Releases: chainguard-dev/melange
Releases · chainguard-dev/melange
Release v0.9.0
What's Changed
- Quote issues when evaluating the depth condition by @dakaneye in #1268
- build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.11 to 2.5.14 in the go_modules group by @dependabot in #1271
- test: Drop seemingly useless mkdir -p by @jonjohnsonjr in #1276
- Remove dead tarfilter code by @jonjohnsonjr in #1279
- Add build flag to override host libc flavor by @jonjohnsonjr in #1270
- Separate compilation from execution by @jonjohnsonjr in #1267
- Remove build.PipelineBuild as a concept by @jonjohnsonjr in #1280
- Remove ability to set logging policy by @krishjainx in #1274
- unbreak build at head from log policy removal by @k4leung4 in #1288
- build(deps): bump chainguard.dev/apko from 0.14.8 to 0.14.9 by @dependabot in #1282
- build(deps): bump github.com/klauspost/compress from 1.17.8 to 1.17.9 by @dependabot in #1286
- build(deps): bump k8s.io/apimachinery from 0.30.1 to 0.30.2 by @dependabot in #1287
- build(deps): bump google.golang.org/api from 0.183.0 to 0.184.0 by @dependabot in #1285
- build(deps): bump cloud.google.com/go/storage from 1.41.0 to 1.42.0 by @dependabot in #1284
- Populate history for --interactive builds by @jonjohnsonjr in #1289
- chore(autoconf/configure): Generate configuration with autoreconf when configuration doesn't exist by @EyeCantCU in #1290
- Check for nil everywhere in Compile by @jonjohnsonjr in #1292
- stop using deprecated flags for goreleaser by @k4leung4 in #1269
- git-checkout - try harder if getting hash from tag fails. by @smoser in #1277
- build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #1293
- build(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by @dependabot in #1294
- build(deps): bump github.com/chainguard-dev/yam from 0.0.7 to 0.0.8 by @dependabot in #1295
- build(deps): bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 by @dependabot in #1296
- Fix missing commit in ranged subpackages by @jonjohnsonjr in #1304
- melange numpy test include python-3.12 by @pnasrat in #1308
- add go/bump as a default pipeline by @willswire in #1058
- Bump apko to v0.15.0 by @jonjohnsonjr in #1309
New Contributors
- @pnasrat made their first contribution in #1308
- @willswire made their first contribution in #1058
Full Changelog: v0.8.6...v0.9.0
Release v0.8.6
What's Changed
- Remove depth option from git clone if inputs.depth is set to -1 by @dakaneye in #1260
- fix: error out when pipeline contains with but no uses by @krishjainx in #1264
- Add ${{build.goarch}} substitution by @jonjohnsonjr in #1242
- build(deps): bump step-security/harden-runner from 2.8.0 to 2.8.1 by @dependabot in #1266
New Contributors
Full Changelog: v0.8.5...v0.8.6
Release v0.8.5
What's Changed
- go/build: remove subpackage input by @xnox in #1258
- Add a new property to maven pombump pipeline that defaults to pom.xml and allows an override by @krishjainx in #1259
New Contributors
- @krishjainx made their first contribution in #1259
Full Changelog: v0.8.4...v0.8.5
Release v0.8.4
What's Changed
- Add --env-file to melange test by @jonjohnsonjr in #1239
- Speed up presubmit by @jonjohnsonjr in #1240
- Drop version from .PKGINFO by @jonjohnsonjr in #1241
- build(deps): bump docker/login-action from 3.1.0 to 3.2.0 by @dependabot in #1246
- build(deps): bump dagger.io/dagger from 0.11.4 to 0.11.6 by @dependabot in #1248
- build(deps): bump google.golang.org/api from 0.181.0 to 0.182.0 by @dependabot in #1247
- support HTTP auth by @imjasonh in #1250
- build(deps): bump chainguard.dev/apko from 0.14.3 to 0.14.7 by @dependabot in #1249
- build(deps): bump golang.org/x/text from 0.15.0 to 0.16.0 by @dependabot in #1251
- build(deps): bump golang.org/x/sys from 0.20.0 to 0.21.0 by @dependabot in #1252
- build(deps): bump google.golang.org/api from 0.182.0 to 0.183.0 by @dependabot in #1253
- Drop go-apk to pull in faster pkginfo access by @jonjohnsonjr in #1256
- build(deps): bump chainguard.dev/apko from 0.14.8-0.20240605215612-95e33993764a to 0.14.8 by @dependabot in #1257
Full Changelog: v0.8.3...v0.8.4
Release v0.8.3
What's Changed
- Disallow duplicate subpackage names by @jonjohnsonjr in #1237
Full Changelog: v0.8.2...v0.8.3
Release v0.8.2
What's Changed
- build(deps): bump step-security/harden-runner from 2.7.1 to 2.8.0 by @dependabot in #1224
- build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.26.0 to 1.27.0 by @dependabot in #1226
- build(deps): bump actions/checkout from 4.1.4 to 4.1.6 by @dependabot in #1225
- build(deps): bump chainguard.dev/apko from 0.14.2-0.20240516182909-5d04baeb15df to 0.14.3 by @dependabot in #1233
- build(deps): bump gitlab.alpinelinux.org/alpine/go from 0.10.0 to 0.10.1 by @dependabot in #1232
- Replaces priority by @xnox in #1166
Full Changelog: v0.8.1...v0.8.2
Release v0.8.1
What's Changed
- sbom: include external refs for fetched sourcecode in SPDX by @xnox in #1218
- Avoid panic if no external config file ref by @jonjohnsonjr in #1223
Full Changelog: v0.8.0...v0.8.1
Release v0.8.0
What's Changed
Minor Changes
- go.mod: upgrade everything by @xnox in #1215
- build(deps): bump actions/checkout from 4.1.4 to 4.1.6 by @dependabot in #1217
- build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 by @dependabot in #1206
- build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @dependabot in #1205
- Fix typo in README by @jonjohnsonjr in #1220
Full Changelog: v0.7.0...v0.8.0
Release v0.7.0
What's Changed
- Find shbangs to generate depends by @smoser in #1110
- build(deps): bump github.com/sigstore/cosign/v2 from 2.2.3 to 2.2.4 by @dependabot in #1135
- build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #1137
- build(deps): bump github.com/klauspost/compress from 1.17.7 to 1.17.8 by @dependabot in #1138
- build(deps): bump github.com/docker/cli from 26.0.0+incompatible to 26.0.1+incompatible by @dependabot in #1140
- build(deps): bump github.com/docker/docker from 26.0.0+incompatible to 26.0.1+incompatible by @dependabot in #1139
- presubmit: remove gdk-pixbuf by @imjasonh in #1143
- Revert "presubmit: remove gdk-pixbuf" by @imjasonh in #1147
- verify SPDX SBOMs using spdx-tools-java by @imjasonh in #1146
- Fix sca detection case for env with multiple arguments. by @dlorenc in #1148
- Update shbang collection to ignore 'python' and support simple 'env -S'. by @smoser in #1159
- ensure shbang check only checks valid shbangs by @joshrwolf in #1160
- build(deps): bump github.com/docker/cli from 26.0.1+incompatible to 26.0.2+incompatible by @dependabot in #1157
- build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #1149
- build(deps): bump actions/download-artifact from 4.1.4 to 4.1.5 by @dependabot in #1151
- build(deps): bump google.golang.org/api from 0.172.0 to 0.176.1 by @dependabot in #1167
- build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #1150
- build(deps): bump github.com/chainguard-dev/yam from 0.0.3 to 0.0.4 by @dependabot in #1154
- build(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.1.0+incompatible by @dependabot in #1170
- build(deps): bump actions/download-artifact from 4.1.5 to 4.1.6 by @dependabot in #1168
- build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #1169
- build(deps): bump github.com/docker/cli from 26.0.2+incompatible to 26.1.0+incompatible by @dependabot in #1171
- config: allow scriplets in subpackages with range replacements by @xnox in #1165
- Drop -release from pc versions by @jonjohnsonjr in #1173
- fix(cargo): Install all built binaries if output isn't defined by @EyeCantCU in #1174
- sbom: set supplier in addition to originator by @imjasonh in #1184
- Add melange scan by @jonjohnsonjr in #1175
- build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #1176
- build(deps): bump actions/download-artifact from 4.1.6 to 4.1.7 by @dependabot in #1177
- build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in #1178
- build(deps): bump dagger.io/dagger from 0.11.0 to 0.11.2 by @dependabot in #1183
- build(deps): bump go.opentelemetry.io/otel/sdk from 1.25.0 to 1.26.0 by @dependabot in #1182
- build(deps): bump github.com/chainguard-dev/yam from 0.0.4 to 0.0.5 by @dependabot in #1181
- build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.25.0 to 1.26.0 by @dependabot in #1179
- Bump go-apk by @jonjohnsonjr in #1185
- add global --gcplog flag to emit GCP-compatible JSON logs by @imjasonh in #1186
- pipelines/go: add back symbols tables by @xnox in #1142
- Only consider that are in a PATH dir from generateCmdProviders by @smoser in #1164
- Allow symlinks to provide cmd: by @smoser in #1188
- build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.3.0 by @dependabot in #1197
- build(deps): bump step-security/harden-runner from 2.7.0 to 2.7.1 by @dependabot in #1196
- build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #1195
- build(deps): bump google.golang.org/api from 0.176.1 to 0.177.0 by @dependabot in #1194
- build(deps): bump github.com/docker/cli from 26.1.0+incompatible to 26.1.1+incompatible by @dependabot in #1191
- build(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0 by @dependabot in #1192
- build(deps): bump github.com/chainguard-dev/yam from 0.0.5 to 0.0.6 by @dependabot in #1189
- build(deps): bump github.com/docker/docker from 26.1.0+incompatible to 26.1.2+incompatible by @dependabot in #1199
- build(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 by @dependabot in #1193
- Extract
melange sign
to a library by @tcnghia in #1198 - Revert "Allow symlinks to provide cmd:" by @joshrwolf in #1200
- Bump apko by @jonjohnsonjr in #1201
- Make unit tests faster by @jonjohnsonjr in #1202
- Add buildmode to go/build by @jonjohnsonjr in #1210
Full Changelog: v0.6.11...v0.7.0
Release v0.6.11
What's Changed
- Go fips deps by @xnox in #1120
- build(deps): bump google.golang.org/api from 0.171.0 to 0.172.0 by @dependabot in #1117
- build(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 by @dependabot in #1119
- Ensure configuration file is closed by @bored-engineer in #1121
- build(deps): bump cloud.google.com/go/storage from 1.39.1 to 1.40.0 by @dependabot in #1116
- build(deps): bump dagger.io/dagger from 0.10.2 to 0.11.0 by @dependabot in #1124
- cleanup: update docker dep, stop using deprecated method by @k4leung4 in #1125
- build(deps): bump go.opentelemetry.io/otel/sdk from 1.24.0 to 1.25.0 by @dependabot in #1131
- build(deps): bump github.com/chainguard-dev/yam from 0.0.2 to 0.0.3 by @dependabot in #1129
- build(deps): bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.1 by @dependabot in #1130
- build(deps): bump golang.org/x/sys from 0.18.0 to 0.19.0 by @dependabot in #1132
- build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.24.0 to 1.25.0 by @dependabot in #1128
- build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 by @dependabot in #1133
New Contributors
- @bored-engineer made their first contribution in #1121
- @k4leung4 made their first contribution in #1125
Full Changelog: v0.6.10...v0.6.11