Releases: chainguard-dev/apko
Releases · chainguard-dev/apko
Release v0.20.0
What's Changed
- docs(apk): document apkindex methods by @luhring in #1393
- Record the
apko.jsonfile used to produce this image. by @mattmoor in #1353 - build(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 by @dependabot in #1392
- Add support for extras in
build-cpioby @mattmoor in #1394 - build(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 by @dependabot in #1391
- build(deps): bump google.golang.org/api from 0.204.0 to 0.205.0 by @dependabot in #1388
- build(deps): bump go.opentelemetry.io/otel from 1.31.0 to 1.32.0 by @dependabot in #1396
- build(deps): bump github/codeql-action from 3.27.0 to 3.27.1 by @dependabot in #1395
- build(deps): bump github/codeql-action from 3.27.1 to 3.27.2 by @dependabot in #1400
- build(deps): bump golang.org/x/sys from 0.26.0 to 0.27.0 by @dependabot in #1390
- build(deps): bump golang.org/x/time from 0.7.0 to 0.8.0 by @dependabot in #1389
- build(deps): bump go.step.sm/crypto from 0.54.0 to 0.54.2 by @dependabot in #1402
- build(deps): bump github/codeql-action from 3.27.2 to 3.27.4 by @dependabot in #1403
- Pass errors up the stack in CalculateWorld and InstallPackages by @smoser in #1404
New Contributors
Full Changelog: v0.19.9...v0.20.0
Contributors
smoser, mattmoor, and 2 other contributors
Assets 20
- 20.5 MB
2024-11-14T17:43:00Z - 3.14 KB
2024-11-14T17:43:03Z - 96 Bytes
2024-11-14T17:43:03Z - 19.6 MB
2024-11-14T17:43:00Z - 3.14 KB
2024-11-14T17:43:03Z - 96 Bytes
2024-11-14T17:43:03Z - 19.6 MB
2024-11-14T17:43:00Z - 3.14 KB
2024-11-14T17:43:03Z - 96 Bytes
2024-11-14T17:43:03Z - 20.5 MB
2024-11-14T17:43:00Z -
2024-11-14T17:26:33Z -
2024-11-14T17:26:33Z - Loading
Release v0.19.9
What's Changed
- Attempt to flush renamed files in cache by @jonjohnsonjr in #1387
- fix: ensure cacheTransport returns an error for non-200 responses by @lyoung-confluent in #1381
- fix: --cache-dir broken after in 0.19.3+ by @lyoung-confluent in #1382
Full Changelog: v0.19.8...v0.19.9
Contributors
jonjohnsonjr and lyoung-confluent
Assets 20
Release v0.19.8
What's Changed
- Re-instantiate each APK's tarfs after caching by @jonjohnsonjr in #1383
- build(deps): bump google.golang.org/api from 0.203.0 to 0.204.0 by @dependabot in #1384
Full Changelog: v0.19.7...v0.19.8
Contributors
jonjohnsonjr and dependabot
Assets 20
Release v0.19.7
What's Changed
- Allow multiauthenticator to try all authenticators by @wlynch in #1379
- Drop errgroup.WithContext and add withCause by @jonjohnsonjr in #1380
Full Changelog: v0.19.6...v0.19.7
Contributors
wlynch and jonjohnsonjr
Assets 20
Release v0.19.6
What's Changed
- MergeInto should include Volumes by @jonjohnsonjr in #1376
Full Changelog: v0.19.5...v0.19.6
Contributors
jonjohnsonjr
Assets 20
Release v0.19.5
What's Changed
- fix bug with triggers encoded in triggers file by @imjasonh in #1358
- rsa: remove backwards compat APIs by @xnox in #1307
Full Changelog: v0.19.4...v0.19.5
Contributors
xnox and imjasonh
Assets 20
Release v0.19.4
What's Changed
- fix data race in index cache by @imjasonh in #1369
- fix concurrent annotation map update by @imjasonh in #1370
- set downloadLocation to NOASSERTION when apk.URL is unset by @imjasonh in #1372
- Make MergeInto threadsafe by @jonjohnsonjr in #1374
Full Changelog: v0.19.3...v0.19.4
Contributors
imjasonh and jonjohnsonjr
Assets 20
Release v0.19.3
What's Changed
- cg auth: fix sometimes by @imjasonh in #1314
- set OCI created annotation by @imjasonh in #1316
- Cache some more expensive operations by @jonjohnsonjr in #1317
- build(deps): bump github/codeql-action from 3.26.8 to 3.26.9 by @dependabot in #1318
- build(deps): bump github.com/klauspost/compress from 1.17.9 to 1.17.10 by @dependabot in #1315
- build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in #1319
- Fail if APKINDEX has single-character lines by @jonjohnsonjr in #1321
- fix(ci): mark GitHub releases as latest from prerelease by @p5 in #1277
- build(deps): bump github/codeql-action from 3.26.9 to 3.26.10 by @dependabot in #1323
- build(deps): bump google.golang.org/api from 0.198.0 to 0.199.0 by @dependabot in #1320
- build(deps): bump go.step.sm/crypto from 0.52.0 to 0.53.0 by @dependabot in #1322
- Drop a period from a command's help by @murraybd in #1312
- use slog default logger for CG auth exchange by @imjasonh in #1324
- cleanup: remove Lima documentation by @luhring in #1325
- don't attempt to discover keys for file path repos by @imjasonh in #1326
- Make etag checks optional by @jonjohnsonjr in #1327
- build(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @dependabot in #1333
- build(deps): bump github/codeql-action from 3.26.10 to 3.26.11 by @dependabot in #1332
- build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @dependabot in #1329
- build(deps): bump chainguard.dev/sdk from 0.1.25 to 0.1.26 by @dependabot in #1328
- build(deps): bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by @dependabot in #1331
- Update go to 1.23.2 and golangci-lint by @cpanato in #1334
- build(deps): bump golang.org/x/time from 0.6.0 to 0.7.0 by @dependabot in #1336
- build(deps): bump golang.org/x/sys from 0.25.0 to 0.26.0 by @dependabot in #1335
- build(deps): bump go.step.sm/crypto from 0.53.0 to 0.54.0 by @dependabot in #1338
- build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 by @dependabot in #1339
- build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in #1340
- build(deps): bump google.golang.org/api from 0.199.0 to 0.201.0 by @dependabot in #1348
- build(deps): bump chainguard.dev/sdk from 0.1.26 to 0.1.27 by @dependabot in #1347
- build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 by @dependabot in #1344
- build(deps): bump go.opentelemetry.io/otel from 1.30.0 to 1.31.0 by @dependabot in #1346
- build(deps): bump github.com/klauspost/compress from 1.17.10 to 1.17.11 by @dependabot in #1343
- build(deps): bump chainguard.dev/sdk from 0.1.27 to 0.1.28 by @dependabot in #1351
- Preserve APK timestamps when using dirfs by @jonjohnsonjr in #1352
- Work around sendfile bug by @jonjohnsonjr in #1359
- don't attempt to discover chainguard keys for local file paths by @imjasonh in #1360
- SBOM test cleanup by @luhring in #1361
- allow key lookups for http by @ajayk in #1365
- fix(sbom): deduplicate SBOM packages by ID by @luhring in #1366
- Stop using real headers for side channels by @jonjohnsonjr in #1367
- Avoid race when mutating annotations by @jonjohnsonjr in #1368
- build(deps): bump google.golang.org/api from 0.201.0 to 0.203.0 by @dependabot in #1362
- build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in #1355
- build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in #1356
- build(deps): bump k8s.io/apimachinery from 0.31.1 to 0.31.2 by @dependabot in #1363
New Contributors
Full Changelog: v0.19.2...v0.19.3
Contributors
imjasonh, ajayk, and 6 other contributors
Assets 20
Release v0.19.2
What's Changed
- point to the apk.cgr.dev repo urls by @hectorj2f in #1311
- set audience correctly, no https by @k4leung4 in #1313
New Contributors
- @hectorj2f made their first contribution in #1311
Full Changelog: v0.19.1...v0.19.2
Contributors
hectorj2f and k4leung4
Assets 20
Release v0.19.1
What's Changed
- build(deps): bump github/codeql-action from 3.26.7 to 3.26.8 by @dependabot in #1308
- build(deps): bump google.golang.org/api from 0.197.0 to 0.198.0 by @dependabot in #1309
- Restore SourceDateEpoch in tarball for melange by @jonjohnsonjr in #1310
Full Changelog: v0.19.0...v0.19.1
Contributors
jonjohnsonjr and dependabot