fix(deps): bump github.com/fluxcd/image-automation-controller/api from 0.40.0 to 0.41.0

[dependabot]

Bumps github.com/fluxcd/image-automation-controller/api from 0.40.0 to 0.41.0.

Release notes

Sourced from github.com/fluxcd/image-automation-controller/api's releases.

v0.41.0

Changelog

v0.41.0 changelog

Container images

• docker.io/fluxcd/image-automation-controller:v0.41.0
• ghcr.io/fluxcd/image-automation-controller:v0.41.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/image-automation-controller/api's changelog.

0.41.0

Release date: 2025-05-28

This prerelease comes with support for updating image digests, for configuring mTLS with HTTPS Git repositories, and with caching Git provider access tokens.

ImagePolicy API now supports reflecting image digests in-cluster. By integrating with this feature the ImageUpdateAutomation API can now update image digests in YAML manifests. See this guide for more details.

The controller now caches Git provider access tokens by default. This behavior can be disabled or fine-tuned by adjusting the token cache controller flags (see docs). The token cache also exposes metrics that are documented here.

For configuring mTLS with HTTPS Git repositories see the GitRepository docs.

In addition, the Kubernetes dependencies have been updated to v1.33 and various other controller dependencies have been updated to their latest version. The controller is now built with Go 1.24.

Fixes:

• Fix tag parsing logic misinterpreting host:port registry url #893

Improvements:

• Update digest of latest image #902
• Introduce token cache for Git provider access tokens #861 #895 #897
• Add support for mutual TLS to Git HTTP/S operations #886
• Support for all recognized Kustomize config file names #864
• Various dependency updates #916 #908 #900 #896 #898 #891

... (truncated)

Commits

• b4ad41b Merge pull request #917 from fluxcd/release-v0.41.0
• b09cceb Release v0.41.0
• 4f207d5 Merge pull request #916 from fluxcd/update-sc
• e5ae409 Update dependencies
• 48b16c2 Merge pull request #902 from fluxcd/update-digests
• 806d410 Update digest of latest image
• 4addc4e Merge pull request #908 from fluxcd/dependabot/github_actions/ci-773070ff14
• 82f0853 Bump the ci group across 1 directory with 4 updates
• f7387cc Merge pull request #913 from fluxcd/rfc-0010-docs
• 3d434f0 [RFC-0010] Link workload identity docs to complete guide
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)