trivy icon indicating copy to clipboard operation
trivy copied to clipboard
Published 1 month ago verified publisher icon aquasecurity

chore(deps): bump aquaproj/aqua-installer from 2.2.0 to 2.3.0

Open dependabot[bot] opened this issue 1 year ago • 1 comments

Bumps aquaproj/aqua-installer from 2.2.0 to 2.3.0.

Release notes

Sourced from aquaproj/aqua-installer's releases.

v2.3.0

Issues | Pull Requests | https://github.com/aquaproj/aqua-installer/compare/v2.2.0...v2.3.0

Features

#580 Support disabling the verification with Cosign and SLSA Provenance

[!CAUTION] This feature is for users who can't use Cosign and slsa-verifier. Most users can use them, so most users don't need this feature. aqua installs Cosign and slsa-verifier internally, so you don't need to install them yourself. If you can use Cosign and slsa-verifier, you should not disable them because they are important for security.

The bootstrap version is updated to aqua v2.22.0. From this version, aqua supports disabling the verification with Cosign and SLSA Provenance.

To disable the verification with Cosign and SLSA Provenance when you install aqua with aqua-installer, please set the environment variables AQUA_DISABLE_COSIGN and AQUA_DISABLE_SLSA.

export AQUA_DISABLE_COSIGN=true
export AQUA_DISABLE_SLSA=true
./aqua-installer

- uses: aquaproj/[email protected]
  with:
    aqua_version: v2.22.0
  env:
    AQUA_DISABLE_COSIGN: "true"
    AQUA_DISABLE_SLSA: "true"
Commits
  • 7c73380 feat: update the bootstrap version to v2.22.0 (#580)
  • 097fa0e chore(deps): update dependency reviewdog/reviewdog to v0.17.0 (#582)
  • e2b319d chore(deps): update dependency aquaproj/aqua to v2.22.0 (#581)
  • a5f5d50 chore(deps): update golang docker tag to v1.21.6 (#579)
  • f058c3d chore(deps): update dependency aquaproj/aqua to v2.21.3 (#576)
  • 6a99c56 chore(deps): update dependency aquaproj/aqua to v2.21.2 (#575)
  • 999dd2d chore(deps): update dependency reviewdog/reviewdog to v0.16.0 (#574)
  • 634963b chore(deps): update dependency suzuki-shunsuke/ghalint to v0.2.9 (#573)
  • f9b0857 chore(deps): update dependency suzuki-shunsuke/ghalint to v0.2.8 (#572)
  • 71bb6fa chore(renovate): migrate config:base to config:recommended (#571)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Feb 01 '24 14:02 dependabot[bot]

@dependabot rebase

DmitriyLewen avatar Feb 05 '24 04:02 DmitriyLewen

Superseded by #6437.

dependabot[bot] avatar Apr 01 '24 14:04 dependabot[bot]