Releases: chainguard-dev/melange
Releases · chainguard-dev/melange
Release v0.13.0
What's Changed
- build(deps): bump the gomod group with 5 updates by @dependabot in #1517
- Add pipeline markdown reference markdown generator. by @wlynch in #1492
- Support string replacement in ImageContents by @jonjohnsonjr in #1519
- git-checkout: support scheduled updates by @xnox in #1516
- sca: never emit libcuda.so.1 runtime dep by @xnox in #1515
- feat(melange): Add sub for output directory by @EyeCantCU in #1490
- build(deps): bump actions/checkout from 4.1.7 to 4.2.0 in the actions group by @dependabot in #1523
- build(deps): bump github.com/chainguard-dev/yam from 0.1.1 to 0.2.0 by @dependabot in #1525
- build(deps): bump google.golang.org/api from 0.198.0 to 0.199.0 by @dependabot in #1524
- Adjust an e2e-test that made a bad assumption. by @smoser in #1532
- add --cleanup flag (default true) by @imjasonh in #1529
- Added additional documentation for package version selection by @hbh7 in #1530
- Properly detect .so files as deps by @justinvreeland in #1526
- test: Fix typo by @jonjohnsonjr in #1535
- Fix typo in README by @jonjohnsonjr in #1451
New Contributors
- @hbh7 made their first contribution in #1530
- @justinvreeland made their first contribution in #1526
Full Changelog: v0.12.1...v0.13.0
Contributors
smoser, xnox, and 7 other contributors
Assets 20
- 500 Bytes
2024-10-04T09:29:35Z - 3.18 KB
2024-10-04T09:29:37Z - 96 Bytes
2024-10-04T09:29:36Z - 23.4 MB
2024-10-04T09:29:34Z - 3.18 KB
2024-10-04T09:29:36Z - 96 Bytes
2024-10-04T09:29:36Z - 22.5 MB
2024-10-04T09:29:34Z - 3.18 KB
2024-10-04T09:29:35Z - 96 Bytes
2024-10-04T09:29:35Z - 22.4 MB
2024-10-04T09:29:34Z -
2024-10-04T09:25:33Z -
2024-10-04T09:25:33Z - Loading
Release v0.12.1
What's Changed
- build(deps): bump step-security/harden-runner from 2.9.1 to 2.10.1 in the actions group by @dependabot in #1501
- build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.29.0 to 1.30.0 by @dependabot in #1499
- build(deps): bump the gomod group with 2 updates by @dependabot in #1497
- build(deps): bump dagger.io/dagger from 0.12.7 to 0.13.0 by @dependabot in #1500
- cleanup: remove some direct imports of charm log by @imjasonh in #1495
- keygen: reject bit size < 2048 by @imjasonh in #1496
- pombump: add flag to display the dependency tree by @hectorj2f in #1502
- Only read the first line for shbang. by @smoser in #1213
- Include subpackage name in slog values by @jonjohnsonjr in #1505
- update_config: expose function to get valid schedule messages by @rawlingsj in #1507
- sca: remove set but never used variable by @xnox in #1509
- Add uses and name to slog values by @jonjohnsonjr in #1506
- build(deps): bump chainguard.dev/apko from 0.18.1 to 0.19.1 by @dependabot in #1512
- build(deps): bump the gomod group with 2 updates by @dependabot in #1510
- build(deps): bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by @dependabot in #1511
Full Changelog: v0.12.0...v0.13.0
What's Changed
- build(deps): bump step-security/harden-runner from 2.9.1 to 2.10.1 in the actions group by @dependabot in #1501
- build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.29.0 to 1.30.0 by @dependabot in #1499
- build(deps): bump the gomod group with 2 updates by @dependabot in #1497
- build(deps): bump dagger.io/dagger from 0.12.7 to 0.13.0 by @dependabot in #1500
- cleanup: remove some direct imports of charm log by @imjasonh in #1495
- keygen: reject bit size < 2048 by @imjasonh in #1496
- pombump: add flag to display the dependency tree by @hectorj2f in #1502
- Only read the first line for shbang. by @smoser in #1213
- Include subpackage name in slog values by @jonjohnsonjr in #1505
- update_config: expose function to get valid schedule messages by @rawlingsj in #1507
- sca: remove set but never used variable by @xnox in #1509
- Add uses and name to slog values by @jonjohnsonjr in #1506
- build(deps): bump chainguard.dev/apko from 0.18.1 to 0.19.1 by @dependabot in #1512
- build(deps): bump the gomod group with 2 updates by @dependabot in #1510
- build(deps): bump github.com/docker/docker from 27.2.1+incompatible to 27.3.0+incompatible by @dependabot in #1511
- build(deps): bump github.com/docker/cli from 27.2.1+incompatible to 27.3.0+incompatible by @dependabot in #1513
Full Changelog: v0.12.0...v0.12.1
Contributors
smoser, xnox, and 5 other contributors
Assets 20
Release v0.12.0
What's Changed
- config: Whack more moles for string replacement by @jonjohnsonjr in #1479
- pipelines/ruby: remove signing_key by default by @Dentrax in #1481
- build(deps): bump golang.org/x/crypto from 0.26.0 to 0.27.0 by @dependabot in #1487
- build(deps): bump the gomod group with 2 updates by @dependabot in #1484
- build(deps): bump google.golang.org/api from 0.195.0 to 0.196.0 by @dependabot in #1488
- upgrade to golang 1.23 by @k4leung4 in #1443
- update to go1.23.1 by @cpanato in #1489
- index: stop writing APKINDEX.json by @xnox in #1491
- apko upgrade by @xnox in #1493
Full Changelog: v0.11.6...v0.12.0
Contributors
xnox, cpanato, and 4 other contributors
Assets 20
Release v0.11.6
What's Changed
- adds git checkout fetch,update,test and yams the melange apkbuild yamls by @mritunjaysharma394 in #1477
New Contributors
- @mritunjaysharma394 made their first contribution in #1477
Full Changelog: v0.11.5...v0.11.6
Contributors
mritunjaysharma394
Assets 20
Release v0.11.5
What's Changed
- fix(split pipelines): Don't split lib64 libraries by @EyeCantCU in #1476
Full Changelog: v0.11.4...v0.11.5
Contributors
EyeCantCU
Assets 20
Release v0.11.4
What's Changed
- build(deps): bump dagger.io/dagger from 0.12.6 to 0.12.7 in the gomod group by @dependabot in #1469
- build(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 in the actions group by @dependabot in #1468
- feat(pipelines/split): Support overriding source package by @EyeCantCU in #1472
Full Changelog: v0.11.3...v0.11.4
Contributors
EyeCantCU and dependabot
Assets 20
Release v0.11.3
What's Changed
- fix(sca): Correctly check for existing Ruby runtime dependency by @EyeCantCU in #1387
- build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 in the actions group by @dependabot in #1378
- build(deps): bump google.golang.org/api from 0.187.0 to 0.188.0 by @dependabot in #1382
- build(deps): bump github.com/google/go-containerregistry from 0.19.2 to 0.20.1 by @dependabot in #1392
- build(deps): bump step-security/harden-runner from 2.8.1 to 2.9.0 in the actions group by @dependabot in #1391
- build(deps): bump the gomod group across 1 directory with 2 updates by @dependabot in #1390
- build(deps): bump dagger.io/dagger from 0.11.9 to 0.12.1 by @dependabot in #1389
- build(deps): bump github.com/docker/cli from 27.0.3+incompatible to 27.1.0+incompatible by @dependabot in #1397
- Expose ignoreSignatures functionality by @Kevin-Molina in #1375
- build(deps): bump github.com/docker/docker from 27.0.3+incompatible to 27.1.0+incompatible by @dependabot in #1396
- build(deps): bump docker/login-action from 3.2.0 to 3.3.0 in the actions group by @dependabot in #1398
- build(deps): bump google.golang.org/api from 0.188.0 to 0.189.0 by @dependabot in #1401
- fix: ignore resource requests for the docker runner by @imjasonh in #1403
- build(deps): bump dagger.io/dagger from 0.12.1 to 0.12.2 in the gomod group by @dependabot in #1400
- Bump apko dependency by @mattmoor in #1404
- fix ruby sca by @xnox in #1410
- Add HOME=/root to default test environment. by @smoser in #1408
- build(deps): bump the gomod group with 4 updates by @dependabot in #1405
- update config: provide configuration to describe polling and schedules by @rawlingsj in #1412
- build(deps): bump the gomod group with 2 updates by @dependabot in #1416
- build(deps): bump google.golang.org/api from 0.189.0 to 0.190.0 by @dependabot in #1419
- build(deps): bump the actions group with 2 updates by @dependabot in #1415
- build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 by @dependabot in #1418
- build(deps): bump golang.org/x/time from 0.5.0 to 0.6.0 by @dependabot in #1417
- build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0 by @dependabot in #1420
- update config: replace recently added polling with git struct by @rawlingsj in #1421
- build(deps): bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 in the gomod group by @dependabot in #1423
- build(deps): bump golang.org/x/text from 0.16.0 to 0.17.0 by @dependabot in #1424
- build(deps): bump google.golang.org/api from 0.190.0 to 0.191.0 by @dependabot in #1426
- build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0 by @dependabot in #1428
- move 'adding package %q for pipeline %q' to debug logging by @imjasonh in #1429
- don't depend on apko's custom log package by @imjasonh in #1430
- build(deps): bump github.com/chainguard-dev/yam from 0.0.13 to 0.1.0 by @dependabot in #1431
- Feat/qemu runners by @89luca89 in #1386
- Attempt to fix qemu ci by @jonjohnsonjr in #1434
- build(deps): bump the actions group with 3 updates by @dependabot in #1432
- Centralize sca options handling by @jonjohnsonjr in #1433
- Add test to catch duplicate package names by @jonjohnsonjr in #1439
- build(deps): bump the gomod group with 4 updates by @dependabot in #1437
- build(deps): bump google.golang.org/api from 0.191.0 to 0.192.0 by @dependabot in #1438
- move 'found pipeline' log message to debug by @imjasonh in #1440
- melange convert python: use normalized names by @pnasrat in #1441
- Bump apko to get chainctl auth error log by @jonjohnsonjr in #1442
- Replace "needs" in range pipelines by @jonjohnsonjr in #1445
- docs: Add information on the repository used with the
gitupdateconfiguration option by @philroche in #1447 - Refactor parts of the ParseConfiguration by @jonjohnsonjr in #1446
- build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.28.0 to 1.29.0 by @dependabot in #1455
- build(deps): bump google.golang.org/api from 0.192.0 to 0.194.0 by @dependabot in #1452
- config: Replace pipelines at top level by @jonjohnsonjr in #1456
- refactor(sbom): cleanup, simplify, and document code by @luhring in #1458
- More SBOM logic improvements by @luhring in #1459
- build(deps): bump github.com/docker/cli from 27.1.2+incompatible to 27.2.0+incompatible by @dependabot in #1461
- build(deps): bump google.golang.org/api from 0.194.0 to 0.195.0 by @dependabot in #1463
- build(deps): bump github.com/docker/docker from 27.1.2+incompatible to 27.2.0+incompatible by @dependabot in #1462
- build(deps): bump dagger.io/dagger from 0.12.5 to 0.12.6 in the gomod group by @dependabot in #1465
- chore(cargo/build): Allow changing install dir, add busybox by @EyeCantCU in #1466
- sca: add support for more go fips toolchains by @xnox in #1471
- sca: make pc: provides/vendored use full package version by @xnox in #1467
New Contributors
- @Kevin-Molina made their first contribution in #1375
- @89luca89 made their first contribution in #1386
- @philroche made their first contribution in #1447
Full Changelog: v0.11.2...v0.11.3
Contributors
pnasrat, smoser, and 11 other contributors
Assets 20
Release v0.11.2
What's Changed
- feat(sca): Generate dependency on Ruby when building gems by @EyeCantCU in #1384
Full Changelog: v0.11.0...v0.11.2
Contributors
EyeCantCU
Assets 20
Release v0.11.1
What's Changed
- feat(sca): Generate dependency on Ruby when building gems by @EyeCantCU in #1384
Full Changelog: v0.11.0...v0.11.1
Contributors
EyeCantCU
Assets 20
Release v0.11.0
What's Changed
- refactor Keygen opts to a struct by @imjasonh in #1364
- better SCA e2e tests, fix
no-providesbug by @imjasonh in #1369 - drop lima runner by @imjasonh in #1373
- remove defunct reference to k8s runner by @imjasonh in #1374
- fix(pipelines): Use contextdir instead of destdir in a few places by @EyeCantCU in #1376
- fix(cargo/build): test for non-zero length by @jalmeroth in #1333
- don't SCA-generate
so:orpc:provides for libs not directly in lib dirs by @imjasonh in #1372 - Add update.exclude-reason field. by @wlynch in #1371
- Apply variables to workdir within a range by @jdolitsky in #1383
New Contributors
- @jalmeroth made their first contribution in #1333
Full Changelog: v0.10.4...v0.11.0
Contributors
imjasonh, jdolitsky, and 3 other contributors