chore(deps): update stable

[renovate]

This PR contains the following updates:

Package	Update	Change
anchore/grype	minor	0.77.4 -> 0.78.0
anchore/syft	minor	1.4.1 -> 1.5.0
awscli	patch	2.15.54 -> 2.15.59
dagger/dagger	patch	0.11.4 -> 0.11.5
defenseunicorns/zarf	minor	0.33.2 -> 0.34.0
ghcr.io/defenseunicorns/build-harness/build-harness	patch	2.0.21 -> 2.0.22
golangci-lint	minor	1.58.2 -> 1.59.0
helm	patch	3.15.0 -> 3.15.1
https://github.com/bridgecrewio/checkov.git	patch	3.2.98 -> 3.2.112

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

anchore/grype (anchore/grype)

v0.78.0

Compare Source

Added Features

• add config command [#​1876 @​kzantow]

Bug Fixes

• ask catalog for package, rather than type asserting [#​1857 @​willmurphyscode]
• Disable TUI for simple commands [#​1872 @​wagoodman]
• False Positive: CVE-2023-42282 not affected in SUSE ecosystem [#​1813]
• False positive GHSA-jr9c-h74f-2v28/CVE-2022-0905 reported for Non-vulnerable Gitea version [#​1416]

Additional Changes

• Update syft to v1.5.0 [#​1897 @​wagoodman]

(Full Changelog)

anchore/syft (anchore/syft)

v1.5.0

Compare Source

Added Features

• Add abstraction for adding relationships from package cataloger results [#​2853 @​wagoodman]
• Capture dependencies when parsing SPDX SBOMs [#​2869 @​russellhaering]
• Add python wheel egg relationships [#​2903 @​wagoodman]
• Added functionality to convert major, minor, patch to version [#​2864 @​LaurentGoderre]
• Add support for RPM DB package relationships [#​2872 @​wagoodman]
• Detect fluent-bit binaries [#​2904 #​2905 @​kzantow]
• Add syft config command [#​2598 #​2892 @​kzantow]

Bug Fixes

• Fix DecoderCollection discarding input from non-seekable Readers [#​2878 @​russellhaering]
• Handle GOEXPERIMENTs in go version [#​2893 @​jonjohnsonjr]
• Go Mod Cataloger: Remove Replaced Packages [#​2891 @​russellhaering]
• Use values in relationship To/From fields [#​2871 @​wagoodman]
• Java package names showing up namespaced packages [#​2230]

Additional Changes

• update spdx license list to 3.24.0 [#​2895 @​spiffcs]

(Full Changelog)

aws/aws-cli (awscli)

v2.15.59

Compare Source

v2.15.58

Compare Source

v2.15.57

Compare Source

v2.15.56

Compare Source

v2.15.55

Compare Source

dagger/dagger (dagger/dagger)

v0.11.5

Compare Source

Added

• cli: dagger login cloud traces support by @​aluzzardi in https://github.com/dagger/dagger/pull/7125
• cli: improved --progress=plain implementation for better visibility by @​jedevc in https://github.com/dagger/dagger/pull/7272

Changed

• cli: cleaner tty progress view by @​jedevc in https://github.com/dagger/dagger/pull/7347 https://github.com/dagger/dagger/pull/7371 https://github.com/dagger/dagger/pull/7386
• cli: don't show functions that can't be called by @​helderco in https://github.com/dagger/dagger/pull/7418
• cli: don't show inherited flags in function commands by @​helderco in https://github.com/dagger/dagger/pull/7419
• core: remove shim and switch to dumb-init by @​sipsma in https://github.com/dagger/dagger/pull/7367

Fixed

• core: fixed custom CA certs in modules by @​sipsma in https://github.com/dagger/dagger/pull/7356
• cli: don't validate flags when requesting --help by @​helderco in https://github.com/dagger/dagger/pull/7417

What to do next?

• Read the documentation
• Join our Discord server
• Follow us on Twitter

defenseunicorns/zarf (defenseunicorns/zarf)

v0.34.0

Compare Source

What's Changed

• refactor: move validate to expose it as receivers by @​Noxsios in https://github.com/defenseunicorns/zarf/pull/2419
• docs: add additional detail to security policy by @​salaxander in https://github.com/defenseunicorns/zarf/pull/2488
• chore: cleanup stale grype ignores and patch golang.org/x/net CVE by @​lucasrod16 in https://github.com/defenseunicorns/zarf/pull/2492
• docs: injector and init package reference material by @​Noxsios in https://github.com/defenseunicorns/zarf/pull/2468
• chore: patch CVE-2024-3817 by @​lucasrod16 in https://github.com/defenseunicorns/zarf/pull/2498
• refactor: cleaner image pulls by @​Noxsios in https://github.com/defenseunicorns/zarf/pull/2460
• chore: adding @​dgershman by @​dgershman in https://github.com/defenseunicorns/zarf/pull/2506
• refactor: context usage in k8s code by @​lucasrod16 in https://github.com/defenseunicorns/zarf/pull/2405
• ci: run revive using golang-lint-ci by @​phillebaba in https://github.com/defenseunicorns/zarf/pull/2499
• feat: update injector away from rouille to axum by @​schristoff in https://github.com/defenseunicorns/zarf/pull/2457
• refactor: enable testifylint linter by @​phillebaba in https://github.com/defenseunicorns/zarf/pull/2504
• chore: remove rouille CVE from grype ignore by @​lucasrod16 in https://github.com/defenseunicorns/zarf/pull/2515
• fix(agent): missing path for pod without labels by @​brandtkeller in https://github.com/defenseunicorns/zarf/pull/2518
• fix: adopt namespace metadata by @​AustinAbro321 in https://github.com/defenseunicorns/zarf/pull/2494
• refactor: enable ineffassign linter by @​phillebaba in https://github.com/defenseunicorns/zarf/pull/2500
• test: cluster getDeployedPackages by @​AustinAbro321 in https://github.com/defenseunicorns/zarf/pull/2523
• test: add unit tests for merge zarf state by @​phillebaba in https://github.com/defenseunicorns/zarf/pull/2522
• test: pod agent unit tests by @​AustinAbro321 in https://github.com/defenseunicorns/zarf/pull/2526
• docs: add google analytics for docs pages by @​salaxander in https://github.com/defenseunicorns/zarf/pull/2530
• test: add unit tests for detect distro by @​phillebaba in https://github.com/defenseunicorns/zarf/pull/2521
• test: add tests for injector by @​phillebaba in https://github.com/defenseunicorns/zarf/pull/2534
• chore: add codecov by @​schristoff-du in https://github.com/defenseunicorns/zarf/pull/2529
• chore: add unit tests for creator.LoadPackageDefinition by @​lucasrod16 in https://github.com/defenseunicorns/zarf/pull/2531
• test: refactor network test by @​phillebaba in https://github.com/defenseunicorns/zarf/pull/2533
• test: agent flux unit test by @​AustinAbro321 in https://github.com/defenseunicorns/zarf/pull/2528
• chore: fix codecov by @​schristoff in https://github.com/defenseunicorns/zarf/pull/2538
• test: creator.ComposeComponents by @​lucasrod16 in https://github.com/defenseunicorns/zarf/pull/2537
• refactor: remove use of k8s serivce account by @​phillebaba in https://github.com/defenseunicorns/zarf/pull/2544
• refactor: remove use of k8s service by @​phillebaba in https://github.com/defenseunicorns/zarf/pull/2543
• refactor: remove use of k8s configmap by @​phillebaba in https://github.com/defenseunicorns/zarf/pull/2541
• refactor: remove use of k8s hpa by @​phillebaba in https://github.com/defenseunicorns/zarf/pull/2542
• test: add secrets tests by @​phillebaba in https://github.com/defenseunicorns/zarf/pull/2540
• refactor: allow callers to directly set logfile location by @​Noxsios in https://github.com/defenseunicorns/zarf/pull/2545
• test: add test for packager source by @​phillebaba in https://github.com/defenseunicorns/zarf/pull/2525
• chore: add unit tests to variables pkg by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/2519
• test: clean up tests for composer by @​phillebaba in https://github.com/defenseunicorns/zarf/pull/2532
• test: argo agent unit tests by @​AustinAbro321 in https://github.com/defenseunicorns/zarf/pull/2536
• fix(release): do not delete testdata in release workflow by @​lucasrod16 in https://github.com/defenseunicorns/zarf/pull/2547

Full Changelog: zarf-dev/zarf@v0.33.2...v0.34.0

defenseunicorns/build-harness (ghcr.io/defenseunicorns/build-harness/build-harness)

v2.0.22

Compare Source

Miscellaneous Chores

• deps: update stable (#​292) (3703f78)

golangci/golangci-lint (golangci-lint)

v1.59.0

Compare Source

1. Enhancements
   • Add SARIF output format
   • Allow the analysis of generated files (issues.exclude-generated: disable)
2. Updated linters
   • errcheck: fix deprecation warning
   • go-critic: from 0.11.3 to 0.11.4
   • gosec: from 2.20.0 to 5f0084e (fix G601 and G113 performance issues)
   • sloglint: from 0.6.0 to 0.7.0 (new option forbidden-keys)
   • testifylint: from 1.2.0 to 1.3.0 (new checker negative-positive and new option go-require.ignore-http-handlers)
3. Misc.
   • ️️⚠️ Deprecate github-action output format
   • ️️⚠️ Deprecate issues.exclude-generated-strict option (replaced by issues.exclude-generated: strict)
   • ️️⚠️ Add warning about disabled and deprecated linters (level 2)

helm/helm (helm)

v3.15.1: Helm v3.15.1

Compare Source

Helm v3.15.1 is a patch release. The Helm application source is the same as 3.15.0. The 3.15.0 builds stated the wrong version when running helm version. Instead of the release number it had the release candidate version which pointed to the same revision of the source.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.15.1. The common platform binaries are here:

• MacOS amd64 (checksum / 5fdc60e090d183113f9fa0ae9dd9d12f0c1462b9ded286370f84e340f84bd676)
• MacOS arm64 (checksum / 4b04ede5ab9bb226c9b198c94ce12818f0b0e302193defd66970b45fc341f6e7)
• Linux amd64 (checksum / 7b20e7791c04ea71e7fe0cbe11f1a8be4a55a692898b57d9db28f3b0c1d52f11)
• Linux arm (checksum / fa7a8b472c8f311ac618a231218511efeafad306781d11ad68976e0461074b0e)
• Linux arm64 (checksum / b4c5519b18f01dd2441f5e09497913dc1da1a1eec209033ae792a8d45b9e0e86)
• Linux i386 (checksum / 4f8cb966bac96a186f0790a7c4528dd0278664f82fba3643aa4b37f98cf9e76b)
• Linux ppc64le (checksum / 0bfe2ff8b29c1f26b0484261c0fe0d041188b2e1aa5da8e461e44083bbf655a3)
• Linux s390x (checksum / 4a5314689787332d010ae782a6c00804fb83a53238f7ff7c9837c3f797ff1473)
• Linux riscv64 (checksum / 1c49f1213c68649842c81e1806c518661aa2e466aa1c6bf1d0ac3710f554a563)
• Windows amd64 (checksum / 8ebe6d353f0fbc7e51861a676ba1c14af9efb3443ae2c78eb91946a756b93a9a)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.15.2 is the next patch release and will be on June 12, 2024.
• 3.16.0 is the next feature release and will be on September 11, 2024.

Changelog

• Fixing build issue where wrong version is used e211f2a (Matt Farina)

bridgecrewio/checkov (https://github.com/bridgecrewio/checkov.git)

v3.2.112

Compare Source

v3.2.111

Compare Source

v3.2.110

Compare Source

v3.2.109

Compare Source

v3.2.108

Compare Source

Bug Fix

• sast: don't scan hidden files - #​6349

v3.2.107

Compare Source

Bug Fix

• terraform: Handle registry modules with a version in CKF_TF_2 - #​6354

v3.2.106

Compare Source

Feature

• arm: Ensure Databricks Workspace data plane to control plane co… - #​6319
• general: TF and ARM - Ensure that Databricks Workspaces enable… - #​6313
• secrets: Bump detect-secrets - #​6346

v3.2.105

Compare Source

Feature

• arm: add AppServiceJavaVersion - #​6258
• arm: add CKV_AZURE_145 to check that the function app uses the latest version of TLS encryption - #​6323
• arm: add CKV_AZURE_218 to ensure that Application Gateway defines secure protocols for in transit communicationApp gw defines secure protocols - #​6320
• arm: add CKV_AZURE_54 to ensure Enforce a minimal Tls version for the server - #​6270
• arm: add CKV_AZURE_71 to Ensure that Managed identity provider is enabled for web apps - #​6272
• arm: add CKV_AZURE_72 to ensure that remote debugging is not enabled for app services - #​6281
• arm: AzureDefenderOStorage - #​6269
• arm: MySQLPublicAccessDisabled-Azure MySQL: Restrict Public Access - #​6263
• arm: StorageSyncPublicAccessDisabled - #​6331
• secrets: eliminate false positives in entropy keyword combinator detector - #​6327

Bug Fix

• ansible: fix ansible resource id in local graph - #​6344
• secrets: fix entropy type - #​6347

v3.2.104

Compare Source

v3.2.103

Compare Source

v3.2.102

Compare Source

v3.2.101

Compare Source

v3.2.100

Compare Source

Feature

• sast: TS-legacy-checks - #​6311
• secrets: entropy limit as env variable - #​6332

v3.2.99

Compare Source

---

Configuration

📅 Schedule: Branch creation - "after 9am and before 5pm every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.