Releases: chainguard-dev/melange
Releases · chainguard-dev/melange
Release v0.8.2
What's Changed
- build(deps): bump step-security/harden-runner from 2.7.1 to 2.8.0 by @dependabot in #1224
- build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.26.0 to 1.27.0 by @dependabot in #1226
- build(deps): bump actions/checkout from 4.1.4 to 4.1.6 by @dependabot in #1225
- build(deps): bump chainguard.dev/apko from 0.14.2-0.20240516182909-5d04baeb15df to 0.14.3 by @dependabot in #1233
- build(deps): bump gitlab.alpinelinux.org/alpine/go from 0.10.0 to 0.10.1 by @dependabot in #1232
- Replaces priority by @xnox in #1166
Full Changelog: v0.8.1...v0.8.2
Release v0.8.1
What's Changed
- sbom: include external refs for fetched sourcecode in SPDX by @xnox in #1218
- Avoid panic if no external config file ref by @jonjohnsonjr in #1223
Full Changelog: v0.8.0...v0.8.1
Release v0.8.0
What's Changed
Minor Changes
- go.mod: upgrade everything by @xnox in #1215
- build(deps): bump actions/checkout from 4.1.4 to 4.1.6 by @dependabot in #1217
- build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 by @dependabot in #1206
- build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @dependabot in #1205
- Fix typo in README by @jonjohnsonjr in #1220
Full Changelog: v0.7.0...v0.8.0
Release v0.7.0
What's Changed
- Find shbangs to generate depends by @smoser in #1110
- build(deps): bump github.com/sigstore/cosign/v2 from 2.2.3 to 2.2.4 by @dependabot in #1135
- build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #1137
- build(deps): bump github.com/klauspost/compress from 1.17.7 to 1.17.8 by @dependabot in #1138
- build(deps): bump github.com/docker/cli from 26.0.0+incompatible to 26.0.1+incompatible by @dependabot in #1140
- build(deps): bump github.com/docker/docker from 26.0.0+incompatible to 26.0.1+incompatible by @dependabot in #1139
- presubmit: remove gdk-pixbuf by @imjasonh in #1143
- Revert "presubmit: remove gdk-pixbuf" by @imjasonh in #1147
- verify SPDX SBOMs using spdx-tools-java by @imjasonh in #1146
- Fix sca detection case for env with multiple arguments. by @dlorenc in #1148
- Update shbang collection to ignore 'python' and support simple 'env -S'. by @smoser in #1159
- ensure shbang check only checks valid shbangs by @joshrwolf in #1160
- build(deps): bump github.com/docker/cli from 26.0.1+incompatible to 26.0.2+incompatible by @dependabot in #1157
- build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #1149
- build(deps): bump actions/download-artifact from 4.1.4 to 4.1.5 by @dependabot in #1151
- build(deps): bump google.golang.org/api from 0.172.0 to 0.176.1 by @dependabot in #1167
- build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #1150
- build(deps): bump github.com/chainguard-dev/yam from 0.0.3 to 0.0.4 by @dependabot in #1154
- build(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.1.0+incompatible by @dependabot in #1170
- build(deps): bump actions/download-artifact from 4.1.5 to 4.1.6 by @dependabot in #1168
- build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #1169
- build(deps): bump github.com/docker/cli from 26.0.2+incompatible to 26.1.0+incompatible by @dependabot in #1171
- config: allow scriplets in subpackages with range replacements by @xnox in #1165
- Drop -release from pc versions by @jonjohnsonjr in #1173
- fix(cargo): Install all built binaries if output isn't defined by @EyeCantCU in #1174
- sbom: set supplier in addition to originator by @imjasonh in #1184
- Add melange scan by @jonjohnsonjr in #1175
- build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #1176
- build(deps): bump actions/download-artifact from 4.1.6 to 4.1.7 by @dependabot in #1177
- build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in #1178
- build(deps): bump dagger.io/dagger from 0.11.0 to 0.11.2 by @dependabot in #1183
- build(deps): bump go.opentelemetry.io/otel/sdk from 1.25.0 to 1.26.0 by @dependabot in #1182
- build(deps): bump github.com/chainguard-dev/yam from 0.0.4 to 0.0.5 by @dependabot in #1181
- build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.25.0 to 1.26.0 by @dependabot in #1179
- Bump go-apk by @jonjohnsonjr in #1185
- add global --gcplog flag to emit GCP-compatible JSON logs by @imjasonh in #1186
- pipelines/go: add back symbols tables by @xnox in #1142
- Only consider that are in a PATH dir from generateCmdProviders by @smoser in #1164
- Allow symlinks to provide cmd: by @smoser in #1188
- build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.3.0 by @dependabot in #1197
- build(deps): bump step-security/harden-runner from 2.7.0 to 2.7.1 by @dependabot in #1196
- build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #1195
- build(deps): bump google.golang.org/api from 0.176.1 to 0.177.0 by @dependabot in #1194
- build(deps): bump github.com/docker/cli from 26.1.0+incompatible to 26.1.1+incompatible by @dependabot in #1191
- build(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0 by @dependabot in #1192
- build(deps): bump github.com/chainguard-dev/yam from 0.0.5 to 0.0.6 by @dependabot in #1189
- build(deps): bump github.com/docker/docker from 26.1.0+incompatible to 26.1.2+incompatible by @dependabot in #1199
- build(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 by @dependabot in #1193
- Extract
melange sign
to a library by @tcnghia in #1198 - Revert "Allow symlinks to provide cmd:" by @joshrwolf in #1200
- Bump apko by @jonjohnsonjr in #1201
- Make unit tests faster by @jonjohnsonjr in #1202
- Add buildmode to go/build by @jonjohnsonjr in #1210
Full Changelog: v0.6.11...v0.7.0
Release v0.6.11
What's Changed
- Go fips deps by @xnox in #1120
- build(deps): bump google.golang.org/api from 0.171.0 to 0.172.0 by @dependabot in #1117
- build(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 by @dependabot in #1119
- Ensure configuration file is closed by @bored-engineer in #1121
- build(deps): bump cloud.google.com/go/storage from 1.39.1 to 1.40.0 by @dependabot in #1116
- build(deps): bump dagger.io/dagger from 0.10.2 to 0.11.0 by @dependabot in #1124
- cleanup: update docker dep, stop using deprecated method by @k4leung4 in #1125
- build(deps): bump go.opentelemetry.io/otel/sdk from 1.24.0 to 1.25.0 by @dependabot in #1131
- build(deps): bump github.com/chainguard-dev/yam from 0.0.2 to 0.0.3 by @dependabot in #1129
- build(deps): bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.1 by @dependabot in #1130
- build(deps): bump golang.org/x/sys from 0.18.0 to 0.19.0 by @dependabot in #1132
- build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.24.0 to 1.25.0 by @dependabot in #1128
- build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 by @dependabot in #1133
New Contributors
- @bored-engineer made their first contribution in #1121
- @k4leung4 made their first contribution in #1125
Full Changelog: v0.6.10...v0.6.11
Release v0.6.10
What's Changed
- document builtin substitutions by @imjasonh in #1071
- fix test.environment jsonschema struct tag by @joshrwolf in #913
- Bump apko by @jonjohnsonjr in #1074
- build(deps): bump gitlab.alpinelinux.org/alpine/go from 0.8.1-0.20230928153721-5381bfaecf9b to 0.9.0 by @dependabot in #949
- build(deps): bump github.com/kubescape/go-git-url from 0.0.27 to 0.0.28 by @dependabot in #1080
- build(deps): bump google.golang.org/api from 0.168.0 to 0.169.0 by @dependabot in #1081
- build(deps): bump gitlab.alpinelinux.org/alpine/go from 0.9.0 to 0.10.0 by @dependabot in #1082
- feat(pipelines): Add cargo build for rust packages by @EyeCantCU in #1077
- Add Harden Runner audit configs by @jedsalazar in #1084
- open debug session in the specific workdir by @joshrwolf in #1085
- Move "executing:" logging to debug by @imjasonh in #1087
- Switch to new octo-sts action by @mattmoor in #1088
- build(deps): bump google.golang.org/api from 0.169.0 to 0.170.0 by @dependabot in #1093
- build(deps): bump dagger.io/dagger from 0.10.1 to 0.10.2 by @dependabot in #1089
- build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #1097
- build(deps): bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #1098
- build(deps): bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 by @dependabot in #1095
- build(deps): bump cloud.google.com/go/storage from 1.39.0 to 1.39.1 by @dependabot in #1096
- build(deps): bump github.com/kubescape/go-git-url from 0.0.28 to 0.0.30 by @dependabot in #1094
- remove files from SBOM by @imjasonh in #1076
- Propagate user from image configuration by @jonjohnsonjr in #1099
- build(deps): bump github.com/docker/docker from 25.0.4+incompatible to 25.0.5+incompatible by @dependabot in #1100
- skip mounting resolv.conf for the docker runner by @joshrwolf in #1101
- Better go pipelines by @xnox in #1086
- build(deps): bump github.com/charmbracelet/log from 0.3.2-0.20240205220859-7a3834f9b367 to 0.4.0 by @dependabot in #1106
- build(deps): bump github.com/docker/cli from 25.0.4+incompatible to 26.0.0+incompatible by @dependabot in #1104
- build(deps): bump google.golang.org/api from 0.170.0 to 0.171.0 by @dependabot in #1105
- Python/sca updates by @smoser in #1102
- feat: Add build pipeline for R packages by @EyeCantCU in #1111
New Contributors
- @EyeCantCU made their first contribution in #1077
- @xnox made their first contribution in #1086
- @smoser made their first contribution in #1102
Full Changelog: v0.6.9...v0.6.10
Release v0.6.9
What's Changed
- Drop WaitDelay from bubblewrap by @jonjohnsonjr in #1067
- Fix the bug in dropping the suffix. by @vaikas in #1068
- build(deps): bump cloud.google.com/go/storage from 1.38.0 to 1.39.0 by @dependabot in #1059
- build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #1060
- build(deps): bump actions/download-artifact from 4.1.2 to 4.1.4 by @dependabot in #1063
- build(deps): bump golang.org/x/sys from 0.17.0 to 0.18.0 by @dependabot in #1062
- build(deps): bump google.golang.org/api from 0.166.0 to 0.168.0 by @dependabot in #1069
- build(deps): bump dagger.io/dagger from 0.9.10 to 0.10.1 by @dependabot in #1070
Full Changelog: v0.6.8...v0.6.9
Release v0.6.8
Release v0.6.7
What's Changed
Full Changelog: v0.6.6...v0.6.7
Release v0.6.6
What's Changed
- Add pombump pipeline. by @vaikas in #1054
- Add ${{cross.triplet.rust.[glibc,musl]}} by @jonjohnsonjr in #1057
Full Changelog: v0.6.5...v0.6.6