Skip to content

🌱 Update Builder Image group #110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jschoone merged 4 commits into from
Nov 19, 2024
Merged

🌱 Update Builder Image group #110

jschoone merged 4 commits into from
Nov 19, 2024

Conversation

@cluster-stack-bot
Copy link
Contributor

@cluster-stack-bot cluster-stack-bot bot commented Apr 1, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
adrienverge/yamllint minor v1.33.0 -> v1.35.1
docker.io/aquasec/trivy (source) stage minor 0.49.0 -> 0.51.3
docker.io/library/alpine stage minor 3.19.1 -> 3.20.0
golangci/golangci-lint minor v1.55.2 -> v1.58.2
lycheeverse/lychee minor v0.14.2 -> v0.15.1

Release Notes

adrienverge/yamllint (adrienverge/yamllint)

v1.35.1

Compare Source

v1.35.0

Compare Source

v1.34.0

Compare Source

aquasecurity/trivy (docker.io/aquasec/trivy)

v0.51.2

Compare Source

Changelog

v0.51.1

Compare Source

Changelog

v0.51.0

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/6622

Changelog

v0.50.4

Compare Source

Note

v0.50.3 hads a critical problem, and we deleted it and released v0.50.4.

Changelog

v0.50.2

Compare Source

Changelog

  • 9aa9e17 ci: use tmp dir inside Trivy repo dir for GoReleaser (#​6533)
  • 058f483 chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#​6526)
  • 9e3d2c5 chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#​6523)
  • 2ad8e33 fix(java): update logic to detect pom.xml file snapshot artifacts from remote repositories (#​6412)

v0.50.1

Compare Source

Changelog

  • 5f69937 fix(sbom): fix error when parent of SPDX Relationships is not a package. (#​6399)
  • 258d153 fix(nodejs): merge Indirect, Dev, ExternalReferences fields for same deps from package-lock.json files v2 or later (#​6356)
  • ade033a docs: add info about support for package license detection in fs/repo modes (#​6381)
  • f85c9fa fix(nodejs): add support for parsing workspaces from package.json as an object (#​6231)
  • 9d7f5c9 fix: use 0600 perms for tmp files for post analyzers (#​6386)
  • f148eb1 fix(helm): scan the subcharts once (#​6382)
  • 97f95c4 docs(terraform): add file patterns for Terraform Plan (#​6393)
  • abd62ae fix(terraform): сhecking SSE encryption algorithm validity (#​6341)
  • 7c409fd fix(java): parse modules from pom.xml files once (#​6312)
  • 1b68327 chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible (#​6364)
  • a2482c1 fix(server): add Locations for Packages in client/server mode (#​6366)
  • e866bd5 fix(sbom): add check for CreationInfo to nil when detecting SPDX created using Trivy (#​6346)
  • 1870f28 fix(report): don't include empty strings in .vulnerabilities[].identifiers[].url when gitlab.tpl is used (#​6348)
  • 6c81e55 chore(ubuntu): Add Ubuntu 22.04 EOL date (#​6371)

v0.50.0

Compare Source

⚡Release highlights and summary⚡

👉 https://github.com/aquasecurity/trivy/discussions/6340

Changelog

  • 8ec3938 chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#​6321)
  • f6c5d58 feat(java): add support licenses and graph for gradle lock files (#​6140)
  • c4022d6 feat(vex): consider root component for relationships (#​6313)
  • 3177924 fix: increase the default buffer size for scanning dpkg status files by 2 times (#​6298)
  • dd9620e chore: updates wazero to v1.7.0 (#​6301)
  • eb3ceb3 feat(sbom): Support license detection for SBOM scan (#​6072)
  • ab74caa refactor(sbom): use intermediate representation for SPDX (#​6310)
  • 71da44f docs(terraform): improve documentation for filtering by inline comments (#​6284)
  • 102b6df fix(terraform): fix policy document retrieval (#​6276)
  • aa19aaf refactor(terraform): remove unused custom error (#​6303)
  • 8fcef35 refactor(sbom): add intermediate representation for BOM (#​6240)
  • fb8c516 fix(amazon): check only major version of AL to find advisories (#​6295)
  • 96bd7ac fix(db): use schema version as tag only for trivy-db and trivy-java-db registries by default (#​6219)
  • 12c5bf0 fix(nodejs): add name validation for package name from package.json (#​6268)
  • d6c40ce docs: Added install instructions for FreeBSD (#​6293)
  • 9d2057a feat(image): customer podman host or socket option (#​6256)
  • 2a9d9bd chore(deps): bump wazero from 1.2.1 to 1.6.0 (#​6290)
  • 617c3e3 feat(java): mark dependencies from maven-invoker-plugin integration tests pom.xml files as Dev (#​6213)
  • 56cedc0 fix(license): reorder logic of how python package licenses are acquired (#​6220)
  • d7d7265 test(terraform): skip cached modules (#​6281)
  • 6639911 feat(secret): Support for detecting Hugging Face Access Tokens (#​6236)
  • 337cb75 fix(cloudformation): support of all SSE algorithms for s3 (#​6270)
  • 9361cdb feat(terraform): Terraform Plan snapshot scanning support (#​6176)
  • ee01e6e chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.4 (#​6249)
  • 3d2f583 fix: typo function name and comment optimization (#​6200)
  • c4b5ab7 fix(java): don't ignore runtime scope for pom.xml files (#​6223)
  • 355c1b5 chore(deps): bump helm/kind-action from 1.8.0 to 1.9.0 (#​6242)
  • 7244ece chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#​6243)
  • 5cd0566 chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.51.1 (#​6251)
  • ebb74a5 chore(deps): bump github.com/hashicorp/go-uuid from 1.0.1 to 1.0.3 (#​6253)
  • 24a8d6a chore(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.0 (#​6250)
  • 9d0d7ad chore(deps): bump github.com/containerd/containerd from 1.7.12 to 1.7.13 (#​6247)
  • e8230e1 chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 (#​6246)
  • 04535b5 fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#​6215)
  • 939e34e chore(deps): Upgrade iac deps (#​6255)
  • 7cb6c02 feat: add info log message about dev deps suppression (#​6211)
  • c1d26ec test(k8s): use test-db for k8s integration tests (#​6222)
  • 4f70468 ci: add maximize-build-space for Test job (#​6221)
  • 1dfece8 fix(terraform): fix root module search (#​6160)
  • e1ea02c test(parser): squash test data for yarn (#​6203)
  • 64926d8 fix(terraform): do not re-expand dynamic blocks (#​6151)
  • eb54bb5 docs: update ecosystem page reporting with db app (#​6201)
  • dc76c6e fix: k8s summary separate infra and user finding results (#​6120)
  • 1b7e474 fix: add context to target finding on k8s table view (#​6099)
  • 876ab84 fix: Printf format err (#​6198)
  • eef7c4f refactor: better integration of the parser into Trivy (#​6183)
  • 069aae5 chore(deps): bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 (#​6189)
  • 4a9ac6d feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#​6108)
  • 9c5e5a0 fix(vex): CSAF filtering should consider relationships (#​5923)
  • 388f476 refactor(report): Replacing source_location in github report when scanning an image (#​5999)
  • cd3e4bc feat(vuln): ignore vulnerabilities by PURL (#​6178)
  • ce81c05 feat(java): add support for fetching packages from repos mentioned in pom.xml (#​6171)
  • cf0f0d0 feat(k8s): rancher rke2 version support (#​5988)
  • 8a3a113 docs: update kbom distribution for scanning (#​6019)
  • 19495ba chore: update CODEOWNERS (#​6173)
  • e787e1a fix(swift): try to use branch to resolve version (#​6168)
  • 327cf88 fix(terraform): ensure consistent path handling across OS (#​6161)
  • 8221473 fix(java): add only valid libs from pom.properties files from jars (#​6164)
  • 7694df1 fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#​6163)
  • 74dc5b6 chore(deps): merge go-dep-parser into Trivy (#​6094)
  • 32a02a9 docs(report): add remark about path to filter licenses using .trivyignore.yaml file (#​6145)
  • fb79ea7 docs: update template path for gitlab-ci tutorial (#​6144)
  • c6844a7 feat(report): support for filtering licenses and secrets via rego policy files (#​6004)
  • a813506 fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#​6113)
  • 14adbb4 refactor(deps): Merge defsec into trivy (#​6109)
  • efe0e0f chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 (#​6142)
  • 73dde32 docs: add SecObserve in CI/CD and reporting (#​6139)
  • aadbad1 fix(alpine): exclude empty licenses for apk packages (#​6130)
  • 14a0981 docs: add docs tutorial on custom policies with rego (#​6104)
  • 3ac6388 fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#​6102)
  • 3c1601b feat(vuln): show suppressed vulnerabilities in table (#​6084)
  • c107e1a docs: rename governance to principles (#​6107)
  • b26f217 docs: add governance (#​6090)
  • 7bd3b63 refactor(deps): Merge trivy-iac into Trivy (#​6005)
  • 535b5a9 feat(java): add dependency location support for gradle files (#​6083)
  • 428420e chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.15.11 to 1.15.15 (#​6038)
  • 7fec991 fix(misconf): get user from Config.User (#​6070)

v0.49.1

Compare Source

Changelog

  • 6ccc0a5 fix: check unescaped BomRef when matching PkgIdentifier (#​6025)
  • 458c5d9 docs: Fix broken link to "pronunciation" (#​6057)
  • 5c0ff6d chore(deps): bump actions/upload-artifact from 3 to 4 (#​6047)
  • e2bd7f7 chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.18.2 (#​6042)
  • f95fbcb chore(deps): bump k8s.io/api from 0.29.0 to 0.29.1 (#​6043)
  • 7651bf5 ci: reduce root-reserve-mb size for maximize-build-space (#​6064)
  • fc20dfd chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 (#​6041)
  • 3bd80e7 chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 (#​6039)
  • 2900a21 fix: fix cursor usage in Redis Clear function (#​6056)
  • 85cb9a7 chore(deps): bump github.com/go-openapi/runtime from 0.26.0 to 0.27.1 (#​6037)
  • 4e962c0 fix(nodejs): add local packages support for pnpm-lock.yaml files (#​6034)
  • aa48a7b chore(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#​6046)
  • 8aabbea chore(deps): bump github.com/go-openapi/strfmt from 0.21.7 to 0.22.0 (#​6044)
  • ec02a65 chore(deps): bump actions/cache from 3.3.2 to 4.0.0 (#​6048)
  • 27d35ba test: fix flaky TestDockerEngine (#​6054)
  • c3a66da chore(deps): bump github.com/google/go-containerregistry from 0.17.0 to 0.19.0 (#​6040)
  • 2000fe2 chore(deps): bump easimon/maximize-build-space from 9 to 10 (#​6049)
  • 2be6421 chore(deps): bump alpine from 3.19.0 to 3.19.1 (#​6051)
  • 41c0ef6 chore(deps): bump github.com/moby/buildkit from 0.11.6 to 0.12.5 (#​6028)
golangci/golangci-lint (golangci/golangci-lint)

v1.58.2

Compare Source

  1. Updated linters
    • canonicalheader: from 1.0.6 to 1.1.1
    • gosec: from 2.19.0 to 2.20.0
    • musttag: from 0.12.1 to 0.12.2
    • nilnil: from 0.1.8 to 0.1.9
  2. Documentation
    • Improve integrations and install pages

v1.58.1

Compare Source

  1. Updated linters
    • tagalign: from 1.3.3 to 1.3.4
    • protogetter: from 0.3.5 to 0.3.6
    • gochecknoinits: fix analyzer name
  2. Fixes
    • Restores previous gihub-actions output format (removes GitHub Action problem matchers)

v1.58.0

Compare Source

  1. New linters
  2. Updated linters
    • copyloopvar: from 1.0.10 to 1.1.0 (ignore-alias is replaced by check-alias with the opposite behavior)
    • decorder: from 0.4.1 to 0.4.2
    • errname: from 0.1.12 to 0.1.13
    • errorlint: from 1.4.8 to 1.5.1 (new options allowed-errors and allowed-errors-wildcard)
    • execinquery: deprecate linter ⚠️
    • gci: from 0.12.3 to 0.13.4 (new section localModule)
    • gocritic: from 0.11.2 to 0.11.3
    • spancheck: from 0.5.3 to 0.6.1
    • goerr113 is replaced by err113 ⚠️
    • gomnd is replaced by mnd ⚠️
    • gomodguard: from 1.3.1 to 1.3.2
    • grouper: from 1.1.1 to 1.1.2
    • intrange: from 0.1.1 to 0.1.2
    • mirror: from 1.1.0 to 1.2.0
    • misspell: from 0.4.1 to 0.5.1
    • musttag: from 0.9.0 to 0.12.1
    • nilnil: from 0.1.7 to 0.1.8
    • nonamedreturns: from 1.0.4 to 1.0.5
    • promlinter: from 0.2.0 to 0.3.0
    • sloglint: from 0.5.0 to 0.6.0
    • unparam: bump to HEAD (063aff9)
    • whitespace: from 0.1.0 to 0.1.1
  3. Enhancements
    • Speed up "fast" linters when only "fast" linters are run: between 40% and 80% faster at first run (i.e. without cache)
  4. Fixes
    • Use version with module plugins
    • Skip go.mod report inside autogenerated processor
    • Keep only typecheck issues when needed
    • Don't hide typecheck errors inside diff processor
  5. Misc.
    • ⚠️ log an error when using previously deprecated linters (Linter Deprecation Cycle)
      • deadcode: deprecated since v1.49.0 (2022-08-23).
      • exhaustivestruct: deprecated since v1.46.0 (2022-05-08).
      • golint: deprecated since v1.41.0 (2021-06-15).
      • ifshort: deprecated since v1.48.0 (2022-08-04).
      • interfacer: deprecated since v1.38.0 (2021-03-03).
      • maligned: deprecated since v1.38.0 (2021-03-03).
      • nosnakecase: deprecated since v1.48.0 (2022-08-04).
      • scopelint: deprecated since v1.39.0 (2021-03-25).
      • structcheck: deprecated since v1.49.0 (2022-08-23).
      • varcheck: deprecated since v1.49.0 (2022-08-23).
    • ⚠️ Deprecate usage of linter alternative names
    • Remove help display on errors with config verify command
    • Add pre-commit hook to run config verify
    • Improve github-action output
  6. Documentation
    • Remove deprecated Atom from Editor Integrations

GitHub Action (v5.1.0) for golangci-lint:

  • supports for pull, pull_request_target, and merge_group events with the option only-new-issues.
  • ️️⚠️ skip-pkg-cache and skip-build-cache have been removed because the cache related to Go itself is already handled by actions/setup-go.
  • with golangci-lint v1.58, the file information (path and position) will be displayed on the log.

v1.57.2

Compare Source

  1. Updated linters
    • contextcheck: from 1.1.4 to 1.1.5
    • copyloopvar: from 1.0.8 to 1.0.10
    • ginkgolinter: from 0.16.1 to 0.16.2
    • goconst: from 1.7.0 to 1.7.1
    • gomoddirectives: from 0.2.3 to 0.2.4
    • intrange: from 0.1.0 to 0.1.1
  2. Misc.
    • Display warnings on deprecated linter options
    • Fix missing colored-tab output format
    • Fix TeamCity inspectionType service message
  3. Documentation
    • Remove invalid example about mixing files and directory
    • Improve linters page

v1.57.1

Compare Source

  1. Fixes
    • Ignore issues with invalid position (e.g. contextcheck).

v1.57.0

Compare Source

  1. New linters
  2. Updated linters
    • dupword: from 0.0.13 to 0.0.14
    • gci: from 0.12.1 to 0.12.3
    • ginkgolinter: from 0.15.2 to 0.16.1 (new option force-expect-to, validate-async-intervals, and forbid-spec-pollution)
    • go-critic: from 0.11.1 to 0.11.2
    • go-critic: support of enable-all and disable-all options
    • go-spancheck: from 0.5.2 to 0.5.3
    • gomodguard: from 1.3.0 to 1.3.1
    • govet: deprecation of check-shadowing ⚠️
    • govet: disable temporarily httpresponse because of a bug https://github.com/golang/go/issues/66259
    • misspell: add extra-words
    • musttag: from 0.8.0 to 0.9.0
    • nakedret: from 2.0.2 to 2.0.4
    • paralleltest: from 1.0.9 to 1.0.10
    • perfsprint: from 0.6.0 to 0.7.1 (new option strconcat)
    • protogetter: from 0.3.4 to 0.3.5
    • revive: add exclude option
    • sloglint: from 0.4.0 to 0.5.0 (new option no-global)
    • staticcheck: from 0.4.6 to 0.4.7
    • testifylint: from 1.1.2 to 1.2.0 (new option bool-compare)
    • unconvert: to HEAD (new options fast-math and safe)
    • wrapcheck: from 2.8.1 to 2.8.3
    • Disable copyloopvar and intrange on Go < 1.22
  3. Enhancements
    • 🧩New custom linters system https://golangci-lint.run/plugins/module-plugins/
    • Allow running only a specific linter without modifying the file configuration (--enable-only)
    • Allow custom sort order for the reports (output.sort-order)
    • Automatically adjust the maximum concurrency to the container CPU quota if run.concurrency=0
    • Add config verify command to check the configuration against the JSON Schema
    • Option to strictly follow Go generated file convention (issues.exclude-generated-strict)
    • Syntax to not override severity from linters (@linter)
    • Use severities from gosec
    • Create automatically directory related to output.formats.path
    • Use the first issue without inline on mergeLineIssues on multiple issues
  4. Misc.
    • ⚠️ Inactivate deprecated linters (deadcode, exhaustivestruct, golint, ifshort, interfacer, maligned, nosnakecase, scopelint, structcheck, varcheck)
    • ⚠️ Deprecated CLI flags have been removed (deprecated since 2018)
    • ⚠️ Move show-stats option from run to output configuration section
    • ⚠️ Replace run.skip-xxx options by issues.exclude-xxx options
    • ⚠️ Replace output.format by output.formats with a new file configuration syntax
    • Internal rewrite of the CLI
    • Improve 'no go files to analyze' message
    • Use GOTOOLCHAIN=auto inside the Docker images
  5. Documentation

Configuration

📅 Schedule: Branch creation - "on the first day of the month" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/csctl-builder-image branch 3 times, most recently from 0433472 to 90d609e Compare April 29, 2024 11:18
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/csctl-builder-image branch 2 times, most recently from bfdb683 to 82d643b Compare May 9, 2024 11:18
@cluster-stack-bot cluster-stack-bot bot force-pushed the renovate/csctl-builder-image branch 3 times, most recently from 71e663b to 750bb88 Compare May 24, 2024 11:20
@cluster-stack-bot
🌱 Update Builder Image group
790fb33 
| datasource  | package                  | from    | to      |
| ----------- | ------------------------ | ------- | ------- |
| github-tags | adrienverge/yamllint     | v1.33.0 | v1.35.1 |
| docker      | docker.io/aquasec/trivy  | 0.49.0  | 0.51.3  |
| docker      | docker.io/library/alpine | 3.19.1  | 3.20.0  |
| github-tags | golangci/golangci-lint   | v1.55.2 | v1.58.2 |
| github-tags | lycheeverse/lychee       | v0.14.2 | v0.15.1 |
@kranurag7 kranurag7 force-pushed the renovate/csctl-builder-image branch from 750bb88 to 790fb33 Compare May 25, 2024 04:10
fix lint warnings
a13d40a 
Signed-off-by: kranurag7 <[email protected]>
@cluster-stack-bot
Copy link
Contributor Author

cluster-stack-bot bot commented May 25, 2024

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@jschoone jschoone merged commit 8ce2eea into main Nov 19, 2024
7 checks passed
@jschoone jschoone deleted the renovate/csctl-builder-image branch November 19, 2024 15:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jschoone jschoone jschoone approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jschoone