Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency carvel-dev/vendir to v0.42.0 #365

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency carvel-dev/vendir to v0.42.0 #365

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 16, 2024
edited
Loading

This PR contains the following updates:

Package Update Change
carvel-dev/vendir minor 0.40.0 -> 0.42.0

Release Notes

carvel-dev/vendir (carvel-dev/vendir)

v0.42.0

Compare Source

Installation and signature verification
Installation
By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

### Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.42.0/vendir-linux-amd64

### Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir

### Make the binary executable
chmod +x /usr/local/bin/vendir
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

### Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.42.0/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.42.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.42.0/checksums.txt.sig

### Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

### Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

Changelog

  • 064b9c4 Allow additional CA certs to be supplied via vendir YAML when pulling an imgpkg bundle by @​100mik
  • f6eaffe fix: avoid panic by checking response for nil by @​Zebradil

📂 Files Checksum

40afd08db3b1ee96350f1ab09bd9208aa7edec458c4b5f167eb71ac076576571  ./vendir-linux-amd64
683ad9c8174f9f81dc17b2fd81f79a7f83a40a942201ae15a50d97a586fb16be  ./vendir-windows-amd64.exe
a47b6aab79f4fdd66136e8a8434b6d8c8fc16ad4c38c60fcc5e95475fd333e24  ./vendir-darwin-arm64
df7487c414da4425aa682271f236ae2912c828eb8b1aaebbb2f1af010ef5b289  ./vendir-darwin-amd64
fd631a32207efd79d84911186c50d80cbd136a4cddb5dffa3f11c3f7689c6ff0  ./vendir-linux-arm64

v0.41.1

Compare Source

Installation and signature verification
Installation
By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

### Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/vendir-linux-amd64

### Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir

### Make the binary executable
chmod +x /usr/local/bin/vendir
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

### Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/checksums.txt.sig

### Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

### Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

✨ What's new

  • Fixing CVE by @​rohitagg2020 in #​394

Full Changelog: carvel-dev/vendir@v0.41.0...v0.41.1

📂 Files Checksum

58facd06bae6ffc858b348da9dcc0b032d030a6a31767fea6f9166658d7a61e2  ./vendir-linux-arm64
67411476ecc322c4b32619b168bf5a7fafc86daa764251be1613bec22c1c1003  ./vendir-windows-amd64.exe
993ae33df2e722c327aff4807eeba0e08b0c9f3bd996e67caa89c503c6a8bcda  ./vendir-darwin-arm64
ad63b667c7756cac7804e080861b3e794fbfc83ba662f5461928c30fe890a828  ./vendir-darwin-amd64
f878f3e16b702c47e42b2215a670d65028bc0158643ed28a2dfaa6f37b1344ac  ./vendir-linux-amd64

v0.41.0

Compare Source

Installation and signature verification
Installation
By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

### Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/vendir-linux-amd64

### Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir

### Make the binary executable
chmod +x /usr/local/bin/vendir
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

### Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.0/checksums.txt.sig

### Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

### Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

✨ What's new

  • Bumping dependencies in #​390 by @​rohitagg2020
  • Add cache for mercurial repositories in #​372 by @​cdevienne
  • Add cache for git repositories in #​380 by @​cdevienne

Full Changelog: carvel-dev/vendir@v0.40.1...v0.41.0

📂 Files Checksum

295714208c95c4a3602fc2308d098a7540a2b71fdc1e104f95b3816fa073852c  ./vendir-darwin-amd64
3b1094bf45a9ff5c2915a986f4d7cee8480c3cab31c060445f851c48f397ee31  ./vendir-linux-amd64
555806ae50e2f8cb0f0034263ae2e29ece13a3ad2ee691d13536c33ea4728c2e  ./vendir-windows-amd64.exe
f1456d6cbf11299eece2e87563caabe24309302c327c5e42a357ebeaba057a05  ./vendir-linux-arm64
f9df00c3d35cf9d15767ea9b18a668ee9627eebefe0b6d4e1e4b648d5c992ceb  ./vendir-darwin-arm64

v0.40.3

Compare Source

Installation and signature verification
Installation
By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

### Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.3/vendir-linux-amd64

### Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir

### Make the binary executable
chmod +x /usr/local/bin/vendir
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

### Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.3/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.3/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.3/checksums.txt.sig

### Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

### Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

✨ What's new

  • Docker version bump to fix CVE-2024-41110 by @​devanshuVmware in #​396

Full Changelog: carvel-dev/vendir@v0.40.2...v0.40.3

📂 Files Checksum

287b5fba2bd6079e5dc52f4da29e16a851fe4ae1d625019b00f9ca8c8da776ed  ./vendir-linux-amd64
83a734a6b8989319da6f0ad2669e75fb9b313df761852693f45e90b11828c29e  ./vendir-darwin-arm64
8bce41331a903a681040b1e09993155cb902ff90e31e3c77e9dba18118ccc4b2  ./vendir-linux-arm64
b450bf1bdbb080569e00779e99cde05e8c02547cd432b84837f00f4884457850  ./vendir-darwin-amd64
dc7c64eb65b040fa2f42943ef1dade27d4909f74ae03182dc8e2f79daf4d134f  ./vendir-windows-amd64.exe

v0.40.2

Compare Source

Installation and signature verification
Installation
By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

### Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/vendir-linux-amd64

### Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir

### Make the binary executable
chmod +x /usr/local/bin/vendir
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

### Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/checksums.txt.sig

### Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

### Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

✨ What's new

  • Bumping golang to 1.22.4 in #​386 by @​rohitagg2020

Full Changelog: carvel-dev/vendir@v0.40.0...v0.40.1

📂 Files Checksum

59eba74240e96d96fae62c2cd2fdd2606dde9217fb1cd4c04a5a074a9afcb59e  ./vendir-linux-amd64
744a181e17cfe92decc1f7952d34d7188359f40d23a15504473087a89a4b9cd2  ./vendir-darwin-amd64
7fcc16616fe2b5f4ab4526d201713cdc365f3b2eca389d55c6f3d00e39f7a03e  ./vendir-windows-amd64.exe
c4068b8d46fe740f356685d3294043d3b1358d925e3d85e6b5294d5c7e43099a  ./vendir-linux-arm64
c6ad5ec731e5c6e46e37cfed28b7e0596178683bf0bd34556eceac925188dd30  ./vendir-darwin-arm64

v0.40.1

Compare Source

Installation and signature verification
Installation
By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

### Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.1/vendir-linux-amd64

### Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir

### Make the binary executable
chmod +x /usr/local/bin/vendir
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

### Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.1/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.1/checksums.txt.sig

### Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

### Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

✨ What's new

🔈 Callouts

Full Changelog: carvel-dev/vendir@v0.40.0...v0.40.1

📂 Files Checksum

3941cf7b7ba1219d574b93ce1bd8b77928ad9ff9cdf8e2debf3ae11ae695792f  ./vendir-darwin-amd64
34974c9a6a6e32eb21adac47ce72df6340d36886b5ebe8b5937444a0d7ecc529  ./vendir-darwin-arm64
d7c602d8882085be78cd02a575a6c3b437bb2fa1ff1067712f593d8cf05c94fa  ./vendir-linux-amd64
43e98922103ef30995a11bd4491b138b635c9b7bf17f98475fb5a06c87392e1d  ./vendir-linux-arm64
7d240b999712e617021e057afeabf2803a89ab93ca91f44a58e063fa74d7eee3  ./vendir-windows-amd64.exe

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/carvel-dev-vendir-0.x branch from c34c600 to d40b08f Compare June 12, 2024 20:20
@renovate renovate bot changed the title chore(deps): update dependency carvel-dev/vendir to v0.40.1 chore(deps): update dependency carvel-dev/vendir to v0.40.2 Jun 12, 2024
@renovate renovate bot force-pushed the renovate/carvel-dev-vendir-0.x branch from d40b08f to 2134617 Compare July 17, 2024 07:34
@renovate renovate bot changed the title chore(deps): update dependency carvel-dev/vendir to v0.40.2 chore(deps): update dependency carvel-dev/vendir to v0.41.0 Jul 17, 2024
@renovate renovate bot force-pushed the renovate/carvel-dev-vendir-0.x branch from 2134617 to 58b88af Compare September 3, 2024 10:38
@renovate renovate bot changed the title chore(deps): update dependency carvel-dev/vendir to v0.41.0 chore(deps): update dependency carvel-dev/vendir to v0.41.1 Sep 3, 2024
@renovate renovate bot force-pushed the renovate/carvel-dev-vendir-0.x branch from 58b88af to 0e1e871 Compare September 11, 2024 05:02
@renovate renovate bot changed the title chore(deps): update dependency carvel-dev/vendir to v0.41.1 chore(deps): update dependency carvel-dev/vendir to v0.42.0 Sep 11, 2024
@renovate renovate bot changed the title chore(deps): update dependency carvel-dev/vendir to v0.42.0 Update dependency carvel-dev/vendir to v0.42.0 Oct 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants