Skip to content

Releases: chainguard-dev/melange

Release v0.9.0

18 Jun 21:37
2923188
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v0.8.6...v0.9.0

Release v0.8.6

10 Jun 23:40
b2096d2
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v0.8.5...v0.8.6

Release v0.8.5

06 Jun 17:16
d3ba7ef
Compare
Choose a tag to compare

What's Changed

  • go/build: remove subpackage input by @xnox in #1258
  • Add a new property to maven pombump pipeline that defaults to pom.xml and allows an override by @krishjainx in #1259

New Contributors

Full Changelog: v0.8.4...v0.8.5

Release v0.8.4

05 Jun 23:16
8f10f50
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.8.3...v0.8.4

Release v0.8.3

28 May 23:37
c673c41
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.8.2...v0.8.3

Release v0.8.2

28 May 21:54
427ebb1
Compare
Choose a tag to compare

What's Changed

  • build(deps): bump step-security/harden-runner from 2.7.1 to 2.8.0 by @dependabot in #1224
  • build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.26.0 to 1.27.0 by @dependabot in #1226
  • build(deps): bump actions/checkout from 4.1.4 to 4.1.6 by @dependabot in #1225
  • build(deps): bump chainguard.dev/apko from 0.14.2-0.20240516182909-5d04baeb15df to 0.14.3 by @dependabot in #1233
  • build(deps): bump gitlab.alpinelinux.org/alpine/go from 0.10.0 to 0.10.1 by @dependabot in #1232
  • Replaces priority by @xnox in #1166

Full Changelog: v0.8.1...v0.8.2

Release v0.8.1

22 May 18:21
fbf0b9b
Compare
Choose a tag to compare

What's Changed

  • sbom: include external refs for fetched sourcecode in SPDX by @xnox in #1218
  • Avoid panic if no external config file ref by @jonjohnsonjr in #1223

Full Changelog: v0.8.0...v0.8.1

Release v0.8.0

22 May 13:05
c31490a
Compare
Choose a tag to compare

What's Changed

Minor Changes

Full Changelog: v0.7.0...v0.8.0

Release v0.7.0

14 May 17:30
5cbb58a
Compare
Choose a tag to compare

What's Changed

  • Find shbangs to generate depends by @smoser in #1110
  • build(deps): bump github.com/sigstore/cosign/v2 from 2.2.3 to 2.2.4 by @dependabot in #1135
  • build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #1137
  • build(deps): bump github.com/klauspost/compress from 1.17.7 to 1.17.8 by @dependabot in #1138
  • build(deps): bump github.com/docker/cli from 26.0.0+incompatible to 26.0.1+incompatible by @dependabot in #1140
  • build(deps): bump github.com/docker/docker from 26.0.0+incompatible to 26.0.1+incompatible by @dependabot in #1139
  • presubmit: remove gdk-pixbuf by @imjasonh in #1143
  • Revert "presubmit: remove gdk-pixbuf" by @imjasonh in #1147
  • verify SPDX SBOMs using spdx-tools-java by @imjasonh in #1146
  • Fix sca detection case for env with multiple arguments. by @dlorenc in #1148
  • Update shbang collection to ignore 'python' and support simple 'env -S'. by @smoser in #1159
  • ensure shbang check only checks valid shbangs by @joshrwolf in #1160
  • build(deps): bump github.com/docker/cli from 26.0.1+incompatible to 26.0.2+incompatible by @dependabot in #1157
  • build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #1149
  • build(deps): bump actions/download-artifact from 4.1.4 to 4.1.5 by @dependabot in #1151
  • build(deps): bump google.golang.org/api from 0.172.0 to 0.176.1 by @dependabot in #1167
  • build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #1150
  • build(deps): bump github.com/chainguard-dev/yam from 0.0.3 to 0.0.4 by @dependabot in #1154
  • build(deps): bump github.com/docker/docker from 26.0.1+incompatible to 26.1.0+incompatible by @dependabot in #1170
  • build(deps): bump actions/download-artifact from 4.1.5 to 4.1.6 by @dependabot in #1168
  • build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #1169
  • build(deps): bump github.com/docker/cli from 26.0.2+incompatible to 26.1.0+incompatible by @dependabot in #1171
  • config: allow scriplets in subpackages with range replacements by @xnox in #1165
  • Drop -release from pc versions by @jonjohnsonjr in #1173
  • fix(cargo): Install all built binaries if output isn't defined by @EyeCantCU in #1174
  • sbom: set supplier in addition to originator by @imjasonh in #1184
  • Add melange scan by @jonjohnsonjr in #1175
  • build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #1176
  • build(deps): bump actions/download-artifact from 4.1.6 to 4.1.7 by @dependabot in #1177
  • build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in #1178
  • build(deps): bump dagger.io/dagger from 0.11.0 to 0.11.2 by @dependabot in #1183
  • build(deps): bump go.opentelemetry.io/otel/sdk from 1.25.0 to 1.26.0 by @dependabot in #1182
  • build(deps): bump github.com/chainguard-dev/yam from 0.0.4 to 0.0.5 by @dependabot in #1181
  • build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.25.0 to 1.26.0 by @dependabot in #1179
  • Bump go-apk by @jonjohnsonjr in #1185
  • add global --gcplog flag to emit GCP-compatible JSON logs by @imjasonh in #1186
  • pipelines/go: add back symbols tables by @xnox in #1142
  • Only consider that are in a PATH dir from generateCmdProviders by @smoser in #1164
  • Allow symlinks to provide cmd: by @smoser in #1188
  • build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.3.0 by @dependabot in #1197
  • build(deps): bump step-security/harden-runner from 2.7.0 to 2.7.1 by @dependabot in #1196
  • build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #1195
  • build(deps): bump google.golang.org/api from 0.176.1 to 0.177.0 by @dependabot in #1194
  • build(deps): bump github.com/docker/cli from 26.1.0+incompatible to 26.1.1+incompatible by @dependabot in #1191
  • build(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0 by @dependabot in #1192
  • build(deps): bump github.com/chainguard-dev/yam from 0.0.5 to 0.0.6 by @dependabot in #1189
  • build(deps): bump github.com/docker/docker from 26.1.0+incompatible to 26.1.2+incompatible by @dependabot in #1199
  • build(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 by @dependabot in #1193
  • Extract melange sign to a library by @tcnghia in #1198
  • Revert "Allow symlinks to provide cmd:" by @joshrwolf in #1200
  • Bump apko by @jonjohnsonjr in #1201
  • Make unit tests faster by @jonjohnsonjr in #1202
  • Add buildmode to go/build by @jonjohnsonjr in #1210

Full Changelog: v0.6.11...v0.7.0

Release v0.6.11

08 Apr 20:08
550fae8
Compare
Choose a tag to compare

What's Changed

  • Go fips deps by @xnox in #1120
  • build(deps): bump google.golang.org/api from 0.171.0 to 0.172.0 by @dependabot in #1117
  • build(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 by @dependabot in #1119
  • Ensure configuration file is closed by @bored-engineer in #1121
  • build(deps): bump cloud.google.com/go/storage from 1.39.1 to 1.40.0 by @dependabot in #1116
  • build(deps): bump dagger.io/dagger from 0.10.2 to 0.11.0 by @dependabot in #1124
  • cleanup: update docker dep, stop using deprecated method by @k4leung4 in #1125
  • build(deps): bump go.opentelemetry.io/otel/sdk from 1.24.0 to 1.25.0 by @dependabot in #1131
  • build(deps): bump github.com/chainguard-dev/yam from 0.0.2 to 0.0.3 by @dependabot in #1129
  • build(deps): bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.1 by @dependabot in #1130
  • build(deps): bump golang.org/x/sys from 0.18.0 to 0.19.0 by @dependabot in #1132
  • build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.24.0 to 1.25.0 by @dependabot in #1128
  • build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 by @dependabot in #1133

New Contributors

Full Changelog: v0.6.10...v0.6.11