Skip to content

chore(deps): update sops to v3.13.0#21728

Open
uniget-bot wants to merge 1 commit intomainfrom
renovate/sops-3.x
Open

chore(deps): update sops to v3.13.0#21728
uniget-bot wants to merge 1 commit intomainfrom
renovate/sops-3.x

Conversation

@uniget-bot
Copy link
Copy Markdown

@uniget-bot uniget-bot commented May 9, 2026

This PR contains the following updates:

Package Update Change
sops minor 3.12.23.13.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

getsops/sops (sops)

v3.13.0

Compare Source

Improvements:

  • Dependency updates (#​2110,
    #​2133, #​2142,
    #​2146, #​2144,
    #​2152, #​2159,
    #​2165, #​2171).
  • Improve error messages for top-level arrays (#​2138).
  • Improve use of gpg-agent for password-protected age keys.
    The passwords are now associated with an identifier that
    includes a hash of the public key's content, instead of
    using the environment variable or path (that was sometimes too long
    and caused errors) (#​2145).
  • Allow to use SOPS_GCP_KMS_ENDPOINT and SOPS_GCP_KMS_UNIVERSE_DOMAIN
    to configure alternative clouds using GCP's API (#​2114).
  • Preserve YAML inline comments as inline comments, instead of converting
    them to line comments (#​2131).
  • SOPS_AGE_KEY can now contain space-separated public keys (#​2086).
  • An allowlist for HashiCorp Vault URLs (and thus also OpenBoa URLs)
    can now be configured with SOPS_HC_VAULT_ALLOWLIST.
    The default is all, which does not restrict which URLs
    to connect to (#​2164).
  • The metadata flattening and unflattening code for INI and DotEnv files
    has been rewritten, and generally metadata handling has been changed
    to use mapstructure.
    This should not result in observable behavior changes for users
    (#​2120).

Bugfixes:

  • sops exec-file on other platforms than Windows was setting the user ID
    as the (effective) group ID. Now the user's group ID is used (#​2154).
  • sops exec-file now rejects non-local paths in --filename (#​2155).
  • The --indent parameter was ignored for subcommands (#​2156).

Project changes:

Configuration

📅 Schedule: (in timezone Europe/Berlin)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

nicholasdille-bot
nicholasdille-bot approved these changes May 9, 2026
View reviewed changes
Copy link
Copy Markdown

@nicholasdille-bot nicholasdille-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved because label type/renovate is present.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 9, 2026

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/sops:3.13.0

📦 Image Reference ghcr.io/uniget-org/tools/sops:3.13.0
digestsha256:eac24ac2a7d457f9fb5cfd5a4d04705401b839ed3e75a14c5fb60f778d6b344b
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
platformlinux/amd64
size16 MB
packages173

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nicholasdille-bot nicholasdille-bot nicholasdille-bot approved these changes

Assignees

No one assigned

Labels

bump/minor type/renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@uniget-bot @nicholasdille-bot @renovate-bot