Bump github.com/fluxcd/source-controller/api from 1.7.4 to 1.8.0

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps github.com/fluxcd/source-controller/api from 1.7.4 to 1.8.0.

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.8.0

Changelog

v1.8.0 changelog

Container images

• docker.io/fluxcd/source-controller:v1.8.0
• ghcr.io/fluxcd/source-controller:v1.8.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.8.0

Release date: 2026-02-17

This minor release comes with Helm v4 support, cosign v3 verification, and various improvements.

⚠️ The v1beta2 APIs were removed. Before upgrading the CRDs, Flux users must run flux migrate to migrate the cluster storage off v1beta2.

HelmChart

The HelmChart controller now uses Helm v4. The HelmRepository type oci has been moved to maintenance mode, users should migrate to OCIRepository.

CRD validation for v1 has been aligned with v1beta2 so that invalid specs are rejected at admission time.

OCIRepository

The OCIRepository controller now supports verifying artifacts signed with both cosign v2 and cosign v3.

GitRepository

The github provider now supports looking up the GitHub App installation ID automatically, removing the need to configure it manually.

General updates

In addition, the Kubernetes dependencies have been updated to v1.35.0 and the controller is now built with Go 1.26.

Improvements:

• Upgrade Helm to v4 #1953 #1958 #1980
• Discover cosign v3 NewBundleFormat for verification #1961
• Introduce support for looking up GH app installation ID #1963
• Remove deprecated APIs in group source.toolkit.fluxcd.io/v1beta2 #1983
• Docs: Move HelmRepository type oci to maintenance mode #1985
• sourcev1: align CRD validation with v1beta2 #1944
• Various dependency updates

... (truncated)

Commits

• 7fbbcd6 Merge pull request #1988 from fluxcd/release-v1.8.0
• 7664502 Release v1.8.0
• d812004 Add changelog entry for v1.8.0
• a73fcfc Merge pull request #1987 from fluxcd/update-pkg-deps/main
• c32dfc1 Update fluxcd/pkg dependencies
• 2bbbffc Merge pull request #1986 from fluxcd/cmd-bump
• 94ca3b5 Introduce workflow for bumping fluxcd/pkg deps
• 9f6d639 Merge pull request #1985 from fluxcd/hr-oci-maintenance
• 79727ec Docs: Move HelmRepository type oci to maintenance mode
• e3fb3e7 Merge pull request #1984 from fluxcd/go-1.26
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)