Releases: chainguard-dev/apko
Releases · chainguard-dev/apko
Release v0.14.4
Contributors
imjasonh
Assets 20
Release v0.14.3
What's Changed
Full Changelog: v0.14.2...v0.14.3
Contributors
xnox
Assets 20
Release v0.14.2
What's Changed
- build(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0 by @dependabot in #1109
- build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in #1112
- build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by @dependabot in #1114
- build(deps): bump golangci/golangci-lint-action from 5.1.0 to 6.0.1 by @dependabot in #1115
- build(deps): bump sigs.k8s.io/release-utils from 0.8.1 to 0.8.2 by @dependabot in #1113
- Bump go-apk by @jonjohnsonjr in #1120
- Fix duplicates when overlaying the config with config with no contents by @sfc-gh-mhazy in #1119
- Bump go-apk to pick up conflict fix by @jonjohnsonjr in #1124
- Bump go-apk by @jonjohnsonjr in #1125
- spdx: allow specifying custom license by @xnox in #1127
- build(deps): bump github/codeql-action from 3.25.4 to 3.25.6 by @dependabot in #1132
- build(deps): bump github.com/package-url/packageurl-go from 0.1.2 to 0.1.3 by @dependabot in #1129
- build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 by @dependabot in #1122
- build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in #1130
- build(deps): bump step-security/harden-runner from 2.7.1 to 2.8.0 by @dependabot in #1135
- build(deps): bump go.opentelemetry.io/otel from 1.26.0 to 1.27.0 by @dependabot in #1134
- sbom: fixup merging LicensingInfos during Image SBOM generation by @xnox in #1133
New Contributors
Full Changelog: v0.14.1...v0.14.2
Contributors
xnox, jonjohnsonjr, and 2 other contributors
Assets 20
Release v0.14.1
What's Changed
- Make apko dot show errors by @jonjohnsonjr in #1024
- build(deps): bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #978
- build(deps): bump github.com/sigstore/cosign/v2 from 2.2.1 to 2.2.3 by @dependabot in #1026
- build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.4.0 by @dependabot in #1025
- build(deps): bump github/codeql-action from 2.22.6 to 3.23.2 by @dependabot in #1018
- build(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.19.0 by @dependabot in #1021
- build(deps): bump github.com/chainguard-dev/clog from 1.2.3-0.20240116182827-04bee692f7a8 to 1.3.0 by @dependabot in #1019
- use charm logger by @imjasonh in #1028
- Plumb ctx through daemon package by @jonjohnsonjr in #1029
- Cancel context on interrupt signal by @jonjohnsonjr in #1030
- move some logs to debug, avoid duplicate work/logs by @imjasonh in #1034
- Preserve APK hardlinks by @jonjohnsonjr in #1038
- Make sure we clean up after ourselves by @jonjohnsonjr in #1040
- Allow apko dot to be cancelled by @jonjohnsonjr in #1031
- Drop creating group log by @jonjohnsonjr in #1045
- Store checksum of apko-config in the lock-file to detect changes in origin. by @sfc-gh-ptabor in #1012
- build(deps): bump github.com/chainguard-dev/clog from 1.3.0 to 1.3.1 by @dependabot in #1033
- build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0 by @dependabot in #1035
- build(deps): bump github/codeql-action from 3.23.2 to 3.24.5 by @dependabot in #1048
- build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @dependabot in #1041
- build(deps): bump go.opentelemetry.io/otel from 1.22.0 to 1.24.0 by @dependabot in #1049
- Bump go-apk by @jonjohnsonjr in #1050
- build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #1055
- build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in #1053
- Bump go-apk by @jonjohnsonjr in #1059
- build(deps): bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 by @dependabot in #1058
- build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #1061
- build(deps): bump k8s.io/apimachinery from 0.28.3 to 0.29.2 by @dependabot in #1043
- build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 by @dependabot in #1064
- Add more spans around potentially slow ops by @jonjohnsonjr in #1065
- build(deps): bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 by @dependabot in #1066
- build(deps): bump github/codeql-action from 3.24.7 to 3.24.8 by @dependabot in #1067
- Add Harden Runner audit configs by @jedsalazar in #1062
- build(deps): bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible by @dependabot in #1072
- ignore Files when generating SBOMs by @imjasonh in #1073
- build(deps): bump github.com/charmbracelet/log from 0.3.2-0.20240205220859-7a3834f9b367 to 0.4.0 by @dependabot in #1074
- build(deps): bump github/codeql-action from 3.24.8 to 3.24.9 by @dependabot in #1075
- build(deps): bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.0 by @dependabot in #1078
- build(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 by @dependabot in #1077
- build(deps): bump github/codeql-action from 3.24.9 to 3.24.10 by @dependabot in #1085
- build(deps): bump go.opentelemetry.io/otel from 1.24.0 to 1.25.0 by @dependabot in #1084
- build(deps): bump sigs.k8s.io/release-utils from 0.8.0 to 0.8.1 by @dependabot in #1083
- build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 by @dependabot in #1081
- build(deps): bump golang.org/x/sys from 0.18.0 to 0.19.0 by @dependabot in #1080
- Prepare testdata for "apko on top of base image" by @sfc-gh-mhazy in #1076
- build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #1087
- build(deps): bump github.com/sigstore/cosign/v2 from 2.2.3 to 2.2.4 by @dependabot in #1088
- build(deps): bump github/codeql-action from 3.24.10 to 3.25.0 by @dependabot in #1089
- build(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 in the go_modules group by @dependabot in #1094
- build(deps): bump github/codeql-action from 3.25.0 to 3.25.1 by @dependabot in #1092
- feat(user): Allow overriding the default shell by @EyeCantCU in #1097
- Base image support in
buildandlockby @sfc-gh-mhazy in #1086 - build(deps): bump github/codeql-action from 3.25.1 to 3.25.2 by @dependabot in #1099
- build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #1098
- build(deps): bump github/codeql-action from 3.25.2 to 3.25.3 by @dependabot in #1103
- build(deps): bump go.opentelemetry.io/otel from 1.25.0 to 1.26.0 by @dependabot in #1102
- build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in #1101
- build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #1100
- spdx: remove more mentions of files by @imjasonh in #1095
- build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.1.0 by @dependabot in #1104
- build(deps): bump step-security/harden-runner from 2.7.0 to 2.7.1 by @dependabot in #1105
- build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #1106
- fix: remove default supplier for index SBOMs by @imjasonh in #1110
New Contributors
- @jedsalazar made their first contribution in #1062
- @sfc-gh-mhazy made their first contribution in #1076
- @EyeCantCU made their first contribution in #1097
Full Changelog: v0.14.0...v0.14.1
Contributors
imjasonh, jedsalazar, and 5 other contributors
Assets 20
Release v0.14.0
What's Changed
- drop deprecated options field by @imjasonh in #1009
- remove unused AdditionalTags method by @imjasonh in #1010
- simplify pkg/log, use slog and clog by @imjasonh in #1011
- Add test and trailing new line to
apko.lock.jsonfiles. by @sfc-gh-ptabor in #1000 - Audit workflow permissions by @mattmoor in #1017
- Plumb offline flags around more by @jonjohnsonjr in #1022
- Bump go-apk to pick up new solver behavior by @jonjohnsonjr in #1023
Full Changelog: v0.13.3...v0.14.0
Contributors
imjasonh, mattmoor, and 2 other contributors
Assets 20
Release v0.13.3
What's Changed
- Drop multierror for errgroup by @jonjohnsonjr in #999
- Return better error messages for missing config by @jonjohnsonjr in #1005
- build(deps): bump github.com/cloudflare/circl from 1.3.5 to 1.3.7 by @dependabot in #1007
Full Changelog: v0.13.2...v0.13.3
Contributors
jonjohnsonjr and dependabot
Assets 20
Release v0.13.2
What's Changed
- build(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.11.0 by @dependabot in #983
Full Changelog: v0.13.1...v0.13.2
Contributors
dependabot
Assets 20
Release v0.13.1
What's Changed
- Strip leading slash before sbom ownership check by @jonjohnsonjr in #995
Full Changelog: v0.13.0...v0.13.1
Contributors
jonjohnsonjr
Assets 20
Release v0.13.0
What's Changed
- Support for locking packages to the versions from the 'apko.lock.json' file. by @sfc-gh-ptabor in #979
- Make sure list of 'repositories' in the 'resolved.json.file' is complete. by @sfc-gh-ptabor in #981
- Ensure jsonschema is kept up to date. by @wlynch in #967
- build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #989
- Fix duplicate IDB entries by @jonjohnsonjr in #990
- Change testdata to be a bit smaller by @jonjohnsonjr in #992
- Add golden tests by @jonjohnsonjr in #991
- Use idb to drive sbom file inclusion by @jonjohnsonjr in #993
- Update NEWS.md for v0.13.0 by @jonjohnsonjr in #994
New Contributors
- @sfc-gh-ptabor made their first contribution in #979
Full Changelog: v0.12.0...v0.13.0
Contributors
wlynch, jonjohnsonjr, and 2 other contributors
Assets 20
Release v0.12.0
What's Changed
- fix and continuously validate SBOMs by @imjasonh in #962
- Add binary to generate json schema. by @wlynch in #964
- Fix packages with multiple Replaces by @jonjohnsonjr in #966
- Allow existing packages to replace installed pkg by @jonjohnsonjr in #970
- Update NEWS.md for 0.12.0 by @jonjohnsonjr in #974
Full Changelog: v0.11.3...v0.12.0
Contributors
imjasonh, wlynch, and jonjohnsonjr