228)
• 95c8b6d fix: language plugin logs have named scope and are parsed as json (#​3229)
• 6aa6e36 fix: populate task resources as deployment progresses (#​3232)
• 2264272 fix: prevent topic_events being deleted if there is a subscription referencing it (#​3227)
• 3daf151 fix: reduce spammy logs for pings (#​3150)

v0.389.0

Compare Source

Changelog

• 3277cee chore(deps): update dependency com.squareup:kotlinpoet-jvm to v2 (#​3205)
• 7d74fbd chore: remove redundant log messages in language plugin proto (#​3212)
• 325ea88 feat: add references to decl pages in console (#​3223)
• c74b989 feat: emit module artifacts as blobs (#​3184)
• 9311f72 fix: disable metrics if endpoint not set (#​3213)
• 8f9cf91 fix: do not use remote endpoint for deploy’s bind allocator (#​3224)
• 4435fcc fix: fail BindAllocator.Next() allocation for required ports (#​3215)

v0.388.0

Compare Source

Changelog

• 8c6f740 chore: improve "ftl profile new" help (#​3209)
• 2bb7dd7 feat: build errors indicate if they are compiler errors (#​3197)
• 3fc312a fix: log provisioners when they are registered (#​3210)

v0.387.2

Compare Source

Changelog

• ac6ebec chore(deps): lock file maintenance (#​3206)
• e04091f chore(deps): lock file maintenance (#​3207)
• bdd9bc4 chore(deps): update all non-major dependencies (#​3204)
• d0ec90c fix: add debug logging to the provisioner (#​3208)

v0.387.1

Compare Source

Changelog

• 0e44c78 chore(deps): update all non-major dependencies (#​3201)
• f9e16fe fix: go should ignore invalid names of scaffold files in python-runtime (#​3203)

v0.387.0

Compare Source

Changelog

• ecd97fe chore(deps): lock file maintenance (#​3166)
• c4d0830 chore(deps): update all non-major dependencies (#​3163)
• 5543c89 chore(deps): update all non-major dependencies (#​3164)
• 7a5b535 chore(deps): update all non-major dependencies (#​3199)
• 5e82a48 chore: improve kube pod dump (#​3170)
• 87bc08a chore: remove FSM (#​3198)
• 4d38b81 chore: remove java from the kube tests (#​3175)
• 46ebece chore: remove todos (#​3194)
• dee85c5 chore: use plugin.Start for python language plugin (#​3193)
• 104591f feat: Enums in Kotlin (#​3160)
• 78cc2ce feat: Goose developing FTL itself (#​3188)
• c51b161 feat: add JVM to kube tests (#​3178)
• 20cb161 feat: add python runtime and plugin (#​3181)
• f988f32 feat: rebuild modules when they fail due to dep changes (#​3173)
• 4a450ff feat: recover if language plugin dies (#​3185)
• 5a99916 feat: save module schemas to .ftl/schemas (#​3182)
• 09e923f feat: show callers in console verb page (#​3183)
• ce5715e feat: support cmd+click to open module + decl links in new tab (#​3187)
• 6627acf feat: update Attribute badge styling (#​3172)
• 7d6c34e fix: add istio policy before deployment (#​3176)
• fa3107e fix: add kube resource limits (#​3171)
• bbfeab0 fix: check for port use (#​3190)
• 1b6d741 fix: cursed panic (#​3192)
• ea9bf4c fix: istio sidecar config (#​3167)
• 7fdebbe fix: kill plugins when FTL stops (#​3180)
• c3ad689 fix: pass in bind allocator to build engine (#​3179)
• 42bf1d8 fix: regex match to show decl schema string (#​3189)
• fbbe04d fix: remove double log message when starting a build (#​3174)
• 6b63a95 fix: reporting call and ingress event errors (#​3161)
• 74b8bcf refactor: buildengine publishes clearer state events (#​3168)

aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2)

v1.32.3

Compare Source

istio/istio (istioctl)

v1.23.3: Istio 1.23.3

Compare Source

Artifacts
Release Notes

nodejs/node (node)

v22.11.0: 2024-10-29, Version 22.11.0 'Jod' (LTS), @​richardlau

Compare Source

Notable Changes

This release marks the transition of Node.js 22.x into Long Term Support (LTS)
with the codename 'Jod'. The 22.x release line now moves into "Active LTS"
and will remain so until October 2025. After that time, it will move into
"Maintenance" until end of life in April 2027.

Other than updating metadata, such as the process.release object, to reflect
that the release is LTS, no further changes from Node.js 22.10.0 are included.

OpenSSL 3.x

Official binaries for Node.js 22.x currently include OpenSSL 3.0.x (more
specifically, the quictls OpenSSL fork).
OpenSSL 3.0.x is the currently designated long term support version that is
scheduled to be supported until 7th September 2026, which is within the expected
lifetime of Node.js 22.x. We are expecting upstream OpenSSL to announce a
successor long term support version prior to that date and since OpenSSL now
follows a semantic versioning-like versioning scheme we expect to be able to
update to the next long term supported version of OpenSSL during the lifetime of
Node.js 22.x.

pnpm/pnpm (pnpm)

v9.12.3: pnpm 9.12.3

Compare Source

Patch Changes

• Don't purge node_modules, when typing "n" in the prompt that asks whether to remove node_modules before installation #​8655.
• Fix a bug causing pnpm to infinitely spawn itself when manage-package-manager-versions=true is set and the .tools directory is corrupt.
• Use crypto.hash, when available, for improved performance #​8629.
• Fixed a race condition in temporary file creation in the store by including worker thread ID in filename. Previously, multiple worker threads could attempt to use the same temporary file. Temporary files now include both process ID and thread ID for uniqueness #​8703.
• All commands should read settings from the package.json at the root of the workspace #​8667.
• When manage-package-manager-versions is set to true, errors spawning a self-managed version of pnpm will now be shown (instead of being silent).
• Pass the find command to npm, it is an alias for npm search

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: smoketest/origin/go.sum

Command failed: go get -d -t ./...
go: -d flag is deprecated. -d=true is a no-op
go: ftl/origin imports
	ftl/builtin: package ftl/builtin is not in std (/opt/containerbase/tools/golang/1.23.2/src/ftl/builtin)

File name: smoketest/relay/go.sum

Command failed: go get -d -t ./...
go: -d flag is deprecated. -d=true is a no-op
go: ftl/relay imports
	ftl/origin: package ftl/origin is not in std (/opt/containerbase/tools/golang/1.23.2/src/ftl/origin)

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.