hub
hub copied to clipboard
Bump the backend group across 1 directory with 5 updates
Bumps the backend group with 5 updates in the / directory:
Package | From | To |
---|---|---|
github.com/aquasecurity/trivy | 0.50.1 |
0.50.4 |
github.com/open-policy-agent/opa | 0.63.0 |
0.64.1 |
github.com/rs/cors | 1.10.1 |
1.11.0 |
github.com/tektoncd/pipeline | 0.58.0 |
0.59.0 |
google.golang.org/api | 0.173.0 |
0.176.1 |
Updates github.com/aquasecurity/trivy
from 0.50.1 to 0.50.4
Release notes
Sourced from github.com/aquasecurity/trivy's releases.
v0.50.4
Note
v0.50.3 hads a critical problem, and we deleted it and released v0.50.4.
Changelog
- e47fd487c fix(sbom): change error to warning for multiple OSes (#6541)
v0.50.2
Changelog
- 9aa9e173b ci: use tmp dir inside Trivy repo dir for GoReleaser (#6533)
- 058f4839d chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#6526)
- 9e3d2c5f9 chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#6523)
- 2ad8e332e fix(java): update logic to detect
pom.xml
file snapshot artifacts from remote repositories (#6412)
Commits
e47fd48
fix(sbom): change error to warning for multiple OSes (#6541)9aa9e17
ci: use tmp dir inside Trivy repo dir for GoReleaser (#6533)058f483
chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 (#6526)9e3d2c5
chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#6523)2ad8e33
fix(java): update logic to detectpom.xml
file snapshot artifacts from remo...- See full diff in compare view
Updates github.com/open-policy-agent/opa
from 0.63.0 to 0.64.1
Release notes
Sourced from github.com/open-policy-agent/opa's releases.
v0.64.1
This is a bug fix release addressing the following issues:
- ci: Pin GitHub Actions macos runner version. The architecture of the GitHub Actions Runner
macos-latest
was changed fromamd64
toarm64
and as a resultdarwin/amd64
binary wasn't released (#6720) authored by@suzuki-shunsuke
- plugins/discovery: Update comparison logic used in the discovery plugin for handling overrides. This fixes a panic that resulted from the comparison of uncomparable types (#6723) authored by
@ashutosh-narkar
v0.64.0
NOTES:
- The minimum version of Go required to build the OPA module is 1.21
This release contains a mix of features, a new builtin function (
json.marshal_with_options()
), performance improvements, and bugfixes.Breaking Change
Bootstrap configuration overrides Discovered configuration
Previously if Discovery was enabled, other features like bundle downloading and status reporting could not be configured manually. The reason for this was to prevent OPAs being deployed that could not be controlled through discovery. It's possible that the system serving the discovered config is unaware of all options locally available in OPA. Hence, we relax the configuration check when discovery is enabled so that the bootstrap configuration can contain plugin configurations. In case of conflicts, the bootstrap configuration for plugins wins. These local configuration overrides from the bootstrap configuration are included in the Status API messages so that management systems can get visibility into the local overrides.
In general, the bootstrap configuration overrides the discovered configuration. Previously this was not the case for all configuration fields. For example, if the discovered configuration changes the
labels
section, only labels that are additional compared to the bootstrap configuration are used, all other changes are ignored. This implies labels in the bootstrap configuration override those in the discovered configuration. But for fields such asdefault_decision
,default_authorization_decision
,nd_builtin_cache
, the discovered configuration would override the bootstrap configuration. Now the behavior is more consistent for the entire configuration and helps to avoid accidental configuration errors. (#5722) authored by@ashutosh-narkar
Add
rego_version
attribute to the bundle manifestA new global
rego_version
attribute is added to the bundle manifest, to inform the OPA runtime about what Rego version (v0
/v1
) to use while parsing/compiling contained Rego files. There is also a newfile_rego_versions
attribute which allows individual files to override the global Rego version specified byrego_version
.When the version of the contained Rego is advertised by the bundle through this attribute, it is not required to run OPA with the
--v1-compatible
(or future--v0-compatible
) flag in order to correctly parse, compile and evaluate the bundle's modules.A bundle's
rego_version
attribute takes precedence over any applied--v1-compatible
/--v0-compatible
flag. (#6578) authored by@johanfylling
Runtime, Tooling, SDK
- compile: Fix panic from CLI + metadata entrypoint overlaps. The panic occurs when
opa build
was provided an entrypoint from both a CLI flag, and via entrypoint metadata annotation. (#6661) authored by@philipaconrad
- cmd/deps: Improve memory footprint and execution time of
deps
command for policies with high dependency connectivity (#6685) authored by@johanfylling
- server: Keep default decision path in-sync with manager's config (#6697) authored by
@ashutosh-narkar
- server: Remove unnecessary AST-to-JSON conversions (#6665) and (#6669) authored by
@koponen-styra
- sdk: Allow customizations of the plugin manager via SDK (#6662) authored by
@xico42
- sdk: Fix issue where active parser options aren't propagated to module reload during bundle activation resulting in errors while activating bundles with
v1
syntax (#6689) authored by@xico42
... (truncated)
Changelog
Sourced from github.com/open-policy-agent/opa's changelog.
0.64.1
This is a bug fix release addressing the following issues:
- ci: Pin GitHub Actions macos runner version. The architecture of the GitHub Actions Runner
macos-latest
was changed fromamd64
toarm64
and as a resultdarwin/amd64
binary wasn't released (#6720) authored by@suzuki-shunsuke
- plugins/discovery: Update comparison logic used in the discovery plugin for handling overrides. This fixes a panic that resulted from the comparison of uncomparable types (#6723) authored by
@ashutosh-narkar
0.64.0
NOTES:
- The minimum version of Go required to build the OPA module is 1.21
This release contains a mix of features, a new builtin function (
json.marshal_with_options()
), performance improvements, and bugfixes.Breaking Change
Bootstrap configuration overrides Discovered configuration
Previously if Discovery was enabled, other features like bundle downloading and status reporting could not be configured manually. The reason for this was to prevent OPAs being deployed that could not be controlled through discovery. It's possible that the system serving the discovered config is unaware of all options locally available in OPA. Hence, we relax the configuration check when discovery is enabled so that the bootstrap configuration can contain plugin configurations. In case of conflicts, the bootstrap configuration for plugins wins. These local configuration overrides from the bootstrap configuration are included in the Status API messages so that management systems can get visibility into the local overrides.
In general, the bootstrap configuration overrides the discovered configuration. Previously this was not the case for all configuration fields. For example, if the discovered configuration changes the
labels
section, only labels that are additional compared to the bootstrap configuration are used, all other changes are ignored. This implies labels in the bootstrap configuration override those in the discovered configuration. But for fields such asdefault_decision
,default_authorization_decision
,nd_builtin_cache
, the discovered configuration would override the bootstrap configuration. Now the behavior is more consistent for the entire configuration and helps to avoid accidental configuration errors. (#5722) authored by@ashutosh-narkar
Add
rego_version
attribute to the bundle manifestA new global
rego_version
attribute is added to the bundle manifest, to inform the OPA runtime about what Rego version (v0
/v1
) to use while parsing/compiling contained Rego files. There is also a newfile_rego_versions
attribute which allows individual files to override the global Rego version specified byrego_version
.When the version of the contained Rego is advertised by the bundle through this attribute, it is not required to run OPA with the
--v1-compatible
(or future--v0-compatible
) flag in order to correctly parse, compile and evaluate the bundle's modules.A bundle's
rego_version
attribute takes precedence over any applied--v1-compatible
/--v0-compatible
flag. (#6578) authored by@johanfylling
Runtime, Tooling, SDK
- compile: Fix panic from CLI + metadata entrypoint overlaps. The panic occurs when
opa build
was provided an entrypoint from both a CLI flag, and via entrypoint metadata annotation. (#6661) authored by@philipaconrad
- cmd/deps: Improve memory footprint and execution time of
deps
command for policies with high dependency connectivity (#6685) authored by@johanfylling
- server: Keep default decision path in-sync with manager's config (#6697) authored by
@ashutosh-narkar
- server: Remove unnecessary AST-to-JSON conversions (#6665) and (#6669) authored by
@koponen-styra
- sdk: Allow customizations of the plugin manager via SDK (#6662) authored by
@xico42
... (truncated)
Commits
298f97d
Prepare v0.64.1 releasefaf6382
ci: pin GitHub Actions macos runner version and build for darwin/amd64e72e6f6
plugins/discovery: Update comparison logic for overrides75cc90a
Prepare v0.64.0 releasea400281
server: Keep default decision path in-sync with manager's configf2011b1
Adding Raygun to the policy-testing ecosystem (#6712)b58e87f
ast: Importingrego.v1
in v0 support modules when applicable (#6698)44fa8ad
Relax configuration check when Discovery is enabledef8532f
auth: requestToken close response body8260697
build: Update WASM Rego test generation setup (#6707)- Additional commits viewable in compare view
Updates github.com/rs/cors
from 1.10.1 to 1.11.0
Commits
4c32059
Normalize allowed request headers and store them in a sorted set (fixes #170)...8d33ca4
Complete documentation; deprecate AllowOriginRequestFunc in favour of AllowOr...af821ae
Merge branch 'jub0bs-master'0bcf73f
Update benchmarkeacc8e8
Fix skewed middleware benchmarks (#165)9297f15
Respect the documented precedence of options (#163)73f81b4
Fix readme benchmark rendering (#161)- See full diff in compare view
Updates github.com/tektoncd/pipeline
from 0.58.0 to 0.59.0
Release notes
Sourced from github.com/tektoncd/pipeline's releases.
Tekton Pipeline release v0.59.0 "Scottish Fold Sox" LTS
🎉 Artifact Metadata, Improved StepActions and Improved Stability 🎉
-Docs @ v0.59.0 -Examples @ v0.59.0
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.0/release.yaml
Attestation
The Rekor UUID for this release is
24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675 rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.0/release.yaml REKOR_UUID=24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.59.0@sha256:" + .digest.sha256')
Download the release file
curl "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match"; done
Upgrade Notices
Tekton v0.59 minimum Kubernetes version is 1.27.
Changes
Features
- :sparkles: Add a feature flag to disable inline spec (#7844)
Add a feature flag
disable-inline-spec
to disable embedded spec in Pipeline(PipelineSpec/TaskSpec), Taskrun(TaskSpec), and Pipelinerun. (PipelineSpec) By default, the inline specs will be enabled. Only if the flag is set to "pipeline", "pipelinerun" and "taskrun" or a combination like "pipeline,pipelinerun" would the inline spec be disabled for Pipeline, PipelineRun, or TaskRun.
... (truncated)
Changelog
Sourced from github.com/tektoncd/pipeline's changelog.
Tekton Pipeline Releases
Release Frequency
Tekton Pipelines follows the Tekton community [release policy][release-policy] as follows:
- Versions are numbered according to semantic versioning:
vX.Y.Z
- A new release is produced on a monthly basis
- Four releases a year are chosen for long term support (LTS). All remaining releases are supported for approximately 1 month (until the next release is produced)
- LTS releases take place in January, April, July and October every year
- The first Tekton Pipelines LTS release will be v0.41.0 in October 2022
- Releases happen towards the middle of the month, between the 13th and the 20th, depending on week-ends and readiness
Tekton Pipelines produces nightly builds, publicly available on
gcr.io/tekton-nightly
.Transition Process
Before release v0.41 Tekton Pipelines has worked on the basis of an undocumented support period of four months, which will be maintained for the releases between v0.37 and v0.40.
Release Process
Tekton Pipeline releases are made of YAML manifests and container images. Manifests are published to cloud object-storage as well as [GitHub][tekton-pipeline-releases]. Container images are signed by [Sigstore][sigstore] via [Tekton Chains][tekton-chains]; signatures can be verified through the [public key][chains-public-key] hosted by the Tekton Chains project.
Further documentation available:
- The Tekton Pipeline [release process][tekton-releases-docs]
- [Installing Tekton][tekton-installation]
- Standard for [release notes][release-notes-standards]
Release
v0.59 (LTS)
- Latest Release: [v0.59.0][v0.59-0] (2024-04-25) ([docs][v0.59-0-docs], [examples][v0.59-0-examples])
- Initial Release: [v0.59.0][v0.59-0] (2024-04-25)
- Estimated End of Life: 2025-04-24
- Patch Releases: [v0.59.0][v0.59-0]
... (truncated)
Commits
34d8c0f
chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptrace...e556bc7
fix: resolve pod creation failure on retry when usingworkspace.\<name>.volume
a494d6a
fix(taskrun): emit warning for missing secret in ServiceAccount instead of fa...fba68b7
Fix shell for tag-images stepb712fc5
chore(deps): bump go.opentelemetry.io/otel/sdk from 1.25.0 to 1.26.091bbee5
fix: do not set default kind when taskRef resolver is present30e389b
fix: ensure default type for params in remote tasks to prevent pipeline failuresfaccef8
Fix the shell in crane imageb419b2c
Add a feature flag to disable inline spec356b30d
chore(deps): bump actions/checkout from 4.1.2 to 4.1.3- Additional commits viewable in compare view
Updates google.golang.org/api
from 0.173.0 to 0.176.1
Release notes
Sourced from google.golang.org/api's releases.
v0.176.1
0.176.1 (2024-04-23)
Bug Fixes
v0.176.0
0.176.0 (2024-04-22)
Features
- all: Auto-regenerate discovery clients (#2537) (773fe01)
- all: Auto-regenerate discovery clients (#2538) (30d8c87)
- all: Auto-regenerate discovery clients (#2540) (6825bb8)
Bug Fixes
v0.175.0
0.175.0 (2024-04-19)
Features
- all: Auto-regenerate discovery clients (#2526) (ec3a580)
- all: Auto-regenerate discovery clients (#2529) (9622a0d)
Bug Fixes
v0.174.0
0.174.0 (2024-04-17)
Features
- Add hooks in for new auth library (#2228) (4054271)
- all: Auto-regenerate discovery clients (#2524) (f49960d)
Bug Fixes
... (truncated)
Changelog
Sourced from google.golang.org/api's changelog.
0.176.1 (2024-04-23)
Bug Fixes
0.176.0 (2024-04-22)
Features
- all: Auto-regenerate discovery clients (#2537) (773fe01)
- all: Auto-regenerate discovery clients (#2538) (30d8c87)
- all: Auto-regenerate discovery clients (#2540) (6825bb8)
Bug Fixes
0.175.0 (2024-04-19)
Features
- all: Auto-regenerate discovery clients (#2526) (ec3a580)
- all: Auto-regenerate discovery clients (#2529) (9622a0d)
Bug Fixes
0.174.0 (2024-04-17)
Features
- Add hooks in for new auth library (#2228) (4054271)
- all: Auto-regenerate discovery clients (#2524) (f49960d)
Bug Fixes
Commits
64f40ff
chore(main): release 0.176.1 (#2542)8d0b2b5
fix(transport/http): pass through base transport (#2541)81ccc7e
chore(main): release 0.176.0 (#2536)6825bb8
feat(all): auto-regenerate discovery clients (#2540)30d8c87
feat(all): auto-regenerate discovery clients (#2538)773fe01
feat(all): auto-regenerate discovery clients (#2537)5a78abe
fix: default defaultEndpointTemplate (#2535)67a5d6d
chore(main): release 0.175.0 (#2527)d64b1d0
fix: various auth transition bugs (#2533)9622a0d
feat(all): auto-regenerate discovery clients (#2529)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency -
@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) -
@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) -
@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) -
@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency -
@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditions