Release v0.8.2

What's Changed

• build(deps): bump step-security/harden-runner from 2.7.1 to 2.8.0 by @dependabot in #1224
• build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.26.0 to 1.27.0 by @dependabot in #1226
• build(deps): bump actions/checkout from 4.1.4 to 4.1.6 by @dependabot in #1225
• build(deps): bump chainguard.dev/apko from 0.14.2-0.20240516182909-5d04baeb15df to 0.14.3 by @dependabot in #1233
• build(deps): bump gitlab.alpinelinux.org/alpine/go from 0.10.0 to 0.10.1 by @dependabot in #1232
• Replaces priority by @xnox in #1166

Full Changelog: v0.8.1...v0.8.2

Release v0.8.1

What's Changed

• sbom: include external refs for fetched sourcecode in SPDX by @xnox in #1218
• Avoid panic if no external config file ref by @jonjohnsonjr in #1223

Full Changelog: v0.8.0...v0.8.1

Release v0.8.0

What's Changed

• delete k8s runner impl by @imjasonh in #1214
• custom license by @xnox in #1216

Minor Changes

• go.mod: upgrade everything by @xnox in #1215
• build(deps): bump actions/checkout from 4.1.4 to 4.1.6 by @dependabot in #1217
• build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 by @dependabot in #1206
• build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @dependabot in #1205
• Fix typo in README by @jonjohnsonjr in #1220

Full Changelog: v0.7.0...v0.8.0

Release v0.7.0

What's Changed

• Find shbangs to generate depends by @smoser in #1110
• build(deps): bump github.com/sigstore/cosign/v2 from 2.2.3 to 2.2.4 by @dependabot in #1135
• build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #1137
• build(deps): bump github.com/klauspost/compress from 1.17.7 to 1.17.8 by @dependabot in #1138
• build(deps): bump github.com/docker/cli from 26.0.0+incompatible to 26.0.1+incompatible by @dependabot in #1140
• build(deps): bump github.com/docker/docker from 26.0.0+incompatible to 26.0.1+incompatible by @dependabot in #1139
• presubmit: remove gdk-pixbuf by @imjasonh in #1143
• Revert "presubmit: remove gdk-pixbuf" by @imjasonh in #1147
• verify SPDX SBOMs using spdx-tools-java by @imjasonh in #1146
• Fix sca detection case for env with multiple arguments. by @dlorenc in #1148
• Update shbang collection to ignore 'python' and support simple 'env -S'. by @smoser in #1159
• ensure shbang check only checks valid shbangs by @joshrwolf in #1160
• build(deps): bump github.com/docker/cli from 26.0.1+incompatible to 26.0.2+incompatible by @dependabot in #1157
• build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #1149
• build(deps): bump actions/download-artifact from 4.1.4 to 4.1.5 by @dependabot in #1151
• build(deps): bump google.golang.org/api from 0.172.0 to 0.176.1 by @dependabot in #1167
• build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #1150
• build(deps): bump github.com/chainguard-dev/yam from 0.0.3 to 0.0.4 by @dependabot in #1154
• build(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.1.0+incompatible by @dependabot in #1170
• build(deps): bump actions/download-artifact from 4.1.5 to 4.1.6 by @dependabot in #1168
• build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #1169
• build(deps): bump github.com/docker/cli from 26.0.2+incompatible to 26.1.0+incompatible by @dependabot in #1171
• config: allow scriplets in subpackages with range replacements by @xnox in #1165
• Drop -release from pc versions by @jonjohnsonjr in #1173
• fix(cargo): Install all built binaries if output isn't defined by @EyeCantCU in #1174
• sbom: set supplier in addition to originator by @imjasonh in #1184
• Add melange scan by @jonjohnsonjr in #1175
• build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #1176
• build(deps): bump actions/download-artifact from 4.1.6 to 4.1.7 by @dependabot in #1177
• build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in #1178
• build(deps): bump dagger.io/dagger from 0.11.0 to 0.11.2 by @dependabot in #1183
• build(deps): bump go.opentelemetry.io/otel/sdk from 1.25.0 to 1.26.0 by @dependabot in #1182
• build(deps): bump github.com/chainguard-dev/yam from 0.0.4 to 0.0.5 by @dependabot in #1181
• build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.25.0 to 1.26.0 by @dependabot in #1179
• Bump go-apk by @jonjohnsonjr in #1185
• add global --gcplog flag to emit GCP-compatible JSON logs by @imjasonh in #1186
• pipelines/go: add back symbols tables by @xnox in #1142
• Only consider that are in a PATH dir from generateCmdProviders by @smoser in #1164
• Allow symlinks to provide cmd: by @smoser in #1188
• build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.3.0 by @dependabot in #1197
• build(deps): bump step-security/harden-runner from 2.7.0 to 2.7.1 by @dependabot in #1196
• build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #1195
• build(deps): bump google.golang.org/api from 0.176.1 to 0.177.0 by @dependabot in #1194
• build(deps): bump github.com/docker/cli from 26.1.0+incompatible to 26.1.1+incompatible by @dependabot in #1191
• build(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0 by @dependabot in #1192
• build(deps): bump github.com/chainguard-dev/yam from 0.0.5 to 0.0.6 by @dependabot in #1189
• build(deps): bump github.com/docker/docker from 26.1.0+incompatible to 26.1.2+incompatible by @dependabot in #1199
• build(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 by @dependabot in #1193
• Extract melange sign to a library by @tcnghia in #1198
• Revert "Allow symlinks to provide cmd:" by @joshrwolf in #1200
• Bump apko by @jonjohnsonjr in #1201
• Make unit tests faster by @jonjohnsonjr in #1202
• Add buildmode to go/build by @jonjohnsonjr in #1210

Full Changelog: v0.6.11...v0.7.0

Release v0.6.11

What's Changed

• Go fips deps by @xnox in #1120
• build(deps): bump google.golang.org/api from 0.171.0 to 0.172.0 by @dependabot in #1117
• build(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 by @dependabot in #1119
• Ensure configuration file is closed by @bored-engineer in #1121
• build(deps): bump cloud.google.com/go/storage from 1.39.1 to 1.40.0 by @dependabot in #1116
• build(deps): bump dagger.io/dagger from 0.10.2 to 0.11.0 by @dependabot in #1124
• cleanup: update docker dep, stop using deprecated method by @k4leung4 in #1125
• build(deps): bump go.opentelemetry.io/otel/sdk from 1.24.0 to 1.25.0 by @dependabot in #1131
• build(deps): bump github.com/chainguard-dev/yam from 0.0.2 to 0.0.3 by @dependabot in #1129
• build(deps): bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.1 by @dependabot in #1130
• build(deps): bump golang.org/x/sys from 0.18.0 to 0.19.0 by @dependabot in #1132
• build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.24.0 to 1.25.0 by @dependabot in #1128
• build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 by @dependabot in #1133

New Contributors

• @bored-engineer made their first contribution in #1121
• @k4leung4 made their first contribution in #1125

Full Changelog: v0.6.10...v0.6.11

Release v0.6.10

What's Changed

• document builtin substitutions by @imjasonh in #1071
• fix test.environment jsonschema struct tag by @joshrwolf in #913
• Bump apko by @jonjohnsonjr in #1074
• build(deps): bump gitlab.alpinelinux.org/alpine/go from 0.8.1-0.20230928153721-5381bfaecf9b to 0.9.0 by @dependabot in #949
• build(deps): bump github.com/kubescape/go-git-url from 0.0.27 to 0.0.28 by @dependabot in #1080
• build(deps): bump google.golang.org/api from 0.168.0 to 0.169.0 by @dependabot in #1081
• build(deps): bump gitlab.alpinelinux.org/alpine/go from 0.9.0 to 0.10.0 by @dependabot in #1082
• feat(pipelines): Add cargo build for rust packages by @EyeCantCU in #1077
• Add Harden Runner audit configs by @jedsalazar in #1084
• open debug session in the specific workdir by @joshrwolf in #1085
• Move "executing:" logging to debug by @imjasonh in #1087
• Switch to new octo-sts action by @mattmoor in #1088
• build(deps): bump google.golang.org/api from 0.169.0 to 0.170.0 by @dependabot in #1093
• build(deps): bump dagger.io/dagger from 0.10.1 to 0.10.2 by @dependabot in #1089
• build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #1097
• build(deps): bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #1098
• build(deps): bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 by @dependabot in #1095
• build(deps): bump cloud.google.com/go/storage from 1.39.0 to 1.39.1 by @dependabot in #1096
• build(deps): bump github.com/kubescape/go-git-url from 0.0.28 to 0.0.30 by @dependabot in #1094
• remove files from SBOM by @imjasonh in #1076
• Propagate user from image configuration by @jonjohnsonjr in #1099
• build(deps): bump github.com/docker/docker from 25.0.4+incompatible to 25.0.5+incompatible by @dependabot in #1100
• skip mounting resolv.conf for the docker runner by @joshrwolf in #1101
• Better go pipelines by @xnox in #1086
• build(deps): bump github.com/charmbracelet/log from 0.3.2-0.20240205220859-7a3834f9b367 to 0.4.0 by @dependabot in #1106
• build(deps): bump github.com/docker/cli from 25.0.4+incompatible to 26.0.0+incompatible by @dependabot in #1104
• build(deps): bump google.golang.org/api from 0.170.0 to 0.171.0 by @dependabot in #1105
• Python/sca updates by @smoser in #1102
• feat: Add build pipeline for R packages by @EyeCantCU in #1111

New Contributors

• @EyeCantCU made their first contribution in #1077
• @xnox made their first contribution in #1086
• @smoser made their first contribution in #1102

Full Changelog: v0.6.9...v0.6.10

Release v0.6.9

What's Changed

• Drop WaitDelay from bubblewrap by @jonjohnsonjr in #1067
• Fix the bug in dropping the suffix. by @vaikas in #1068
• build(deps): bump cloud.google.com/go/storage from 1.38.0 to 1.39.0 by @dependabot in #1059
• build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #1060
• build(deps): bump actions/download-artifact from 4.1.2 to 4.1.4 by @dependabot in #1063
• build(deps): bump golang.org/x/sys from 0.17.0 to 0.18.0 by @dependabot in #1062
• build(deps): bump google.golang.org/api from 0.166.0 to 0.168.0 by @dependabot in #1069
• build(deps): bump dagger.io/dagger from 0.9.10 to 0.10.1 by @dependabot in #1070

Full Changelog: v0.6.8...v0.6.9

Release v0.6.8

What's Changed

• Update pombump.yaml by @pdeslaur in #1066

New Contributors

• @pdeslaur made their first contribution in #1066

Full Changelog: v0.6.7...v0.6.8

Release v0.6.7

What's Changed

• Rename the default bump file name. by @vaikas in #1065

Full Changelog: v0.6.6...v0.6.7

Release v0.6.6

What's Changed

• Add pombump pipeline. by @vaikas in #1054
• Add ${{cross.triplet.rust.[glibc,musl]}} by @jonjohnsonjr in #1057

Full Changelog: v0.6.5...v0.6.6