fix(deps): update all ungrouped dependencies

[elastic-renovate-prod]

This PR contains the following updates:

Package	Type	Update	Change
docker.elastic.co/wolfi/static	final	digest	d4c20db -> d44809c
golang.org/x/oauth2	require	minor	v0.32.0 -> v0.33.0
google.golang.org/api	require	minor	v0.255.0 -> v0.256.0
helm.sh/helm/v3	require	patch	v3.19.0 -> v3.19.1
sigs.k8s.io/kustomize/kyaml	require	minor	v0.20.1 -> v0.21.0

---

Release Notes

googleapis/google-api-go-client (google.golang.org/api)

v0.256.0

Compare Source

Features

• all: Auto-regenerate discovery clients (#​3366) (997c613)
• all: Auto-regenerate discovery clients (#​3368) (57e958d)
• all: Auto-regenerate discovery clients (#​3369) (5d436f7)
• all: Auto-regenerate discovery clients (#​3370) (140a610)
• all: Auto-regenerate discovery clients (#​3371) (39a2bc0)

helm/helm (helm.sh/helm/v3)

v3.19.1: Helm v3.19.1

Compare Source

Helm v3.19.1 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.19.1. The common platform binaries are here:

• MacOS amd64 (checksum / 567f50c5855c45e85ecfa50846bf30adad5d68e1d35ff216866b4897e91bcb80)
• MacOS arm64 (checksum / 080f320cfc4ee3816fd6c8f73820f4b3d941b10f709e69bf9afd78f8f8e7c92a)
• Linux amd64 (checksum / 966bed9b1e0dda11268f59bd7268c3cd3e308b37b070546e1d78a02526ff63f2)
• Linux arm (checksum / cd21c7ee767b4138e13ca856f102732cae7270c1bbe6d080a3d98153953550ac)
• Linux arm64 (checksum / ceed150305a1d1ef4a37923a7f66931a6807c34a38ea487fa8340e102dd2c7f7)
• Linux i386 (checksum / be3b70efa7b0ddaddd60d94ef0a37b69e22a5ee05efbec579729cdaacc2e7c5e)
• Linux ppc64le (checksum / acb8a92d873cc2ae2dd44593d88a0bc3a78eb7abd6b3784c3fced9e005401018)
• Linux s390x (checksum / 279dcdeaa9f3b42c8558e6e1815466852a80bd373f9a9e83ae7f724ff2cda17f)
• Linux riscv64 (checksum / ed0a8b03c2163157a948a67702d1884f4936575f9be953c673748b41bd2a9881)
• Windows amd64 (checksum / 3fd3ab4a47364c04c51e0e7387e0598aa2c8c43dd535128665aa43e695cec11e)
• Windows arm64 (checksum / 361b04b599ada09be194461cd0347db20276849c22f57adc697963d57a515c6a)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 4.0.0 is the next major release and will be on November 12, 2025
• 3.19.2 and 4.0.01 are the next patch releases and will be on December 10, 2025
• 3.20.0 and 4.1.0 is the next minor releases and will be on January 21, 2026

Changelog

• chore(deps): bump github.com/containerd/containerd from 1.7.28 to 1.7.29 4f953c2 (dependabot[bot])
• jsonschema: warn and ignore unresolved URN $ref to match v3.18.4 6801f4d (Benoit Tigeot)
• Avoid "panic: interface conversion: interface {} is nil" 2f619be (Benoit Tigeot)
• Fix helm pull untar dir check with repo urls 8112d47 (Luna Stadler)
• Fix deprecation warning 5dff7ce (Benoit Tigeot)
• chore(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.10 2dad4d2 (dependabot[bot])
• Add timeout flag to repo add and update flags a833710 (Reinhard Nägele)
• chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.43.0 2e12c81 (Dirk Müller)

---

Configuration

📅 Schedule: Branch creation - "after 1am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[elastic-renovate-prod]

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.

[prodsecmachine]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Licenses	0	0	0	0	0 issues
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[elastic-renovate-prod]

ℹ Artifact update notice

File name: hack/helm/release/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 5 additional dependencies were updated

Details:

Package	Change
github.com/cyphar/filepath-securejoin	v0.4.1 -> v0.6.0
github.com/googleapis/enterprise-certificate-proxy	v0.3.6 -> v0.3.7
golang.org/x/oauth2	v0.32.0 -> v0.33.0
golang.org/x/sync	v0.17.0 -> v0.18.0
google.golang.org/genproto/googleapis/rpc	v0.0.0-20251029180050-ab9386a59fda -> v0.0.0-20251103181224-f26f9409b101

File name: hack/manifest-gen/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 8 additional dependencies were updated

Details:

Package	Change
github.com/cyphar/filepath-securejoin	v0.4.1 -> v0.6.0
github.com/spf13/pflag	v1.0.9 -> v1.0.10
golang.org/x/crypto	v0.41.0 -> v0.43.0
golang.org/x/net	v0.42.0 -> v0.45.0
golang.org/x/sync	v0.16.0 -> v0.17.0
golang.org/x/sys	v0.35.0 -> v0.37.0
golang.org/x/term	v0.34.0 -> v0.36.0
golang.org/x/text	v0.28.0 -> v0.30.0