chore(deps): update dependency carvel-dev/vendir to v0.40.0

[renovate]

This PR contains the following updates:

Package	Update	Change
carvel-dev/vendir	minor	v0.39.0 -> v0.40.0

---

Release Notes

carvel-dev/vendir (carvel-dev/vendir)

v0.40.0

Compare Source

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

### Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.0/vendir-linux-amd64

### Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir

### Make the binary executable
chmod +x /usr/local/bin/vendir

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version  

Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

### Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.0/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.0/checksums.txt.sig

### Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

### Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

✨ What's new

• Fix codegeneration
• Force usage of Basic Auth when retrieving repositories from git when a flag is configured #​361
• Enforce timeout when retrieving tags from a registry #​329
• Normalize paths provided in the configuration file #​341
• Do not allow overlapping paths #​343

New Contributors

• @​alexbarbato made their first contributihttps://github.com/carvel-dev/vendir/pull/344ll/344

Full Changelog: carvel-dev/vendir@v0.39.0...v0.40.0

📂 Files Checksum

0bf3840619436908b11fce2c7015d928450b41a3b9ef19fecc6223ff2ed084a4  ./vendir-darwin-amd64
1b8e5eea893f78ed04b6834f24e1a69bbc9259cd7662bd7fe11283cdf8c482d0  ./vendir-windows-amd64.exe
3e076a452d88d6e3bc190d527f4d7c949ab6eccae19bf5d3cbb910d53724f2b9  ./vendir-linux-amd64
b6defba97d36e26e02df8b263de17061bbbc432365c9d26070eb7a837d7e33fc  ./vendir-darwin-arm64
c43469a085dd0f6cebdab97a7747710f9dafa4886dd5e0ae7c1d3f975a12756e  ./vendir-linux-arm64

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.