v0.13.0

Notable Changes

• ⚙️ Can now use Copa as a Buildkit front end
• 🚚 Bulk Image Patching to patch multiple images from a single declarative config!
• 🧩 .NET app-level patching
• 🦎 SUSE distro support

Changelog

• 28c466e feat: add support to SUSE and openSUSE distros with Zypper (#1294)
• 358b2a9 build: update Go base image to 1.25.5-alpine3.23 (#1432)
• babc08e chore: bump github.com/charmbracelet/lipgloss from 0.7.1 to 0.13.1 (#1435)
• e07a778 chore: bump google.golang.org/grpc from 1.77.0 to 1.78.0 (#1434)
• bbb2395 chore: bump qs from 6.14.0 to 6.14.1 in /website (#1431)
• 92d26c1 docs: Revert "docs: add distroless images support documentation" (#1433)
• 95008df docs: add distroless images support documentation (#1430)
• 9697ce8 chore: bump the all group across 1 directory with 7 updates (#1429)
• 153bd4d docs: update link for trivy installation guide (#1426)
• 5c04112 chore: bump k8s.io/apimachinery from 0.34.3 to 0.35.0 (#1427)
• b4d40f4 chore: bump golang.org/x/term from 0.37.0 to 0.38.0 (#1416)
• 5d9a56a feat: Bulk Image Patching (#1235)
• 509008e fix: add registry authentication for platform discovery (#1420)
• 3747056 chore: bump github.com/moby/buildkit from 0.26.2 to 0.26.3 (#1422)
• 71e55d9 feat: improve tui (#1421)
• 1faa7b9 feat: .NET app-level patching (#1106)
• d715e29 chore: bump the all group with 4 updates (#1418)
• e398be5 chore: bump the all group in /website with 2 updates (#1417)
• 8a72242 chore: bump k8s.io/apimachinery from 0.34.2 to 0.34.3 (#1415)
• 1db23ce chore: bump github.com/moby/buildkit from 0.25.2 to 0.26.2 (#1413)
• 41db4e7 chore: bump the all group across 1 directory with 9 updates (#1412)
• a9dbb76 chore: bump the all group in /website with 2 updates (#1410)
• 6e9ca5a chore: bump github.com/spf13/cobra from 1.10.1 to 1.10.2 (#1407)
• e5edca3 chore: bump mdast-util-to-hast from 13.1.0 to 13.2.1 in /website (#1404)
• 83ba211 fix: exit successfully and fix status for up to date images (#1378)
• aa1b163 chore: bump express from 4.21.2 to 4.22.1 in /website (#1403)
• 71f7c30 chore: bump the all group across 1 directory with 9 updates (#1401)
• b2a2000 chore: bump node-forge from 1.3.1 to 1.3.2 in /website (#1400)
• f03e750 feat: add buildkit frontend (#1221)
• fe9c036 chore: bump google.golang.org/grpc from 1.76.0 to 1.77.0 (#1394)
• b852a63 fix: multi-platform url from docker when patching (#1393)
• beeca06 fix: update test images for CVE fixes (#1398)
• 0301e4f docs: add multi-platform patch summary (#1392)
• c17bd47 chore: bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#1389)
• 44ef770 chore: bump the all group with 2 updates (#1385)
• 0a3c3e0 chore: bump @tsconfig/docusaurus from 2.0.5 to 2.0.7 in /website in the all group (#1384)
• bf7e156 chore: bump golang.org/x/term from 0.36.0 to 0.37.0 (#1381)
• 8941fbd chore: bump k8s.io/apimachinery from 0.34.1 to 0.34.2 (#1380)
• 3c518cc fix: Node.js patching introduces new vulnerabilities through transitive dependencies (#1379)
• b611800 chore: bump github.com/docker/docker from 28.5.1+incompatible to 28.5.2+incompatible (#1372)
• df8d3d6 chore: bump github.com/moby/buildkit from 0.25.1 to 0.25.2 (#1376)
• 04fdf4c chore: bump golang.org/x/sync from 0.17.0 to 0.18.0 (#1375)
• 5b60b0e chore: bump github.com/docker/cli from 28.5.1+incompatible to 28.5.2+incompatible (#1374)
• 6536384 chore: bump github.com/containerd/platforms from 1.0.0-rc.1 to 1.0.0-rc.2 (#1373)
• c801779 chore: bump the all group with 3 updates (#1371)
• 565da19 chore: bump github.com/containerd/containerd/v2 from 2.1.4 to 2.1.5 (#1370)
• d00d085 chore: bump github/codeql-action from 4.31.0 to 4.31.2 in the all group (#1368)
• 8925da4 chore: Generate v0.12.x docs (#1362)
• d488649 chore: bump @tsconfig/docusaurus from 2.0.4 to 2.0.5 in /website in the all group (#1367)
• 5d2dcb4 fix: version validation scripts for release tagging (#1364)
• 0c86ad6 fix: Non Zero Exit code for no upgradable packages causes build fail (#1274)
• 599e0ac fix: Trivy fails with "invalid tar header" when scanning Copa-patched images (#1359)
• b742077 chore: bump github.com/quay/claircore from 1.5.44 to 1.5.45 (#1357)
• 4bee93a chore: bump the all group with 4 updates (#1356)
• d48007a fix: platform filtering (#1354)
• eb4f9e4 fix: handle missing OS field in Trivy report (#1353)
• da2b414 docs: fix eol admonition title (#1351)
• b96894f docs: enhance release process documentation (#1350)
• 7a3dc8e chore: bump the all group with 4 updates (#1347)
• afbaee7 chore: bump the all group in /website with 3 updates (#1348)

v0.12.0

Notable Changes

• 🧩 Experimental App-level Patching: Now supports Python and Node.js applications!
• 🐳 Docker Build Integration: Use the new generate command to patch images. This provides support for any Docker CLI flags.
• 📁 Local Output for Multi-Platform Patching: Added support for the --oci-dir flag to store patched artifacts locally when performing multi-platform patching.
• 🛠️ Enhanced End-of-Life (EOL) Checks: Improved support through --exit-on-eol and --eol-api-url flags for customizable EOL validation.

Changelog

• 5b7b435 chore: cherry pick fixes for v0.12.0 and final release (#1366)
• 3efb1aa chore: cherry pick fixes for v0.12.0 rc3 (#1360)
• 134fbc1 chore: cherry pick fixes for v0.12.0 rc2 (#1355)

v0.12.0-rc.3

Notable Changes

• 🧩 Experimental App-level Patching: Now supports Python and Node.js applications!
• 🐳 Docker Build Integration: Use the new generate command to patch images. This provides support for any Docker CLI flags.
• 📁 Local Output for Multi-Platform Patching: Added support for the --oci-dir flag to store patched artifacts locally when performing multi-platform patching.
• 🛠️ Enhanced End-of-Life (EOL) Checks: Improved support through --exit-on-eol and --eol-api-url flags for customizable EOL validation.

Changelog

• 74d57ca Merge branch 'release-0.12' of github.com:project-copacetic/copacetic into release-0.12
• 3efb1aa chore: cherry pick fixes for v0.12.0 rc3 (#1360)

v0.12.0-rc.2

Notable Changes

• 🧩 Experimental App-level Patching: Now supports Python and Node.js applications!
• 🐳 Docker Build Integration: Use the new generate command to patch images. This provides support for any Docker CLI flags.
• 📁 Local Output for Multi-Platform Patching: Added support for the --oci-dir flag to store patched artifacts locally when performing multi-platform patching.
• 🛠️ Enhanced End-of-Life (EOL) Checks: Improved support through --exit-on-eol and --eol-api-url flags for customizable EOL validation.

Changelog

• 6aba8cd Merge branch 'release-0.12' of github.com:project-copacetic/copacetic into release-0.12
• 134fbc1 chore: cherry pick fixes for v0.12.0 rc2 (#1355)
• 17017ff fix: handle missing OS field in Trivy report (#1353)
• c70a108 fix: platform filtering (#1354)

v0.12.0-rc.1

Notable Changes

• 🧩 Experimental App-level Patching: Now supports Python and Node.js applications!
• 🐳 Docker Build Integration: Use the new generate command to patch images. This provides support for any Docker CLI flags.
• 📁 Local Output for Multi-Platform Patching: Added support for the --oci-dir flag to store patched artifacts locally when performing multi-platform patching.
• 🛠️ Enhanced End-of-Life (EOL) Checks: Improved support through --exit-on-eol and --eol-api-url flags for customizable EOL validation.

New Contributors

• @acortelyou made their first contribution in #1253
• @Mossaka made their first contribution in #1276
• @yashgoyal0110 made their first contribution in #1324
• @koksay made their first contribution in #1334

Changelog

• ff6330d fix: add version validation and improve release workflow (#1346)
• 757401a feat: add nodejs patching (#1090)
• e7023b4 chore: Implement automatic release branch creation in GitHub workflow (#1207)
• 156b24f fix: multiplatform emulation failure (#1279)
• 6638dd2 chore: bump google.golang.org/grpc from 1.75.1 to 1.76.0 (#1341)
• 4c8ee71 chore: bump github.com/aquasecurity/trivy from 0.66.0 to 0.67.2 (#1340)
• f9144f3 chore: bump github.com/docker/docker from 28.5.0+incompatible to 28.5.1+incompatible (#1339)
• 926b6b7 chore: bump github.com/docker/cli from 28.4.0+incompatible to 28.5.1+incompatible (#1338)
• 4ec04b5 fix: Inaccurate message for multi-platform patching (#1325)
• 7d33062 feat: group dependabot upgrades (#1335)
• 8999d0d chore: bump the all group with 2 updates (#1337)
• 2b547e6 chore: bump golang.org/x/term from 0.35.0 to 0.36.0 (#1336)
• 485f816 chore: bump github.com/moby/buildkit from 0.24.0 to 0.25.0 (#1330)
• 2667594 chore: bump github.com/docker/docker from 28.4.0+incompatible to 28.5.0+incompatible (#1328)
• ecf0d97 chore(ci): update github runners to oci gh arc runners (#1334)
• ea08432 chore: bump the all group across 1 directory with 6 updates (#1333)
• 19cdcd0 feat: cli hint for renabling emulation (#1324)
• 74171f2 feat: Extend multi platform support for local patching (rebased) (#1321)
• 13198fb feat: add generate command (#1212)
• 8cb4a5c feat: full image references support with --tag (#1322)
• af8b72e chore: bump the all group in /website with 5 updates (#1329)
• ea88e8e chore: bump github.com/quay/claircore from 1.5.43 to 1.5.44 (#1326)
• 02ea0f4 feat: Implement EOL reporting improvements: retry logic, configurable URL, and exit-on-EOL flag (#1247)
• a28f98b chore: bump github.com/openvex/go-vex from 0.2.5 to 0.2.7 (#1312)
• 9393394 chore: bump the all group in /website with 3 updates (#1317)
• 2ec64de chore: bump github.com/quay/claircore from 1.5.39 to 1.5.42 (#1311)
• 41342e7 chore: bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1310)
• 466a2df chore: bump google.golang.org/grpc from 1.75.0 to 1.75.1 (#1313)
• 9c85335 chore: bump the all group with 4 updates (#1318)
• 1190f66 feat: langmgr and python (#1091)
• 4f51759 chore: bump k8s.io/apimachinery from 0.34.0 to 0.34.1 (#1309)
• 0eae577 fix: get platform for rpm tooling image (#1275)
• 3c2c6f6 chore: update openvex dependency to v0.2.6 (#1308)
• b67603e chore: bump github.com/spf13/viper from 1.20.1 to 1.21.0 (#1300)
• 6e81904 chore: remove ignore errors for cbl mariner imgs and ignore CVE-2025-3576 (#1306)
• ad024a8 docs: update tsg with lower than required error (#1307)
• 86abb23 chore: bump the all group across 1 directory with 3 updates (#1305)
• dc0d96e chore: bump github.com/stretchr/testify from 1.11.0 to 1.11.1 (#1298)
• 6365768 chore: bump golang.org/x/sync from 0.16.0 to 0.17.0 (#1296)
• c89ff08 chore: bump github.com/docker/cli from 28.3.3+incompatible to 28.4.0+incompatible (#1297)
• a437373 fix: update ignoreErrors to true for Mariner images (#1304)
• f6ef287 docs: modify release docs for more accurate flow (#1250)
• 1a36a9c fix: add fallback for baseImage not found (#1280)
• a8f6e48 fix: create new context for local descriptor lookup (#1295)
• 655f33f chore: bump the all group with 7 updates (#1292)
• 1133081 chore: bump k8s.io/apimachinery from 0.33.4 to 0.34.0 (#1291)
• a69f6a4 chore: bump github.com/docker/docker from 28.3.3+incompatible to 28.4.0+incompatible (#1290)
• 8eb0b06 chore: bump the all group in /website with 2 updates (#1289)
• e69acc6 chore: bump github.com/aquasecurity/trivy from 0.65.0 to 0.66.0 (#1288)
• a7a93f0 chore: bump github.com/docker/buildx from 0.25.0 to 0.28.0 (#1286)
• 0f5ac8e docs: add --image-src to trivy (#1282)
• 3974d9c test: add more unit tests to bump up the test coverage (#1278)
• f706c91 test: Daily Test Coverage Improver: Add comprehensive tests for pkg/types and pkg/utils (#1276)
• bd2116c chore: bump the all group with 2 updates (#1270)
• b87f7b3 chore: bump google.golang.org/grpc from 1.74.2 to 1.75.0 (#1269)
• c631581 chore: bump github.com/stretchr/testify from 1.10.0 to 1.11.0 (#1267)
• 84ba0de ci: add copilot instructions (#1225)
• 6ab6bc4 chore: bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 (#1264)
• 3b53ec4 chore: bump the all group across 1 directory with 2 updates (#1261)
• 9969375 chore: bump k8s.io/apimachinery from 0.33.3 to 0.33.4 (#1259)
• 825451c feat: add gotestsum to workflows (#1257)
• 32d19f4 fix: unit test bug for mac env (#1234)
• 3f1821a chore: bump the all group across 1 directory with 6 updates (#1258)
• e61b53e fix: make GetUniqueLatestUpdates deterministic (#1253)
• 81171db fix: debian tooling image missing platforms (#1256)

Full Changelog: v0.11.1...v0.12.0-rc.1

v0.11.1

Changelog

• 9082d32 fix: os version format in tdnf install (#1215)
• e18304c feat: Add Parsable format for buildkit progress output within Copa (#1238)
• fb6b525 chore: bump docker/login-action from 3.4.0 to 3.5.0 in the all group across 1 directory (#1245)
• 526f809 chore: bump github.com/aquasecurity/trivy from 0.64.1 to 0.65.0 (#1244)
• 31af111 chore: bump github.com/docker/cli from 28.3.2+incompatible to 28.3.3+incompatible (#1242)
• 782572f chore: bump typescript from 5.8.3 to 5.9.2 in /website in the all group (#1241)
• 228dd2f chore: bump github/codeql-action from 3.29.4 to 3.29.5 in the all group (#1240)
• e5d2748 feat: modularize patching logic (#1228)
• 9b5f0f6 ci: Fix osv-scanner config: replace [[ignore]] with [[IgnoredVulns]] (#1214)
• cb40f84 fix: Get host platform info in single arch integration test (#1197)
• 0943c57 fix: Add actionable logs and improve UX after buildkit endpoint checks are exhausted (#1186)
• 877400f chore: bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible (#1233)
• ae3792d chore: bump the all group in /website with 3 updates (#1231)
• 4f133cf chore: bump google.golang.org/grpc from 1.73.0 to 1.74.2 (#1229)
• 0e8c868 chore: add robbie to codeowners (#1226)
• 36ac193 fix: add almalinux to pkgmanager os type check (#1220)
• 3ca6acf fix: set azurelinux base image tag (#1216)
• f2947d9 chore: bump k8s.io/apimachinery from 0.33.2 to 0.33.3 (#1217)
• 914ee38 chore: bump golang.org/x/sync from 0.15.0 to 0.16.0 (#1205)
• 928dac0 chore: bump github.com/docker/cli from 28.3.1+incompatible to 28.3.2+incompatible (#1204)
• abca618 chore: bump github.com/cpuguy83/go-docker from 0.3.1 to 0.4.0 (#1203)
• dbbd441 chore: bump github.com/docker/docker from 28.3.1+incompatible to 28.3.2+incompatible (#1202)
• 2faa1d4 chore: bump the all group across 1 directory with 3 updates (#1224)
• eedf86f chore: Exempt good first issues from getting stale (#1219)
• df90afb chore: remove fluentbit eol img from tests (#1222)
• 25e58fc fix: Fix landing page dark mode (#1210)
• 143697e fix: Remove excessive token permissions (#1172)
• c0aeadd feat: Add landing page to copa docs (#1206)
• d31d44d chore: bump dotenv from 17.0.1 to 17.2.0 in /website in the all group (#1201)
• 0c629d1 chore: add Robbie Cronin to maintainers (#1200)
• 7060ba6 docs: optimize docs (#1189)
• 3a9d207 feat: patch non-host alpine (#1194)
• 3ede94c feat: add riscv64 to validPlatforms (#1199)
• 514b0f6 chore: bump github.com/docker/cli from 28.3.0+incompatible to 28.3.1+incompatible (#1192)
• 3ed8125 chore: bump github.com/docker/docker from 28.3.0+incompatible to 28.3.1+incompatible (#1191)
• 27960c7 chore: bump github.com/aquasecurity/trivy from 0.64.0 to 0.64.1 (#1190)
• 03523bd docs: update tradeoffs section to reflect scanner independence (#818) (#888)
• b89e7be chore: Generate v0.11.x docs (#1182)
• b3ffe3a docs: add Devtron to adopters list (#1163)
• 529bf86 feat: Add stale bot (#1180)

v0.11.0

Notable Changes

• 📦 Copa now supports multi-platform patching!
• 🦭 Support for buildkit instance running on podman
• 🧩 Support for OCI Media Types in addition to Docker

Changelog

• 15ced60 feat: support update all for multi platform patching (#1141)
• c990ce8 chore(security): ignore irrelevant vulnerabilities in osv-scanner.toml (#1177)
• d49d655 fix: Revert "chore: bump cbl-mariner/distroless/base from 2.0.20240112 to 2.0.20250602 in /integration/singlearch/fixtures/openssl-test-img-rpm" (#1173)
• 9ba82fc chore: bump the all group across 1 directory with 2 updates (#1174)
• bb3afac chore: bump dotenv from 17.0.0 to 17.0.1 in /website in the all group (#1170)
• c6568e7 chore: bump github.com/aquasecurity/trivy from 0.63.0 to 0.64.0 (#1169)
• 72904a4 chore: bump github.com/moby/buildkit from 0.23.1 to 0.23.2 (#1168)
• 3513093 chore: bump cbl-mariner/distroless/base from 2.0.20240112 to 2.0.20250602 in /integration/singlearch/fixtures/openssl-test-img-rpm (#1165)
• 26faaa5 ci: [StepSecurity] Apply security best practices (#1156)
• 20d5b6f fix: retain multiplatform manifest list annotations (#1120)
• 4533dc6 docs: add openssf best practices badge (#1157)
• e9da0ea feat: enhance multi platform summary report (#1123)
• 59d16ba chore: bump github.com/cpuguy83/go-docker from 0.3.0 to 0.3.1 (#1148)
• af11c14 chore: bump the all group with 2 updates (#1147)
• 8b65f29 chore: bump github.com/docker/cli from 28.2.2+incompatible to 28.3.0+incompatible (#1146)
• 7ffde2a chore: bump github.com/docker/docker from 28.2.2+incompatible to 28.3.0+incompatible (#1145)
• d7f0d63 chore: bump dotenv from 16.5.0 to 17.0.0 in /website in the all group (#1144)
• 0353afa chore: bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (#1142)
• 8dc0e18 docs: update release doc to include cncf guidance (#1066)
• 6a0f03c fix: handle docker load generically (#1059)
• b4488bf docs: Update ADOPTERS.md to link to official adopters webpage (#1140)
• bcd4a41 fix: ensure tooling image is tried with platform (#1134)
• 0f3e14b docs: improve multiplatform docs (#1129)
• a0ede72 fix: preseve all platforms in manifest (#1121)
• e40e73d chore: bump k8s.io/apimachinery from 0.33.1 to 0.33.2 (#1126)
• 384ce30 chore: bump github.com/moby/buildkit from 0.22.0 to 0.23.1 (#1125)
• 98f4b8d chore: bump github.com/docker/buildx from 0.24.0 to 0.25.0 (#1124)
• 1d8182d feat: add multiplatform e2e plugin test (#1114)
• 936e5ee docs: Add Search to website using Algolia (#1082)
• d59dc84 chore: bump brace-expansion from 1.1.11 to 1.1.12 in /website (#1118)
• de8cc86 chore: bump the all group with 3 updates (#1117)
• 6f82a2b chore: bump github.com/quay/claircore from 1.5.38 to 1.5.39 (#1116)
• 3554dd4 chore: bump github.com/google/go-containerregistry from 0.20.5 to 0.20.6 (#1115)
• 980a86a feat: Add Multi Arch Enhancements (#1098)
• 0cb1e36 fix: remove directory and platform-specific-errors args from multi platform (#1105)
• ec81db9 chore: bump google.golang.org/grpc from 1.72.2 to 1.73.0 (#1102)
• 22d2dfb chore: bump the all group with 2 updates (#1103)
• c7b7620 chore: bump golang.org/x/sync from 0.14.0 to 0.15.0 (#1100)
• 81e2984 chore: bump github.com/quay/claircore from 1.5.37 to 1.5.38 (#1099)
• abc8a2d chore: bump the all group in /website with 3 updates (#1101)
• c8c5df7 feat: Add native v1alpha1 report support (#1079)
• f194e33 fix: run go mod tidy (#1089)
• 96b5f22 feat: add multiarch patching workflow changes (#1067)
• 5de655e chore: bump ossf/scorecard-action from 2.4.1 to 2.4.2 in the all group (#1088)
• d9a2b22 chore: bump the all group in /website with 3 updates (#1087)
• c4652e3 chore: bump github.com/aquasecurity/trivy from 0.62.1 to 0.63.0 (#1085)
• 08de1fe chore: bump github.com/docker/cli from 28.1.1+incompatible to 28.2.2+incompatible (#1084)
• 5cb0072 fix: add shorthand flag for report-dir (#1081)
• b23909e docs: Add Governance Documentation (#1056)
• 476bf93 docs: add contributor ladder (#1052)
• 976af1c feat: Improve EOL Logging (#1069)
• 4ce713b docs: consistent community docs (#1078)
• 2461712 chore: bump github.com/docker/buildx from 0.23.0 to 0.24.0 (#1076)
• e826c73 chore: bump google.golang.org/grpc from 1.72.1 to 1.72.2 (#1075)
• f03e9b6 chore: bump github.com/google/go-containerregistry from 0.20.3 to 0.20.5 (#1074)
• c13b260 chore: bump github.com/moby/buildkit from 0.21.1 to 0.22.0 (#1073)
• 65af385 docs: Keep FAQ headings consistent (#1062)
• c514838 docs: Clarify no VEX Document generation with update all (#1055)
• c83e230 feat: add multi arch command changes (#1009)
• 22714f0 chore: bump the all group with 4 updates (#1065)
• 0791d0d chore: bump k8s.io/apimachinery from 0.33.0 to 0.33.1 (#1064)
• 51540fd chore: bump google.golang.org/grpc from 1.72.0 to 1.72.1 (#1063)
• d134be6 chore: Add some tests for buildx context support (#1057)
• 2b1b860 chore: bump github.com/aquasecurity/trivy from 0.61.1 to 0.62.1 (#1050)
• 6527c0d chore: bump golang.org/x/sync from 0.13.0 to 0.14.0 (#1049)
• 8971c34 fix: Debian temprootfs (#997)
• 683fe61 chore: Fix some issues with docker and buildx connections (#1053)
• 088581a fix: oci media type should be respected (#949)
• 51d2f93 chore: bump the all group with 2 updates (#1051)
• aeadfd4 fix: upgrade golangci-lint to v2.1.0 (#1045)
• 7aaade6 chore: bump the all group with 3 updates (#1043)
• b133904 chore: bump github.com/quay/claircore from 1.5.36 to 1.5.37 (#1042)
• b556d47 chore: bump github.com/moby/buildkit from 0.21.0 to 0.21.1 (#1040)
• 64eea74 fix: guard against error buildkit solve (#1037)
• 4acc8bb chore: bump the all group with 2 updates (#1032)
• ae6a236 chore: bump github.com/docker/buildx from 0.22.0 to 0.23.0 (#1030)
• 1114d38 chore: bump github.com/docker/cli from 28.0.4+incompatible to 28.1.1+incompatible (#1029)
• 5a92c7a chore: bump github.com/docker/docker from 28.0.4+incompatible to 28.1.1+incompatible (#1028)
• bab90f9 fix: apt apk images fail tooling images missing (#985)
• efaf4ac fix: ignore shadow cves for integration test (#1027)
• d40cc92 feat: add push images on patch flag (#1004)
• 3450998 chore: bump the all group across 1 directory with 3 updates (#1025)
• 4e06b3e chore: bump github.com/quay/claircore from 1.5.35 to 1.5.36 (#1023)
• f8611f5 chore: bump google.golang.org/grpc from 1.71.1 to 1.72.0 (#1021)
• 7295d74 chore: bump github.com/moby/buildkit from 0.20.2 to 0.21.0 (#1020)
• 4249b87 chore: bump github.com/aquasecurity/trivy from 0.61.0 to 0.61.1 (#1019)
• 7bb6f12 feat: Discover Platforms Utility (#1017)
• 17087bb chore: bump http-proxy-middleware from 2.0.7 to 2.0.9 in /website (#1024)
• 4f277eb chore: bump golang.org/x/net from 0.37.0 to 0.38.0 (#1018)
• 0c56944...

v0.10.0

Notable Changes

• 🎨 Copa now supports patching Alma Linux Images!

Changelog

• 9863cf3 fix: openvex report oci id bug (#928)
• 357e9d1 fix: warn if output file specified without vuln report (#942)
• 14ae316 ci: temp rootfs rpm integration test (#924)
• 532e528 chore: bump docker/setup-qemu-action from 3.5.0 to 3.6.0 in the all group (#941)
• 19f3f18 chore: bump typescript from 5.7.3 to 5.8.2 in /website in the all group (#940)
• 480d7e3 fix: formatting fix for rpm temprootfs changes (#936)
• dc1af44 ci: [StepSecurity] Apply security best practices (#933)
• af8ef1e feat: log for held packages (#938)
• 10b662d fix: autoremove without user confirmation (#934)
• 9d60d9b chore: bump the all group across 1 directory with 5 updates (#935)
• 469c479 chore: update golangci-lint version (#930)
• d13288e chore: bump the all group with 5 updates (#925)
• 09b2ad8 chore: bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#920)
• 3e58437 chore: bump github.com/quay/claircore from 1.5.34 to 1.5.35 (#921)
• e015d41 chore: bump the all group with 2 updates (#919)
• e26b861 chore: dep bumps (#918)
• 91f9dde chore: bump the all group across 1 directory with 5 updates (#917)
• 58178f4 chore: bump serialize-javascript from 6.0.1 to 6.0.2 in /website (#915)
• a9085a3 chore: bump github.com/docker/cli from 27.4.1+incompatible to 27.5.1+incompatible (#901)
• f2fb422 fix: use temp rootfs for rpm install to preserve original image configs (#908)
• cef0b70 ci: bump trivy and buildkit version for test (#911)
• 7440b68 chore: bump github/codeql-action from 3.28.5 to 3.28.8 in the all group (#909)
• 2c78bc8 feat: Add Alma Linux Support (#905)
• 6158866 chore: bump the all group across 1 directory with 7 updates (#902)
• 74381d3 chore: bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 (#893)
• 33e2592 chore: bump google.golang.org/grpc from 1.69.2 to 1.69.4 (#892)
• eac4607 chore: bump github.com/quay/claircore from 1.5.33 to 1.5.34 (#891)
• a50014f chore: bump the all group with 4 updates (#890)
• fe53cbb chore: bump typescript from 5.7.2 to 5.7.3 in /website in the all group (#889)
• 13b4f70 chore: bump the all group in /website with 3 updates (#887)
• 252a358 chore: bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 in the all group (#884)
• 26d7d61 chore: bump github.com/docker/cli from 27.4.0+incompatible to 27.4.1+incompatible (#883)
• ff92360 chore: bump github.com/moby/buildkit from 0.18.1 to 0.18.2 (#882)
• dc798a7 chore: bump github.com/docker/buildx from 0.19.2 to 0.19.3 (#881)
• 2cd92a4 chore: bump google.golang.org/grpc from 1.68.1 to 1.69.2 (#879)
• 00612db chore: bump the all group across 1 directory with 6 updates (#880)
• b7d645b chore: bump github.com/docker/buildx from 0.19.1 to 0.19.2 (#873)
• 45b8e25 chore: bump prism-react-renderer from 2.4.0 to 2.4.1 in /website in the all group (#872)
• 14025d4 chore: bump nanoid from 3.3.7 to 3.3.8 in /website (#871)
• daacfdd chore: bump golang.org/x/crypto from 0.28.0 to 0.31.0 (#870)
• 56c1294 chore: bump github.com/docker/cli from 27.4.0-rc.2+incompatible to 27.4.0+incompatible (#865)
• 51a116f chore: bump google.golang.org/grpc from 1.68.0 to 1.68.1 (#864)
• fae2fa4 chore: bump golang.org/x/sync from 0.9.0 to 0.10.0 (#861)
• 0a4fd1e chore: bump github.com/moby/buildkit from 0.18.0 to 0.18.1 (#860)
• 4dfc1b6 chore: bump the all group in /website with 2 updates (#859)
• 2423c54 chore: bump the all group with 3 updates (#858)
• ddd8edd docs: fix trailing comma in json (#855)
• 160c0aa chore: bump github.com/docker/buildx from 0.18.0 to 0.19.1 (#852)
• 3fe9032 chore: bump k8s.io/apimachinery from 0.31.2 to 0.31.3 (#849)
• ea06631 chore: bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#848)
• ab5ab88 chore: bump github.com/moby/buildkit from 0.17.1 to 0.17.2 (#847)
• 722590d chore: bump the all group in /website with 4 updates (#846)
• 152e931 chore: bump the all group with 4 updates (#845)
• dc44f2a chore: bump the all group across 1 directory with 3 updates (#843)
• c6c452d chore: bump cross-spawn from 7.0.3 to 7.0.6 in /website (#841)
• 4e7ad9a chore: bump github.com/aquasecurity/trivy from 0.57.0 to 0.57.1 (#840)
• 3f897a1 chore: bump the all group across 1 directory with 2 updates (#838)
• c48fc0c chore: bump golang.org/x/sync from 0.8.0 to 0.9.0 (#831)
• fa22765 chore: bump github.com/docker/buildx from 0.17.1 to 0.18.0 (#824)
• 64e2864 chore: bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#832)
• 4fcacbe chore: bump github.com/quay/claircore from 1.5.32 to 1.5.33 (#833)
• 44be645 chore: bump the all group in /website with 3 updates (#835)
• 2690732 chore: bump the all group across 1 directory with 2 updates (#827)
• 16b8fb1 chore: bump github.com/aquasecurity/trivy from 0.56.2 to 0.57.0 (#822)
• d95c802 ci: classify gen docs as blocking (#826)
• 6f6cbd2 docs: add lower than required package error (#420)
• 0b886eb docs: update installation.md (#820)
• daa58ee chore: bump the all group in /website with 3 updates (#821)
• 6b1e6f3 chore: Generate v0.9.x docs (#819)

v0.9.0

Notable Changes

• 🐧 Copa now supports patching Azure Linux 3 based images!

Changelog

• ec1921f chore: bump k8s.io/apimachinery from 0.31.1 to 0.31.2 (#817)
• fcf1f10 chore: bump the all group with 7 updates (#816)
• cdee476 feat: azure linux 3 support (#815)
• 6dd5b5e chore: Replaced apt with apt-get (#804)
• ee516e0 chore: bump http-proxy-middleware from 2.0.6 to 2.0.7 in /website (#814)
• e5f901b chore: bump anchore/sbom-action from 0.17.3 to 0.17.4 in the all group (#811)
• 05401b8 chore: bump @mdx-js/react from 3.0.1 to 3.1.0 in /website in the all group (#812)
• 973c6d2 chore: bump the all group with 4 updates (#805)
• aec1c59 chore: bump github.com/aquasecurity/trivy from 0.56.1 to 0.56.2 (#808)
• ce0e1dd chore: bump typescript from 5.6.2 to 5.6.3 in /website in the all group (#807)
• 2315670 docs: add documentation for dependabot and copa (#801)
• d8de178 docs: Add doc for scanners that report individual layers (#803)
• 68e61c0 chore: bump github.com/quay/claircore from 1.5.31 to 1.5.32 (#798)
• c4d6e82 chore: bump the all group across 1 directory with 8 updates (#800)
• b15487e chore: bump google.golang.org/grpc from 1.67.0 to 1.67.1 (#797)
• d475e6b chore: bump github.com/aquasecurity/trivy from 0.55.2 to 0.56.1 (#796)
• 41249bb chore: bump the all group across 1 directory with 4 updates (#792)
• 1b18be6 chore: bump github.com/aquasecurity/trivy from 0.55.1 to 0.55.2 (#785)
• 40a6847 chore: bump github.com/cpuguy83/dockercfg from 0.3.1 to 0.3.2 (#789)
• cb59080 chore: bump google.golang.org/grpc from 1.66.2 to 1.67.0 (#784)
• ad0f004 chore: bump github.com/quay/claircore from 1.5.30 to 1.5.31 (#783)
• b496255 chore: bump github.com/docker/cli from 27.2.2-0.20240913085431-48a2cdff970d+incompatible to 27.3.1+incompatible (#782)
• 616bccf chore: bump github.com/open-policy-agent/opa from 0.67.1 to 0.68.0 (#781)
• b561d78 chore: bump k8s.io/apimachinery from 0.31.0 to 0.31.1 (#779)
• 2688695 chore: bump google.golang.org/grpc from 1.66.0 to 1.66.2 (#778)
• fa4cdcc chore: bump github.com/aquasecurity/trivy from 0.55.0 to 0.55.1 (#777)
• c10027d chore: bump github.com/docker/buildx from 0.16.2 to 0.17.1 (#776)
• 68ed18a chore: bump typescript from 5.5.4 to 5.6.2 in /website in the all group (#775)
• aafd39a chore: bump the all group with 3 updates (#774)
• d3ec17e fix: copa extension release img tag (#772)
• deba107 chore: bump express from 4.19.2 to 4.21.0 in /website (#771)
• 5cc37ee chore: bump peter-evans/create-pull-request from 6.1.0 to 7.0.1 in the all group (#768)
• 4387e24 chore: Generate v0.8.x docs (#770)

v0.8.0

Notable Changes

• 🪡 Copa now creates a single patch layer on subsequent patches of an already patched image instead of appending a patch layer for each patch! See FAQ for more information.
• 🔮 Oracle Linux is now supported for updating without vulnerability scanner reports. This will update all dependencies, including vulnerable packages. See documentation for more information.

Shoutouts ❤️

• 🎉 Shoutout to @thelinuxfoundation intern @MiahaCybersec for many contributions to Copa!
• 🎊 Shoutout to @microsoft intern @jgrer for contributing Copa Docker Desktop extension!

Changelog

• 06eefb9 chore: bump github.com/docker/cli from 27.2.0+incompatible to 27.2.1+incompatible (#767)
• 88a81ba chore: bump github.com/quay/claircore from 1.5.29 to 1.5.30 (#765)
• a055b43 chore: bump github.com/aquasecurity/trivy from 0.54.1 to 0.55.0 (#766)
• f32017a chore: bump google.golang.org/grpc from 1.65.0 to 1.66.0 (#760)
• 84b1f92 chore: bump github.com/docker/cli from 27.1.2+incompatible to 27.2.0+incompatible (#759)
• 380087f chore: bump prism-react-renderer from 2.3.1 to 2.4.0 in /website in the all group (#758)
• dd52ce1 chore: bump the all group with 2 updates (#757)
• b827cb9 feat: skip install tools cmd (#741)
• 5f61ade chore: bump webpack from 5.91.0 to 5.94.0 in /website (#755)
• 7b26e85 ci: build and push copa-extension image on release (#726)
• e353f70 docs: remove broken FOSSA status link (#742)
• 9e31777 chore: bump micromatch from 4.0.5 to 4.0.8 in /website (#754)
• bc2ca54 chore: bump the all group with 2 updates (#753)
• 77290f4 chore: bump github.com/quay/claircore from 1.5.25 to 1.5.29 (#752)
• 894500c docs: Add additional way to signoff commits (#751)
• 0990908 docs: add tooling image versioning docs (#736)
• a284d8b ci: Unblock trivy dependency updates (#750)
• 10fd0c7 chore: bump github/codeql-action from 3.26.1 to 3.26.3 in the all group across 1 directory (#749)
• e396f6b chore: bump github.com/moby/buildkit from 0.15.1 to 0.15.2 (#746)
• b702238 chore: bump github.com/docker/cli from 27.1.1+incompatible to 27.1.2+incompatible (#748)
• d118daa chore: bump k8s.io/apimachinery from 0.30.3 to 0.31.0 (#747)
• 9e83f83 docs: remove outdated todo comments (#743)
• f0cb34a test: increase code coverage (#704)
• 44cc2ad chore: bump the all group across 1 directory with 4 updates (#740)
• bd7f980 chore: bump the all group across 1 directory with 3 updates (#739)
• 3c38005 chore: bump github.com/docker/docker from 27.1.0+incompatible to 27.1.1+incompatible (#737)
• d441937 chore: bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 (#733)
• 9401e88 chore: bump golang.org/x/sync from 0.7.0 to 0.8.0 (#730)
• d453ba9 chore: bump the all group with 2 updates (#728)
• c5f3260 chore: bump github.com/docker/docker from 27.0.3+incompatible to 27.1.0+incompatible (#727)
• 839ffa5 feat: discard patch layer (#689)
• 358a7ff feat: add oracle support (#706)
• 0d0f2f3 docs: clarify copa does not support wolfi-based images (#724)
• 473202f fix: microdnf update (#721)
• da90152 chore: bump the all group across 1 directory with 3 updates (#722)
• bbffa29 chore: bump typescript from 5.5.3 to 5.5.4 in /website in the all group (#719)
• f696308 chore: bump github.com/docker/buildx from 0.16.0 to 0.16.2 (#717)
• da8fe8e chore: bump github.com/docker/cli from 27.1.0+incompatible to 27.1.1+incompatible (#716)
• beb8c86 fix: docker repository format checks (#707)
• 6d91446 chore: bump the all group with 6 updates (#711)
• f730aa9 chore: bump github.com/google/go-containerregistry from 0.19.2 to 0.20.1 (#710)
• 75b8bac chore: bump k8s.io/apimachinery from 0.30.2 to 0.30.3 (#709)
• 1cd9abe chore: bump github.com/docker/cli from 27.0.3+incompatible to 27.1.0+incompatible (#708)
• 9da1246 chore: bump github.com/docker/buildx from 0.15.1 to 0.16.0 (#701)
• 3f3a9a2 chore: bump the all group with 5 updates (#700)
• 1ea24b7 test: buildkit with defaults (#682)
• 4953f10 docs: add function to be included when using buildkit.SolveToDocker (#698)
• 1fcc6e0 chore: bump the all group across 1 directory with 6 updates (#696)
• ded40bd chore: bump typescript from 5.5.2 to 5.5.3 in /website in the all group (#695)
• abce88c chore: bump github.com/containerd/containerd from 1.7.18 to 1.7.19 (#694)
• 456bf08 chore: bump google.golang.org/grpc from 1.64.0 to 1.65.0 (#693)
• a8ede19 docs: 0.7.0 release docs (#692)
• 5920993 fix: update NODE_VERSION (#691)