chore(deps): update dependency derailed/k9s to v0.40.6

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
derailed/k9s	patch	0.40.5 -> 0.40.6

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

derailed/k9s (derailed/k9s)

v0.40.6

Compare Source

Release v0.40.6

Notes

Thank you to all that contributed with flushing out issues and enhancements for K9s!
I'll try to mark some of these issues as fixed. But if you don't mind grab the latest rev
and see if we're happier with some of the fixes!
If you've filed an issue please help me verify and close.

Your support, kindness and awesome suggestions to make K9s better are, as ever, very much noted and appreciated!
Also big thanks to all that have allocated their own time to help others on both slack and on this repo!!

As you may know, K9s is not pimped out by corps with deep pockets, thus if you feel K9s is helping your Kubernetes journey,
please consider joining our sponsorship program and/or make some noise on social! @​kitesurfer

On Slack? Please join us K9slackers

Maintenance Release!

Breaking change

Moved portForwardAddress out of clusterXXX/contextYYY/config.yaml and into the main K9s config file.
This is a global preference based on your setup vs a cluster/context specific attribute.
K9s will nag you in the logs if a specific context config still contains this attribute but should not prevent the configuration load.

Column Blow Reloaded!

We've added another property to the custom view. You can now also specify namespace specific column definition for a given resource.
For instance, view pods in any namespace using one configuration and view pods in fred namespace using an alternate configuration.

### views.yaml
views:

### Using this for all pods...
  v1/pods:
    columns:
      - AGE
      - NAMESPACE|WR                                     # => 🌚 Specifies the NAMESPACE column to be right aligned and only visible while in wide mode
      - ZORG:.metadata.labels.fred\.io\.kubernetes\.blee # => 🌚 extract fred.io.kubernetes.blee label into it's own column
      - BLEE:.metadata.annotations.blee|R                # => 🌚 extract annotation blee into it's own column and right align it
      - NAME
      - IP
      - NODE
      - STATUS
      - READY
      - MEM/RL|S                                         # => 🌚 Overrides std resource default wide attribute via `S` for `Show`
      - '%MEM/R|'                                        # => NOTE! column names with non alpha names need to be quoted as columns must be strings!

### Use this instead for pods in namespace `fred`
   v1/pods@fred:                                         # => 🌚 New v0.40.6! Customize columns for a given resource and namespace!
    columns:
      - AGE
      - NAMESPACE|WR

Additionally, we've added a new column attribute aka Show -> S. This allows you to now override the default resource column wide attribute when set.

---

Videos Are In The Can!

Please dial K9s Channel for up coming content...

• K9s v0.40.0 -Column Blow- Sneak peek
• K9s v0.31.0 Configs+Sneak peek
• K9s v0.30.0 Sneak peek
• Vulnerability Scans

---

Resolved Issues

• #​3179 Resource name with full api or group displayed (somewhere and sometimes)
• #​3178 Cronjobs with the same name in different namespaces appear together
• #​3176 Trigger all marked cronjobs
• #​3162 Context configs: context directory created under wrong cluster after context switch
• #​3161 Force wide-only columns to appear outside of wide view
• #​3147 Prompt style is overriden by body
• #​3139 CPU/R:L and MEM/R:L columns invalid in views.yaml
• #​3138 Subresources are not shown correctly in the RBAC view

---

Contributed PRs

Please be sure to give Big Thanks! and ATTA Girls/Boys! to all the fine contributors for making K9s better for all of us!!

• #​3182 fix: Use the latest version when downloading the Ubuntu deb file
• #​3168 fix(history): handle cases where special commands add their command their command to the history
• #​3159 Added hard contrast gruvbox skins
• #​3149 fix: Pass grv on gotoResource as a String to fix non-default apiGroup list
• #​3149 Add externalsecrets plugin
• #​3140 fix: Avoid false positive matches in enableRegion (#​3093)

© 2025 Imhotep Software LLC. All materials licensed under Apache v2.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/k9s:0.40.6

📦 Image Reference ghcr.io/uniget-org/tools/k9s:0.40.6

digest	sha256:f9e107fb8dd86dc12499095e859cf801a743fb04131cde9fd4ba6a1b1bd761b4
vulnerabilities
platform	linux/amd64
size	37 MB
packages	326

golang.org/x/crypto 0.33.0 (golang) pkg:golang/golang.org/x/crypto@0.33.0 Affected range <0.35.0 Fixed version 0.35.0 Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

golang.org/x/oauth2 0.25.0 (golang) pkg:golang/golang.org/x/oauth2@0.25.0 Affected range <0.27.0 Fixed version 0.27.0 Description An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

github.com/aws/aws-sdk-go 1.44.288 (golang) pkg:golang/github.com/aws/aws-sdk-go@1.44.288 Affected range >=0 Fixed version Not Fixed Description A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket and can observe whether or not an endpoint with access to the key can decrypt a file, they can reconstruct the plaintext with (on average) 128*length (plaintext) queries to the endpoint, by exploiting CBC's ability to manipulate the bytes of the next block and PKCS5 padding errors. It is recommended to update your SDK to V2 or later, and re-encrypt your files. Affected range >=0 Fixed version Not Fixed Description A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files.

k8s.io/apiserver 0.32.2 (golang) pkg:golang/k8s.io/apiserver@0.32.2 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <1.15.10 Fixed version 1.15.10, 1.16.7, 1.17.3 CVSS Score 4.3 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Description The Kubernetes API server component has been found to be vulnerable to a denial of service attack via successful API requests.

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/13755055013.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/13755055013.