Skip to content

Releases: chainguard-dev/melange

Release v0.8.2

28 May 21:54
427ebb1
Compare
Choose a tag to compare

What's Changed

  • build(deps): bump step-security/harden-runner from 2.7.1 to 2.8.0 by @dependabot in #1224
  • build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.26.0 to 1.27.0 by @dependabot in #1226
  • build(deps): bump actions/checkout from 4.1.4 to 4.1.6 by @dependabot in #1225
  • build(deps): bump chainguard.dev/apko from 0.14.2-0.20240516182909-5d04baeb15df to 0.14.3 by @dependabot in #1233
  • build(deps): bump gitlab.alpinelinux.org/alpine/go from 0.10.0 to 0.10.1 by @dependabot in #1232
  • Replaces priority by @xnox in #1166

Full Changelog: v0.8.1...v0.8.2

Release v0.8.1

22 May 18:21
fbf0b9b
Compare
Choose a tag to compare

What's Changed

  • sbom: include external refs for fetched sourcecode in SPDX by @xnox in #1218
  • Avoid panic if no external config file ref by @jonjohnsonjr in #1223

Full Changelog: v0.8.0...v0.8.1

Release v0.8.0

22 May 13:05
c31490a
Compare
Choose a tag to compare

What's Changed

Minor Changes

Full Changelog: v0.7.0...v0.8.0

Release v0.7.0

14 May 17:30
5cbb58a
Compare
Choose a tag to compare

What's Changed

  • Find shbangs to generate depends by @smoser in #1110
  • build(deps): bump github.com/sigstore/cosign/v2 from 2.2.3 to 2.2.4 by @dependabot in #1135
  • build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #1137
  • build(deps): bump github.com/klauspost/compress from 1.17.7 to 1.17.8 by @dependabot in #1138
  • build(deps): bump github.com/docker/cli from 26.0.0+incompatible to 26.0.1+incompatible by @dependabot in #1140
  • build(deps): bump github.com/docker/docker from 26.0.0+incompatible to 26.0.1+incompatible by @dependabot in #1139
  • presubmit: remove gdk-pixbuf by @imjasonh in #1143
  • Revert "presubmit: remove gdk-pixbuf" by @imjasonh in #1147
  • verify SPDX SBOMs using spdx-tools-java by @imjasonh in #1146
  • Fix sca detection case for env with multiple arguments. by @dlorenc in #1148
  • Update shbang collection to ignore 'python' and support simple 'env -S'. by @smoser in #1159
  • ensure shbang check only checks valid shbangs by @joshrwolf in #1160
  • build(deps): bump github.com/docker/cli from 26.0.1+incompatible to 26.0.2+incompatible by @dependabot in #1157
  • build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #1149
  • build(deps): bump actions/download-artifact from 4.1.4 to 4.1.5 by @dependabot in #1151
  • build(deps): bump google.golang.org/api from 0.172.0 to 0.176.1 by @dependabot in #1167
  • build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #1150
  • build(deps): bump github.com/chainguard-dev/yam from 0.0.3 to 0.0.4 by @dependabot in #1154
  • build(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.1.0+incompatible by @dependabot in #1170
  • build(deps): bump actions/download-artifact from 4.1.5 to 4.1.6 by @dependabot in #1168
  • build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #1169
  • build(deps): bump github.com/docker/cli from 26.0.2+incompatible to 26.1.0+incompatible by @dependabot in #1171
  • config: allow scriplets in subpackages with range replacements by @xnox in #1165
  • Drop -release from pc versions by @jonjohnsonjr in #1173
  • fix(cargo): Install all built binaries if output isn't defined by @EyeCantCU in #1174
  • sbom: set supplier in addition to originator by @imjasonh in #1184
  • Add melange scan by @jonjohnsonjr in #1175
  • build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #1176
  • build(deps): bump actions/download-artifact from 4.1.6 to 4.1.7 by @dependabot in #1177
  • build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in #1178
  • build(deps): bump dagger.io/dagger from 0.11.0 to 0.11.2 by @dependabot in #1183
  • build(deps): bump go.opentelemetry.io/otel/sdk from 1.25.0 to 1.26.0 by @dependabot in #1182
  • build(deps): bump github.com/chainguard-dev/yam from 0.0.4 to 0.0.5 by @dependabot in #1181
  • build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.25.0 to 1.26.0 by @dependabot in #1179
  • Bump go-apk by @jonjohnsonjr in #1185
  • add global --gcplog flag to emit GCP-compatible JSON logs by @imjasonh in #1186
  • pipelines/go: add back symbols tables by @xnox in #1142
  • Only consider that are in a PATH dir from generateCmdProviders by @smoser in #1164
  • Allow symlinks to provide cmd: by @smoser in #1188
  • build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.3.0 by @dependabot in #1197
  • build(deps): bump step-security/harden-runner from 2.7.0 to 2.7.1 by @dependabot in #1196
  • build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #1195
  • build(deps): bump google.golang.org/api from 0.176.1 to 0.177.0 by @dependabot in #1194
  • build(deps): bump github.com/docker/cli from 26.1.0+incompatible to 26.1.1+incompatible by @dependabot in #1191
  • build(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0 by @dependabot in #1192
  • build(deps): bump github.com/chainguard-dev/yam from 0.0.5 to 0.0.6 by @dependabot in #1189
  • build(deps): bump github.com/docker/docker from 26.1.0+incompatible to 26.1.2+incompatible by @dependabot in #1199
  • build(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 by @dependabot in #1193
  • Extract melange sign to a library by @tcnghia in #1198
  • Revert "Allow symlinks to provide cmd:" by @joshrwolf in #1200
  • Bump apko by @jonjohnsonjr in #1201
  • Make unit tests faster by @jonjohnsonjr in #1202
  • Add buildmode to go/build by @jonjohnsonjr in #1210

Full Changelog: v0.6.11...v0.7.0

Release v0.6.11

08 Apr 20:08
550fae8
Compare
Choose a tag to compare

What's Changed

  • Go fips deps by @xnox in #1120
  • build(deps): bump google.golang.org/api from 0.171.0 to 0.172.0 by @dependabot in #1117
  • build(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 by @dependabot in #1119
  • Ensure configuration file is closed by @bored-engineer in #1121
  • build(deps): bump cloud.google.com/go/storage from 1.39.1 to 1.40.0 by @dependabot in #1116
  • build(deps): bump dagger.io/dagger from 0.10.2 to 0.11.0 by @dependabot in #1124
  • cleanup: update docker dep, stop using deprecated method by @k4leung4 in #1125
  • build(deps): bump go.opentelemetry.io/otel/sdk from 1.24.0 to 1.25.0 by @dependabot in #1131
  • build(deps): bump github.com/chainguard-dev/yam from 0.0.2 to 0.0.3 by @dependabot in #1129
  • build(deps): bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.1 by @dependabot in #1130
  • build(deps): bump golang.org/x/sys from 0.18.0 to 0.19.0 by @dependabot in #1132
  • build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.24.0 to 1.25.0 by @dependabot in #1128
  • build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 by @dependabot in #1133

New Contributors

Full Changelog: v0.6.10...v0.6.11

Release v0.6.10

27 Mar 15:40
dac40c7
Compare
Choose a tag to compare

What's Changed

  • document builtin substitutions by @imjasonh in #1071
  • fix test.environment jsonschema struct tag by @joshrwolf in #913
  • Bump apko by @jonjohnsonjr in #1074
  • build(deps): bump gitlab.alpinelinux.org/alpine/go from 0.8.1-0.20230928153721-5381bfaecf9b to 0.9.0 by @dependabot in #949
  • build(deps): bump github.com/kubescape/go-git-url from 0.0.27 to 0.0.28 by @dependabot in #1080
  • build(deps): bump google.golang.org/api from 0.168.0 to 0.169.0 by @dependabot in #1081
  • build(deps): bump gitlab.alpinelinux.org/alpine/go from 0.9.0 to 0.10.0 by @dependabot in #1082
  • feat(pipelines): Add cargo build for rust packages by @EyeCantCU in #1077
  • Add Harden Runner audit configs by @jedsalazar in #1084
  • open debug session in the specific workdir by @joshrwolf in #1085
  • Move "executing:" logging to debug by @imjasonh in #1087
  • Switch to new octo-sts action by @mattmoor in #1088
  • build(deps): bump google.golang.org/api from 0.169.0 to 0.170.0 by @dependabot in #1093
  • build(deps): bump dagger.io/dagger from 0.10.1 to 0.10.2 by @dependabot in #1089
  • build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #1097
  • build(deps): bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #1098
  • build(deps): bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 by @dependabot in #1095
  • build(deps): bump cloud.google.com/go/storage from 1.39.0 to 1.39.1 by @dependabot in #1096
  • build(deps): bump github.com/kubescape/go-git-url from 0.0.28 to 0.0.30 by @dependabot in #1094
  • remove files from SBOM by @imjasonh in #1076
  • Propagate user from image configuration by @jonjohnsonjr in #1099
  • build(deps): bump github.com/docker/docker from 25.0.4+incompatible to 25.0.5+incompatible by @dependabot in #1100
  • skip mounting resolv.conf for the docker runner by @joshrwolf in #1101
  • Better go pipelines by @xnox in #1086
  • build(deps): bump github.com/charmbracelet/log from 0.3.2-0.20240205220859-7a3834f9b367 to 0.4.0 by @dependabot in #1106
  • build(deps): bump github.com/docker/cli from 25.0.4+incompatible to 26.0.0+incompatible by @dependabot in #1104
  • build(deps): bump google.golang.org/api from 0.170.0 to 0.171.0 by @dependabot in #1105
  • Python/sca updates by @smoser in #1102
  • feat: Add build pipeline for R packages by @EyeCantCU in #1111

New Contributors

Full Changelog: v0.6.9...v0.6.10

Release v0.6.9

06 Mar 18:36
7eabd5f
Compare
Choose a tag to compare

What's Changed

  • Drop WaitDelay from bubblewrap by @jonjohnsonjr in #1067
  • Fix the bug in dropping the suffix. by @vaikas in #1068
  • build(deps): bump cloud.google.com/go/storage from 1.38.0 to 1.39.0 by @dependabot in #1059
  • build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #1060
  • build(deps): bump actions/download-artifact from 4.1.2 to 4.1.4 by @dependabot in #1063
  • build(deps): bump golang.org/x/sys from 0.17.0 to 0.18.0 by @dependabot in #1062
  • build(deps): bump google.golang.org/api from 0.166.0 to 0.168.0 by @dependabot in #1069
  • build(deps): bump dagger.io/dagger from 0.9.10 to 0.10.1 by @dependabot in #1070

Full Changelog: v0.6.8...v0.6.9

Release v0.6.8

05 Mar 18:48
9232712
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v0.6.7...v0.6.8

Release v0.6.7

04 Mar 21:55
d374c92
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.6.6...v0.6.7

Release v0.6.6

03 Mar 21:37
0eb18bd
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.6.5...v0.6.6