chore(deps): Update testing-tools

[github-actions]

This PR contains the following updates:

Package	Type	Update	Change
fluxcd/flux2	testing_tools	patch	v2.8.7 → v2.8.8
helmfile/helmfile	testing_tools	patch	v1.5.1 → v1.5.2

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

fluxcd/flux2 (fluxcd/flux2)

v2.8.8

Compare Source

Highlights

Flux v2.8.8 is a patch release that includes CVE fixes via go-git v5.19.1 (source-controller, image-automation-controller), reliability fixes in helm-controller and source-controller, the move of Helm back to upstream v4.2.0, support for GCP sovereign cloud artifact registries, and dependency updates. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

• Add a configurable HTTP timeout for artifact fetching, preventing fetches that could block indefinitely and stall reconciliations (helm-controller)
• Fix unbounded memory growth caused by a Kubernetes client transport retry wrapper accumulating on every reconcile (helm-controller)
• Stop force-applying non-CRD objects placed under a chart's crds/ directory (helm-controller)
• Fix the Helm test action failing to find releases with names longer than 53 characters (helm-controller)
• Improve path handling in the source reconcilers (source-controller)
• Support Helm semver build-metadata encoding in OCIRepository tags (source-controller)

Improvements:

• Update go-git to v5.19.1 which fixes CVE-2026-45571 and CVE-2026-45570 (source-controller, image-automation-controller)
• Move Helm back to upstream v4.2.0 (source-controller, helm-controller)
• Add support for GCP sovereign cloud artifact registries (source-controller, image-reflector-controller)
• Upgrade Kubernetes to 1.36.1 (source-controller, helm-controller)
• Update fluxcd/pkg dependencies

Components changelog

• helm-controller v1.5.5
• image-automation-controller v1.1.4
• image-reflector-controller v1.1.2
• source-controller v1.8.5

CLI changelog

• Update toolkit components by @​fluxcdbot in #​5904

Full Changelog: fluxcd/flux2@v2.8.7...v2.8.8

helmfile/helmfile (helmfile/helmfile)

v1.5.2

Compare Source

What's Changed

• Bump Helm support to 3.21.0 and 4.2.0 by @​Copilot in #​2588
• bump helm-diff to v3.15.7 by @​Copilot in #​2591
• fix: refresh Chart.lock after rewriting file:// dependencies by @​sstarcher in #​2587
• feat: support HELMFILE_KUBE_CONTEXT env var for default kube context by @​dschmidt in #​2593
• feat: support HELMFILE_NAMESPACE env var for default namespace by @​dschmidt in #​2592
• fix: normalize dependency chart path before DirectoryExistsAt check by @​yxxhero in #​2598
• Add jsonPatches regression coverage for chartify lookup rendering by @​Copilot in #​2586
• feat: add defaultInherit for automatic release template inheritance by @​yxxhero in #​2600
• fix: restore kubedog status progress output during tracking by @​yxxhero in #​2602
• feat: show diff preview when sync --interactive is used by @​vomba in #​2603
• build(deps): bump github.com/containerd/containerd from 1.7.30 to 1.7.32 by @​dependabot[bot] in #​2607
• feat: support HELMFILE_* env vars for more global flags by @​dschmidt in #​2606

New Contributors

• @​vomba made their first contribution in #​2603

Full Changelog: helmfile/helmfile@v1.5.1...v1.5.2

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[github-actions]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: .settings.yaml

Post-upgrade command './tools/update-helmfile-checksums v1.5.2' has not been added to the allowed list in allowedCommands

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[github-actions]

Coverage Report ✅

Metric	Value
Coverage	77.0%
Threshold	75%
Status	Pass

Coverage Badge

![Coverage](https://img.shields.io/badge/coverage-77.0%25-green)

No Go source files changed in this PR.