chore(deps): update regex

[renovate]

This PR contains the following updates:

Package	Update	Change
aquasecurity/trivy	minor	v0.70.0 → v0.71.0
kubevirt/kubevirt	patch	v1.8.2 → v1.8.3
terraform-linters/tflint	minor	v0.62.1 → v0.63.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

aquasecurity/trivy (aquasecurity/trivy)

v0.71.0

Compare Source

⚡ Highlights ⚡

👉 https://redirect.github.com/aquasecurity/trivy/discussions/10767

Changelog

https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0710-2026-06-01

kubevirt/kubevirt (kubevirt/kubevirt)

v1.8.3

Compare Source

tag v1.8.3
Tagger: Federico Fossemo ffossemo@redhat.com

This release follows v1.8.2 and consists of 75 changes, contributed by 21 people, leading to 457 files changed, 81936 insertions(+), 33796 deletions(-).

The source code and selected binaries are available for download at: https://github.com/kubevirt/kubevirt/releases/tag/v1.8.3.

The primary release artifact of KubeVirt is the git tree. The release tag is
signed and can be verified using git tag -v v1.8.3.

Pre-built containers are published on Quay and can be viewed at: https://quay.io/kubevirt/.

Notable changes

• [PR #​17988][kubevirt-bot] Fix symlink traversal in VMExport dir handler
• [PR #​17876][nirdothan] Fixed VMI status reporting the pod's IPv6 address instead of the guest's when using bridge binding on a network with IPv6 IPAM.
• [PR #​17660][kubevirt-bot] Updated virt-template to v0.1.8
• [PR #​17745][kubevirt-bot] Fixed virt-controller DRA claim rendering for GPU/HostDevice resources by preserving per-device claim/request tuples (including shared claim names with different requests).
• [PR #​17863][fossedihelm] Fixed multi-device VFIO passthrough VMs failing to start with "cannot limit locked memory" by scaling virt-handler's memlock rlimit to account for per-device memory locking, matching libvirt's calculation introduced in v8.7.0.
• [PR #​17823][kubevirt-bot] Fix VirtualMachineStuckOnNode and VMCannotBeEvicted alerts failing during live migration due to duplicate kubevirt_vmi_info series
• [PR #​17727][mhenriks] Gate PCI topology on machine type, not just architecture
• [PR #​17761][kubevirt-bot] Bug fix: virt-operator error messages no longer dump entire resource structs via %+v, preventing the KubeVirt CR from exceeding the etcd 3MB object size limit when resource creation fails
• [PR #​17658][dshchedr] Fixed GuestPanicked event details for non-root virt-launcher
• [PR #​17765][kubevirt-bot] fix: cross-namespace live migration now works on IPv6 clusters
• [PR #​17738][kubevirt-bot] Fix VM with PCI hostdev failing to restart after hotplug block volume
• [PR #​17706][avlitman] multiple recording rules are deprecated in favor of new names, in order to comply with the recording rules naming conventions. kubevirt_vm_created_total recording rule and kubevirt_vm_created_by_pod_total metric are deprecated completely
• [PR #​17646][kubevirt-bot] Fixed virt-api truncating deep subresources (vnc/screenshot, sev/*, evacuate/cancel) when constructing SubjectAccessReviews, causing authorization checks against incorrect subresource names.
• [PR #​17631][kubevirt-bot] VEP-10: bug fixes for DRA Devices to align kubevirt implementation to KEP-5304
• [PR #​17590][sbiradar10] Bump google.golang.org/grpc to 1.79.3 to remediate CVE GHSA-p77j-4mvh-x3m3
• [PR #​17612][kubevirt-bot] Fix: GuestAgentPing liveness/readiness probes no longer cause Kubernetes to restart the virt-launcher pod when the guest agent is temporarily unreachable for a non-fault reason; suppression covers live migration (both pre-copy target and post-copy source) and any intentional or transient VM pause such as user pause, snapshot, save, or dump.

Contributors

21 people contributed to this release:

9 Jed Lejosne jed@redhat.com
6 Lee Yarwood lyarwood@redhat.com
5 Nir Dothan ndothan@redhat.com
5 fossedihelm ffossemo@redhat.com
3 Alay Patel alayp@nvidia.com
3 Michael Henriksen mhenriks@redhat.com
3 Or Shoval oshoval@redhat.com
2 Shirly Radco sradco@redhat.com
2 Simone Tiraboschi stirabos@redhat.com
1 Alex Kalenyuk akalenyu@redhat.com
1 Denys Shchedrivyi dshchedr@redhat.com
1 Emanuele Prella eprella@redhat.com
1 Felix Matouschek fmatouschek@redhat.com
1 Harshitha MS harshitha.ms@ibm.com
1 Michal Skrivanek michal.skrivanek@redhat.com
1 Samuel Albershtein salbersh@redhat.com
1 Shiwani Biradar sbiradar@redhat.com
1 avlitman alitman@redhat.com
1 dsionov dsionov@redhat.com

Additional Resources

• Mailing list: https://groups.google.com/forum/#!forum/kubevirt-dev
• Slack: https://kubernetes.slack.com/messages/virtualization
• An easy to use demo: https://github.com/kubevirt/demo
• How to contribute
• License

---

-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQT336LhfFzgGMwYm4OriYWHZ3eqPAUCaiAx0wAKCRCriYWHZ3eq
PMaFAP9jeRNDbhf8Ypeg4iz+SDlKkz6GhBxhr9vdC2+dnjmu3QEAy3sh6/YAM0U9
85tsDC+DUftR/xnIhTHQKhzFylJ1DQM=
=iJs2
-----END PGP SIGNATURE-----

terraform-linters/tflint (terraform-linters/tflint)

v0.63.1

Compare Source

What's Changed

[!NOTE]
This release contains only a fix for the release pipeline; the actual behavior remains unchanged from v0.63.0.

Chores

• Pass the GitHub App token as the step output by @​wata727 in #​2553
• Remove unneeded job dependency by @​wata727 in #​2554

Full Changelog: terraform-linters/tflint@v0.63.0...v0.63.1

v0.63.0

Compare Source

What's Changed

[!NOTE]
Due to a release pipeline issue, this release does not have a corresponding artifact attestation.
If you need to pass gh attestation verify, please use v0.63.1.

Enhancements

• Add support for Terraform v1.15 by @​wata727 in #​2521
• Bump tflint-ruleset-terraform to v0.15.0 by @​wata727 in #​2551

Chores

• Migrate homebrew-core to third-party tap by @​wata727 in #​2531
• Revise installation instructions in README.md by @​wata727 in #​2532
• build(deps): Bump sigstore/cosign-installer from 4.1.1 to 4.1.2 by @​dependabot[bot] in #​2535
• build(deps): Bump the go-x group with 3 updates by @​dependabot[bot] in #​2536
• Migrate homebrew auto bump action to GoReleaser by @​wata727 in #​2534
• Fix variable reference for client-id in release.yml by @​wata727 in #​2537
• build(deps): Bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 by @​dependabot[bot] in #​2546
• build(deps): Bump docker/build-push-action from 7.1.0 to 7.2.0 by @​dependabot[bot] in #​2548
• build(deps): Bump docker/metadata-action from 6.0.0 to 6.1.0 by @​dependabot[bot] in #​2549
• build(deps): Bump docker/login-action from 4.1.0 to 4.2.0 by @​dependabot[bot] in #​2550
• build(deps): Bump the go-x group with 2 updates by @​dependabot[bot] in #​2547
• build(deps): Bump google.golang.org/grpc from 1.81.0 to 1.81.1 by @​dependabot[bot] in #​2542
• build(deps): Bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2 by @​dependabot[bot] in #​2540
• build(deps): Bump golang from 1.26-alpine3.23 to 1.26.3-alpine3.23 by @​dependabot[bot] in #​2541
• build(deps): Bump alpine from 3.23 to 3.23.4 by @​dependabot[bot] in #​2539
• Add warning message to installation script by @​wata727 in #​2533

Full Changelog: terraform-linters/tflint@v0.62.1...v0.63.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.