Releases: carvel-dev/kbld
v0.44.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.44.1/kbld-linux-amd64
# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld
# Make the binary executable
chmod +x /usr/local/bin/kbld
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version
Verify checksums file signature
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.44.1/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.44.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.44.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- Fix CVE by @rohitagg2020 in #507
Full Changelog: v0.44.0...v0.44.1
📂 Files Checksum
2dd3a23b6d37c6d40b690390d7045bc3403c5e3660b6bd0472be4da19ece7c7a ./kbld-windows-amd64.exe
a45c1fd7274722596ae89c51f9a44cb66de56a57adca2df2985c66e48322cd86 ./kbld-windows-arm64.exe
a81eced438e60a0ba3c87c3823673eb9f935a8e0e7694c0232e70674001f014e ./kbld-darwin-amd64
afcb44d37dbac1e2f23c056865798efe0f8b7ff982eee4644ceb146e30584e4a ./kbld-linux-arm64
b3ee4a28b4033a7f01bb9192571ec372f063e771f7dca7e54c9362239745177c ./kbld-darwin-arm64
ffd557f0057c22b8f49ff77ee1ea40d93f3da2b9cb18a82e9dda9399970c2282 ./kbld-linux-amd64
v0.44.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.44.0/kbld-linux-amd64
# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld
# Make the binary executable
chmod +x /usr/local/bin/kbld
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version
Verify checksums file signature
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.44.0/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.44.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.44.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- Bump go version to 1.22.5 in #498 by @devanshuVmware
- Bump go, golangci-lint, actions in #486 by @praveenrewar
- Bump carvel.dev/imgpkg from 0.42.0 to 0.42.1
- Bump carvel.dev/vendir from 0.40.1 to 0.40.2
Full Changelog: v0.43.0...v0.44.0
New Contributors
- @devanshuVmware made their first contribution in #498
📂 Files Checksum
00906d2d076f9fa035b0a04c264f0cd11431c787afaee0bf304ee84bf339a1f5 ./kbld-windows-arm64.exe
27cada4db27cfb365ddd2b670864b94ee160b7d8c9cd4a2a81f66e78b613dc5c ./kbld-windows-amd64.exe
2912583db28bc0caa88549ce142c6f30731e0580cd141e646673f4b733f52996 ./kbld-darwin-amd64
2b1550a7293963fec0a4d2b6fdbfa9fc24af4a43035d18ba8e6f9b4c67662ad0 ./kbld-linux-amd64
31086a41bcfd012a7b9e2e7fac6f6615f8d8b633e00104c97ca7235b242915d2 ./kbld-darwin-arm64
3a85316703a6c22d2d4d286a09993cd8d9c4955ca9e863f8fd7096a596070840 ./kbld-linux-arm64
v0.43.3
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.43.3/kbld-linux-amd64
# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld
# Make the binary executable
chmod +x /usr/local/bin/kbld
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version
Verify checksums file signature
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.43.3/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.43.3/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.43.3/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- Fixed CVEs in #508
Full Changelog: v0.43.2...v0.43.3
📂 Files Checksum
0016c009021c52d373eb212cf8c09bd8a6ce09160e70a4eebd7f0bff22fb9497 ./kbld-linux-arm64
2a207c8a8a4ae43999453effb4a82d11363dd09d7d02af76b7f504ecc0d90cec ./kbld-linux-amd64
307e14ec84f846f9cc89bbb4ee4ac88a6f9c77432b8fe4ce4b30ff455eac74b0 ./kbld-windows-arm64.exe
7716e291369589c6d43f4da8cf7e3c50c074e6352d6c788e3d2fd76b44cb15ad ./kbld-darwin-arm64
b62dd7e54bad79a744392d4c964b3c447549ec5b9bb4621c6a18c35eb8ba95d7 ./kbld-darwin-amd64
e3888a7db965374ad7d283190386648db13d1f5fba4be483f8351e039bfe7e37 ./kbld-windows-amd64.exe
v0.43.2
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.43.2/kbld-linux-amd64
# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld
# Make the binary executable
chmod +x /usr/local/bin/kbld
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version
Verify checksums file signature
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.43.2/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.43.2/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.43.2/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- Bump go version to 1.22.4 in #490 by @rohitagg2020
Full Changelog: v0.43.0...v0.43.2
📂 Files Checksum
9af31fb709c4384460ebd3411b0495856d3d9357a4a4220c2c383e7a34d43996 ./kbld-windows-amd64.exe
a5aa5db77ba6ef1c958329f03d5ecb10bbf6f19afc6b2acffe168aff854f3b2e ./kbld-windows-arm64.exe
a5ba69f39fd8a6db6f679de4aa1889f556c67fd725dc998cfa28a510cfa2d376 ./kbld-linux-arm64
afbf4ec0ebd2d881fb3bfaa9f1ebdc2c5261afdefd4d9ce2073359a76efee5c7 ./kbld-darwin-arm64
db3853dc1ab9721462cb89899d430be1228fa63365a01739e3e9b741e67a818a ./kbld-linux-amd64
e3930dffd8639c6c4591a5179a740879702ddfeea3d9163c9b72ceae2b199a84 ./kbld-darwin-amd64
v0.43.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.43.0/kbld-linux-amd64
# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld
# Make the binary executable
chmod +x /usr/local/bin/kbld
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version
Verify checksums file signature
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.43.0/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.43.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.43.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible by @dependabot in #471
- Update Copyright Headers by @prashantrewar in #472
- Bump go version to 1.22.2 in develop by @sethiyash in #474
Full Changelog: v0.42.0...v0.43.0
🔈 Callouts
Thanks to
📂 Files Checksum
0ef6dffa72656ff5e964306ab4833335be432e768916b9da12c08769dd1919c2 ./kbld-darwin-arm64
119e7d11e66e512896ce42aba9cc7f783388da3cbb258b793e7419a3167af2a9 ./kbld-linux-amd64
125a5434dd5a9226a2a6c451538e5b4e61bdbbbb992a04263f18d849f67c9dcb ./kbld-windows-amd64.exe
562002e56ba13f6b148b2674b3ddd94b64dd53b73190fc1e84904232f5151627 ./kbld-linux-arm64
cfdfc5198b746b564ec81486e5d8e6aa944a7c326adf502091dbd75e5f5b4898 ./kbld-darwin-amd64
e484f2c381ee08c86fad3cf8ab8fc859bcfe2de5ed4ed55a18aba3a9836e9fb9 ./kbld-windows-arm64.exe
v0.42.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.41.0/kbld-linux-amd64
# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld
# Make the binary executable
chmod +x /usr/local/bin/kbld
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version
Verify checksums file signature
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.41.0/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.41.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.41.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- Change the way version is calculated to make it more friendly for users that consume kbld as a library @joaopapereira in #465
Full Changelog: v0.41.0...v0.42.0
📂 Files Checksum
69400f4be088d4d6157a4c0e80184eb22cbe8f557b21b03eeae74597f491591e ./kbld-darwin-arm64
6d8bb0e87fd88d0df2357519ba680c61cf9560b30c199d0a2d60873644ec42f1 ./kbld-linux-arm64
8df44ab21dd4165f3e9513a8142884dd7c6db666993632ade76cde3b0b3bd90c ./kbld-windows-amd64.exe
aa19ffb064f38a0826c73fb34c58ce4ff0b1c508afb3e03f2f8d76b7e29202a2 ./kbld-darwin-amd64
ac13b4bc157cb32db21a7775e26156d5748fb6f52c3e7abe851c2afe6f8b29e3 ./kbld-windows-arm64.exe
c5eb701a9682e73a8caa636a735bd2a587343bcbdf6c2eaabb5d99b9c57cab7e ./kbld-linux-amd64
v0.41.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.41.0/kbld-linux-amd64
# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld
# Make the binary executable
chmod +x /usr/local/bin/kbld
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version
Verify checksums file signature
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.41.0/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.41.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.41.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
‼️ API Change- Change of module name, this will create a breaking change for people that are importing kbld as a library by @prashantrewar in #440
Full Changelog: v0.40.0...v0.41.0
📂 Files Checksum
7c6fee422858f30e0cc5685cbe155743ff9f41c3ed96ffb5dc144a20120d6608 ./kbld-windows-amd64.exe
8b00fa6a077496d210db1b2f45097fc891a77c565342bef5618457d1de36e834 ./kbld-linux-amd64
be8ece209d8c5b64ddedc8aa5b26330d5a47723c885b5cbc76c8eb9366322dfc ./kbld-darwin-amd64
c03fd03dee99295ad6cc48145194e12a4c20d47f9949e156e0464b98218fdfb1 ./kbld-darwin-arm64
ebc61c6683d697a7869f2bba396d356222f86161bbec77419be2df654a75afee ./kbld-windows-arm64.exe
f89a764ccc1fbdf48bf0d06c74eafe2514a65932566e890dcf25b246085a2c2c ./kbld-linux-arm64
v0.40.0
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.40.0/kbld-linux-amd64
# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld
# Make the binary executable
chmod +x /usr/local/bin/kbld
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version
Verify checksums file signature
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.40.0/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.40.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.40.0/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- Change deprecated library calls by @testwill in #411
- Lower the number of GET calls done to registries by @antwacky #456
- Update error message by @joaopapereira #458
New Contributors
Full Changelog: v0.39.0...v0.40.0
📂 Files Checksum
0ec70977f8477255ee494aa0008c63830472fa82ea039bdddc3d9742837afff4 ./kbld-linux-arm64
5249f528eff521ecd6e675bd173f9dab82ea15763a650593331e979d98bab9ee ./kbld-darwin-amd64
854580b4df414e9890b555470fced82a018ec4f2f0aa1a0d6bf2eec37812622d ./kbld-linux-amd64
8b94e20d18feda8ff177aa8a0583857fdcd06d7c645cdd2c36a566c102dc88ec ./kbld-windows-arm64.exe
a73991b5c50c0256a9e555253da062971a3d48210a7d037ee2b4ea29f578ae37 ./kbld-darwin-arm64
c05601d55f85c9d4ab4c802f6758a9a46161ce2aa203a5a9569f483dc9bd0961 ./kbld-windows-amd64.exe
v0.39.2
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.39.2/kbld-linux-amd64
# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld
# Make the binary executable
chmod +x /usr/local/bin/kbld
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version
Verify checksums file signature
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.39.2/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.39.2/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.39.2/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
- Bump Go version to 1.22 and fix CVEs by @devanshuVmware in #509
Full Changelog: v0.39.1...v0.39.2
📂 Files Checksum
135cbb41c784a12ce82fde28a87e716f530184bec80f058e3ba083c02c350e57 ./kbld-windows-arm64.exe
53c0904b90281e7d3ad4198625339c383b5468ee7e5a1321216aabb1682ab613 ./kbld-darwin-amd64
7959c11af0724dac47b42d8bbcc7397454c260b7535581f289e6839000c393a4 ./kbld-linux-amd64
aaa2c4013c624f30a702f5ad5333eee790e1199aa6a5d6d101ab53bc36137214 ./kbld-windows-amd64.exe
c2173dca6d97274015261caa3cdba85e55929b328010315b41334e57796c996c ./kbld-darwin-arm64
e733e5102a88034ab63acf1b14b5f5552581a9b01441d99a50a6df9a5274b236 ./kbld-linux-arm64
v0.39.1
Installation and signature verification
Installation
By downloading binary from the release
For instance, if you are using Linux on an AMD64 architecture:
# Download the binary
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.39.1/kbld-linux-amd64
# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/kbld
# Make the binary executable
chmod +x /usr/local/bin/kbld
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install kbld
$ kbld version
Verify checksums file signature
The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:
# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.39.1/checksums.txt
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.39.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/kbld/releases/download/v0.39.1/checksums.txt.sig
# Verify the checksums file
cosign verify-blob checksums.txt \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
--certificate-identity-regexp=https://github.com/carvel-dev \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity
To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.
# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
What's Changed
- Bumping go version to 1.21.9 in v0.39.x line by @sethiyash in #475
- Bump imgpkg to v0.40.1 vendir v0.39.1 in 39.x line by @sethiyash in #479
Full Changelog: v0.39.0...v0.39.1
📂 Files Checksum
31095832be7cf8a65838a117ac1d3a6da6a050dad560f6600d39bff243f1f98c ./kbld-darwin-amd64
63fce704f0857bbcbec835cec66dc38417b6bbfb0a160cc02fd7b6ac1bd09a7f ./kbld-windows-arm64.exe
6e97c9e02b5c92809d5a798415da6b99ecad5fd724fec424e66d31e218aa21d1 ./kbld-linux-amd64
7f60cae48b5f200389d61b559720af8df7aed716ab4c6bba6a56105767508d33 ./kbld-darwin-arm64
9634c538e3281ea64c90384ac227f14c181f07c012ab943bcb769400d2d05fb8 ./kbld-windows-amd64.exe
9c480f60fdc448d48c5a02fc06868978a1b38f9cbe11b401cda48086d7d15971 ./kbld-linux-arm64