Releases: chainguard-dev/melange
Releases · chainguard-dev/melange
Release v0.12.0
What's Changed
- config: Whack more moles for string replacement by @jonjohnsonjr in #1479
- pipelines/ruby: remove signing_key by default by @Dentrax in #1481
- build(deps): bump golang.org/x/crypto from 0.26.0 to 0.27.0 by @dependabot in #1487
- build(deps): bump the gomod group with 2 updates by @dependabot in #1484
- build(deps): bump google.golang.org/api from 0.195.0 to 0.196.0 by @dependabot in #1488
- upgrade to golang 1.23 by @k4leung4 in #1443
- update to go1.23.1 by @cpanato in #1489
- index: stop writing APKINDEX.json by @xnox in #1491
- apko upgrade by @xnox in #1493
Full Changelog: v0.11.6...v0.12.0
Contributors
xnox, cpanato, and 4 other contributors
Assets 20
Release v0.11.6
What's Changed
- adds git checkout fetch,update,test and yams the melange apkbuild yamls by @mritunjaysharma394 in #1477
New Contributors
- @mritunjaysharma394 made their first contribution in #1477
Full Changelog: v0.11.5...v0.11.6
Contributors
mritunjaysharma394
Assets 20
Release v0.11.5
What's Changed
- fix(split pipelines): Don't split lib64 libraries by @EyeCantCU in #1476
Full Changelog: v0.11.4...v0.11.5
Contributors
EyeCantCU
Assets 20
Release v0.11.4
What's Changed
- build(deps): bump dagger.io/dagger from 0.12.6 to 0.12.7 in the gomod group by @dependabot in #1469
- build(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 in the actions group by @dependabot in #1468
- feat(pipelines/split): Support overriding source package by @EyeCantCU in #1472
Full Changelog: v0.11.3...v0.11.4
Contributors
EyeCantCU and dependabot
Assets 20
Release v0.11.3
What's Changed
- fix(sca): Correctly check for existing Ruby runtime dependency by @EyeCantCU in #1387
- build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 in the actions group by @dependabot in #1378
- build(deps): bump google.golang.org/api from 0.187.0 to 0.188.0 by @dependabot in #1382
- build(deps): bump github.com/google/go-containerregistry from 0.19.2 to 0.20.1 by @dependabot in #1392
- build(deps): bump step-security/harden-runner from 2.8.1 to 2.9.0 in the actions group by @dependabot in #1391
- build(deps): bump the gomod group across 1 directory with 2 updates by @dependabot in #1390
- build(deps): bump dagger.io/dagger from 0.11.9 to 0.12.1 by @dependabot in #1389
- build(deps): bump github.com/docker/cli from 27.0.3+incompatible to 27.1.0+incompatible by @dependabot in #1397
- Expose ignoreSignatures functionality by @Kevin-Molina in #1375
- build(deps): bump github.com/docker/docker from 27.0.3+incompatible to 27.1.0+incompatible by @dependabot in #1396
- build(deps): bump docker/login-action from 3.2.0 to 3.3.0 in the actions group by @dependabot in #1398
- build(deps): bump google.golang.org/api from 0.188.0 to 0.189.0 by @dependabot in #1401
- fix: ignore resource requests for the docker runner by @imjasonh in #1403
- build(deps): bump dagger.io/dagger from 0.12.1 to 0.12.2 in the gomod group by @dependabot in #1400
- Bump apko dependency by @mattmoor in #1404
- fix ruby sca by @xnox in #1410
- Add HOME=/root to default test environment. by @smoser in #1408
- build(deps): bump the gomod group with 4 updates by @dependabot in #1405
- update config: provide configuration to describe polling and schedules by @rawlingsj in #1412
- build(deps): bump the gomod group with 2 updates by @dependabot in #1416
- build(deps): bump google.golang.org/api from 0.189.0 to 0.190.0 by @dependabot in #1419
- build(deps): bump the actions group with 2 updates by @dependabot in #1415
- build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 by @dependabot in #1418
- build(deps): bump golang.org/x/time from 0.5.0 to 0.6.0 by @dependabot in #1417
- build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0 by @dependabot in #1420
- update config: replace recently added polling with git struct by @rawlingsj in #1421
- build(deps): bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 in the gomod group by @dependabot in #1423
- build(deps): bump golang.org/x/text from 0.16.0 to 0.17.0 by @dependabot in #1424
- build(deps): bump google.golang.org/api from 0.190.0 to 0.191.0 by @dependabot in #1426
- build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0 by @dependabot in #1428
- move 'adding package %q for pipeline %q' to debug logging by @imjasonh in #1429
- don't depend on apko's custom log package by @imjasonh in #1430
- build(deps): bump github.com/chainguard-dev/yam from 0.0.13 to 0.1.0 by @dependabot in #1431
- Feat/qemu runners by @89luca89 in #1386
- Attempt to fix qemu ci by @jonjohnsonjr in #1434
- build(deps): bump the actions group with 3 updates by @dependabot in #1432
- Centralize sca options handling by @jonjohnsonjr in #1433
- Add test to catch duplicate package names by @jonjohnsonjr in #1439
- build(deps): bump the gomod group with 4 updates by @dependabot in #1437
- build(deps): bump google.golang.org/api from 0.191.0 to 0.192.0 by @dependabot in #1438
- move 'found pipeline' log message to debug by @imjasonh in #1440
- melange convert python: use normalized names by @pnasrat in #1441
- Bump apko to get chainctl auth error log by @jonjohnsonjr in #1442
- Replace "needs" in range pipelines by @jonjohnsonjr in #1445
- docs: Add information on the repository used with the
gitupdateconfiguration option by @philroche in #1447 - Refactor parts of the ParseConfiguration by @jonjohnsonjr in #1446
- build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.28.0 to 1.29.0 by @dependabot in #1455
- build(deps): bump google.golang.org/api from 0.192.0 to 0.194.0 by @dependabot in #1452
- config: Replace pipelines at top level by @jonjohnsonjr in #1456
- refactor(sbom): cleanup, simplify, and document code by @luhring in #1458
- More SBOM logic improvements by @luhring in #1459
- build(deps): bump github.com/docker/cli from 27.1.2+incompatible to 27.2.0+incompatible by @dependabot in #1461
- build(deps): bump google.golang.org/api from 0.194.0 to 0.195.0 by @dependabot in #1463
- build(deps): bump github.com/docker/docker from 27.1.2+incompatible to 27.2.0+incompatible by @dependabot in #1462
- build(deps): bump dagger.io/dagger from 0.12.5 to 0.12.6 in the gomod group by @dependabot in #1465
- chore(cargo/build): Allow changing install dir, add busybox by @EyeCantCU in #1466
- sca: add support for more go fips toolchains by @xnox in #1471
- sca: make pc: provides/vendored use full package version by @xnox in #1467
New Contributors
- @Kevin-Molina made their first contribution in #1375
- @89luca89 made their first contribution in #1386
- @philroche made their first contribution in #1447
Full Changelog: v0.11.2...v0.11.3
Contributors
pnasrat, smoser, and 11 other contributors
Assets 20
Release v0.11.2
What's Changed
- feat(sca): Generate dependency on Ruby when building gems by @EyeCantCU in #1384
Full Changelog: v0.11.0...v0.11.2
Contributors
EyeCantCU
Assets 20
Release v0.11.1
What's Changed
- feat(sca): Generate dependency on Ruby when building gems by @EyeCantCU in #1384
Full Changelog: v0.11.0...v0.11.1
Contributors
EyeCantCU
Assets 20
Release v0.11.0
What's Changed
- refactor Keygen opts to a struct by @imjasonh in #1364
- better SCA e2e tests, fix
no-providesbug by @imjasonh in #1369 - drop lima runner by @imjasonh in #1373
- remove defunct reference to k8s runner by @imjasonh in #1374
- fix(pipelines): Use contextdir instead of destdir in a few places by @EyeCantCU in #1376
- fix(cargo/build): test for non-zero length by @jalmeroth in #1333
- don't SCA-generate
so:orpc:provides for libs not directly in lib dirs by @imjasonh in #1372 - Add update.exclude-reason field. by @wlynch in #1371
- Apply variables to workdir within a range by @jdolitsky in #1383
New Contributors
- @jalmeroth made their first contribution in #1333
Full Changelog: v0.10.4...v0.11.0
Contributors
imjasonh, jdolitsky, and 3 other contributors
Assets 20
Release v0.10.4
What's Changed
- build(deps): bump golang.org/x/sys from 0.21.0 to 0.22.0 by @dependabot in #1347
- build(deps): bump google.golang.org/api from 0.186.0 to 0.187.0 by @dependabot in #1346
- build(deps): bump chainguard.dev/apko from 0.15.1-0.20240702145404-20f57d2660cb to 0.16.0 by @dependabot in #1348
- build(deps): bump cloud.google.com/go/storage from 1.42.0 to 1.43.0 by @dependabot in #1350
- build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.27.0 to 1.28.0 by @dependabot in #1349
- build(deps): bump the actions group with 2 updates by @dependabot in #1354
- var-transforms: support var transform substitions across runtimes and… by @ajayk in #1356
- python/import - fix a bug in 'imports', do not require specifying python by @smoser in #1357
- build(deps): bump the gomod group with 2 updates by @dependabot in #1355
- python/import pipeline - find python3.7, python3.8, python3.9 by @smoser in #1358
- python/pipelines - resolve symlink to full path. by @smoser in #1360
- build(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 in the go_modules group by @dependabot in #1361
- Fix env overrides for interactive builds by @jonjohnsonjr in #1362
- expose keygen options by @k4leung4 in #1363
Full Changelog: v0.10.3...v0.10.4
Contributors
smoser, ajayk, and 3 other contributors
Assets 20
Release v0.10.3
What's Changed
Full Changelog: v0.10.2...v0.10.3
Contributors
cpanato