Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 Update Builder Image group #274

Merged
merged 2 commits into from
Apr 3, 2025
Merged

🌱 Update Builder Image group #274

merged 2 commits into from
Apr 3, 2025

Conversation

cluster-stack-bot[bot]
Copy link
Contributor

@cluster-stack-bot cluster-stack-bot bot commented Feb 1, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
adrienverge/yamllint minor v1.35.1 -> v1.37.0
docker.io/aquasec/trivy (source) stage minor 0.58.2 -> 0.61.0
docker.io/library/alpine stage patch 3.21.2 -> 3.21.3
golangci/golangci-lint major v1.63.4 -> v2.0.2
helm/helm patch v3.17.0 -> v3.17.2

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

adrienverge/yamllint (adrienverge/yamllint)

v1.37.0

Compare Source

v1.36.2

Compare Source

v1.36.1

Compare Source

v1.36.0

Compare Source

aquasecurity/trivy (docker.io/aquasec/trivy)

v0.61.0

Compare Source

Features
Bug Fixes
Performance Improvements

v0.60.0

Compare Source

Features
Bug Fixes
  • db: fix case when 2 trivy-db were copied at the same time (#​8452) (bb3cca6)
  • don't use scope for trivy registry login command (#​8393) (8715e5d)
  • go: merge nested flags into string for ldflags for Go binaries (#​8368) (b675b06)
  • image: disable AVD-DS-0007 for history scanning (#​8366) (a3cd693)
  • k8s: add missed option PkgRelationships (#​8442) (f987e41)
  • misconf: do not log scanners when misconfig scanning is disabled (#​8345) (5695eb2)
  • misconf: ecs include enhanced for container insights (#​8326) (39789ff)
  • misconf: fix incorrect k8s locations due to JSON to YAML conversion (#​8073) (a994453)
  • os: add mapping OS aliases (#​8466) (6b4cebe)
  • python: add poetry v2 support (#​8323) (10cd98c)
  • report: remove html escaping for shortDescription and fullDescription fields for sarif reports (#​8344) (3eb0b03)
  • sbom: add SBOM file's filePath as Application FilePath if we can't detect its path (#​8346) (ecc01bb)
  • sbom: improve logic for binding direct dependency to parent component (#​8489) (85cca8c)
  • sbom: preserve OS packages from multiple SBOMs (#​8325) (bd5baaf)
  • server: secrets inspectation for the config analyzer in client server mode (#​8418) (a1c4bd7)
  • spdx: init pkgFilePaths map for all formats (#​8380) (72ea4b0)
  • terraform: apply parser options to submodule parsing (#​8377) (398620b)
  • update all documentation links (#​8045) (49456ba)

v0.59.1

Compare Source

Changelog

  • 9aabfd2 release: v0.59.1 [release/v0.59] (#​8334)
  • 412c690 fix(misconf): do not log scanners when misconfig scanning is disabled [backport: release/v0.59] (#​8349)
  • 98f9ba2 chore(deps): bump Go to v1.23.5 [backport: release/v0.59] (#​8343)
  • 1741fdd fix(python): add poetry v2 support [backport: release/v0.59] (#​8335)
  • 3fd8e27 fix(sbom): preserve OS packages from multiple SBOMs [backport: release/v0.59] (#​8333)

v0.59.0

Compare Source

Features
Bug Fixes
Performance Improvements
golangci/golangci-lint (golangci/golangci-lint)

v2.0.2

Compare Source

  1. Misc.
    • Fixes flags parsing for formatters
    • Fixes the filepath used by the exclusion source option
  2. Documentation
    • Adds a section about flags migration
    • Cleaning pages with v1 options

v2.0.1

Compare Source

  1. Linters/formatters bug fixes
    • golines: fix settings during linter load
  2. Misc.
    • Validates the version field before the configuration
    • forbidigo: fix migration

v2.0.0

Compare Source

  1. Enhancements
  2. New linters/formatters
  3. Linters new features
    • ⚠️ Merge staticcheck, stylecheck, gosimple into one linter (staticcheck) (cf. Migration guide)
    • go-critic: from 0.12.0 to 0.13.0
    • gomodguard: from 1.3.5 to 1.4.1 (block explicit indirect dependencies)
    • nilnil: from 1.0.1 to 1.1.0 (new option: only-two)
    • perfsprint: from 0.8.2 to 0.9.1 (checker name in the diagnostic message)
    • staticcheck: new quickfix set of rules
    • testifylint: from 1.5.2 to 1.6.0 (new options: equal-values, suite-method-signature, require-string-msg)
    • wsl: from 4.5.0 to 4.6.0 (new option: allow-cuddle-used-in-block)
  4. Linters bug fixes
    • bidichk: from 0.3.2 to 0.3.3
    • errchkjson: from 0.4.0 to 0.4.1
    • errname: from 1.0.0 to 1.1.0
    • funlen: fix ignore-comments option
    • gci: from 0.13.5 to 0.13.6
    • gosmopolitan: from 1.2.2 to 1.3.0
    • inamedparam: from 0.1.3 to 0.2.0
    • intrange: from 0.3.0 to 0.3.1
    • protogetter: from 0.3.9 to 0.3.12
    • unparam: from 8a5130c to 0df0534
  5. Misc.
    • 🧹 Configuration options renaming (cf. Migration guide)
    • 🧹 Remove options (cf. Migration guide)
    • 🧹 Remove flags (cf. Migration guide)
    • 🧹 Remove alternative names (cf. Migration guide)
    • 🧹 Remove or replace deprecated elements (cf. Migration guide)
    • Adds an option to display some commands as JSON:
      • golangci-lint config path --json
      • golangci-lint help linters --json
      • golangci-lint help formatters --json
      • golangci-lint linters --json
      • golangci-lint formatters --json
      • golangci-lint version --json
  6. Documentation

v1.64.8

Compare Source

  • Detects use of configuration files from golangci-lint v2

v1.64.7

Compare Source

  1. Linters bug fixes
    • depguard: from 2.2.0 to 2.2.1
    • dupl: from 3e9179a to f665c8d
    • gosec: from 2.22.1 to 2.22.2
    • staticcheck: from 0.6.0 to 0.6.1
  2. Documentation
    • Add GitLab documentation

v1.64.6

Compare Source

  1. Linters bug fixes
    • asciicheck: from 0.4.0 to 0.4.1
    • contextcheck: from 1.1.5 to 1.1.6
    • errcheck: from 1.8.0 to 1.9.0
    • exptostd: from 0.4.1 to 0.4.2
    • ginkgolinter: from 0.19.0 to 0.19.1
    • go-exhaustruct: from 3.3.0 to 3.3.1
    • gocheckcompilerdirectives: from 1.2.1 to 1.3.0
    • godot: from 1.4.20 to 1.5.0
    • perfsprint: from 0.8.1 to 0.8.2
    • revive: from 1.6.1 to 1.7.0
    • tagalign: from 1.4.1 to 1.4.2

v1.64.5

Compare Source

  1. Bug fixes
    • Add missing flag new-from-merge-base-flag
  2. Linters bug fixes
    • asciicheck: from 0.3.0 to 0.4.0
    • forcetypeassert: from 0.1.0 to 0.2.0
    • gosec: from 2.22.0 to 2.22.1

v1.64.4

Compare Source

  1. Linters bug fixes
    • gci: fix standard packages list for go1.24

v1.64.3

Compare Source

  1. Linters bug fixes
    • ginkgolinter: from 0.18.4 to 0.19.0
    • go-critic: from 0.11.5 to 0.12.0
    • revive: from 1.6.0 to 1.6.1
    • gci: fix standard packages list for go1.24
  2. Misc.
    • Build Docker images with go1.24

v1.64.2

Compare Source

This is the last minor release of golangci-lint v1.
The next release will be golangci-lint v2.

  1. Enhancements
    • 🎉 go1.24 support
    • New issues.new-from-merge-base option
    • New run.relative-path-mode option
  2. Linters new features
    • copyloopvar: from 1.1.0 to 1.2.1 (support suggested fixes)
    • exptostd: from 0.3.1 to 0.4.1 (handles golang.org/x/exp/constraints.Ordered)
    • fatcontext: from 0.5.3 to 0.7.1 (new option: check-struct-pointers)
    • perfsprint: from 0.7.1 to 0.8.1 (new options: integer-format, error-format, string-format, bool-format, and hex-format)
    • revive: from 1.5.1 to 1.6.0 (new rules: redundant-build-tag, use-errors-new. New option early-return.early-return)
  3. Linters bug fixes
    • go-errorlint: from 1.7.0 to 1.7.1
    • gochecknoglobals: from 0.2.1 to 0.2.2
    • godox: from 006bad1 to 1.1.0
    • gosec: from 2.21.4 to 2.22.0
    • iface: from 1.3.0 to 1.3.1
    • nilnesserr: from 0.1.1 to 0.1.2
    • protogetter: from 0.3.8 to 0.3.9
    • sloglint: from 0.7.2 to 0.9.0
    • spancheck: fix default StartSpanMatchersSlice values
    • staticcheck: from 0.5.1 to 0.6.0
  4. Deprecations
    • ⚠️ tenv is deprecated and replaced by usetesting.os-setenv: true.
    • ⚠️ exportloopref deprecation step 2
  5. Misc.
    • Sanitize severities by output format
    • Avoid panic with plugin without description
  6. Documentation
    • Clarify depguard configuration

v1.64.1

Compare Source

Cancelled due to CI failure.

v1.64.0

Compare Source

Cancelled due to CI failure.

helm/helm (helm/helm)

v3.17.2: Helm v3.17.2

Compare Source

Helm v3.17.2 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.17.2. The common platform binaries are here:

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.17.3 is the next patch release and will be on April 09, 2025
  • 3.18.0 is the next minor release and will be on May 14, 2025

Changelog

  • Updating to 0.37.0 for x/net cc0bbbd (Matt Farina)
  • build(deps): bump the k8s-io group with 7 updates ecb7a74 (dependabot[bot])

v3.17.1: Helm v3.17.1

Compare Source

Helm v3.17.1 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.17.1. The common platform binaries are here:

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.17.2 is the next patch release and will be on March 12, 2025
  • 3.18.0 is the next minor release and will be on May 14, 2025

Changelog

  • add test for nullifying nested global value 980d8ac (Ryan Hockstad)
  • Add test case for removing an entire object c23e3b6 (Ryan Hockstad)
  • Tests for bugfix: Override subcharts with null values #​12879 3110d5f (Scott Rigby)
  • merge null child chart objects 9520c71 (Ryan Hockstad)
  • build(deps): bump the k8s-io group with 7 updates ab7dedd (dependabot[bot])
  • fix: check group for resource info match a2d3602 (Jiasheng Zhu)

Configuration

📅 Schedule: Branch creation - "on the first day of the month" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch from 2aebd9e to 88c8a87 Compare February 5, 2025 11:20
@cluster-stack-bot cluster-stack-bot bot changed the title 🌱 Update Builder Image group to v0.59.0 🌱 Update Builder Image group Feb 5, 2025
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch 4 times, most recently from 7772899 to ec942ef Compare February 15, 2025 11:18
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch 2 times, most recently from 1574eef to e616fc3 Compare March 5, 2025 11:20
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch 6 times, most recently from 5385df0 to 93b4571 Compare March 18, 2025 11:20
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch 3 times, most recently from a195019 to ad8b333 Compare March 26, 2025 11:20
@cluster-stack-bot
🌱 Update Builder Image group
63b3d91 
| datasource  | package                  | from    | to      |
| ----------- | ------------------------ | ------- | ------- |
| github-tags | adrienverge/yamllint     | v1.35.1 | v1.37.0 |
| docker      | docker.io/aquasec/trivy  | 0.58.2  | 0.61.0  |
| docker      | docker.io/library/alpine | 3.21.2  | 3.21.3  |
| github-tags | golangci/golangci-lint   | v1.63.4 | v2.0.2  |
| github-tags | helm/helm                | v3.17.0 | v3.17.2 |
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/cso-builder-image branch from ad8b333 to 63b3d91 Compare March 28, 2025 11:20
@jschoone jschoone merged commit b6069d8 into main Apr 3, 2025
8 checks passed
@jschoone jschoone deleted the renovate/cso-builder-image branch April 3, 2025 19:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jschoone jschoone jschoone approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jschoone @garloff