Releases: chainguard-dev/melange
Releases · chainguard-dev/melange
Release v0.5.7
What's Changed
- Take advantage of Octo STS to publish homebrew updates. by @mattmoor in #956
- Pin to digest for setup-go in melange by @jedsalazar in #940
- drop the lima runner by @imjasonh in #958
- Don't include libexec directories in SCA includes by @jonjohnsonjr in #959
- Fix aws-c-s3 SCA by @jonjohnsonjr in #960
- unexport some methods in pkg/sbom by @imjasonh in #961
- warn on invalid license, log SCA findings by @imjasonh in #962
- Switch to octo-sts-action by @mattmoor in #968
- Bump apko to v0.14.0 by @jonjohnsonjr in #969
- Fix missing no-depends check by @jonjohnsonjr in #971
- Embed melange version in .PKGINFO by @jonjohnsonjr in #972
- build(deps): bump google.golang.org/api from 0.154.0 to 0.161.0 by @dependabot in #970
- build(deps): bump actions/upload-artifact from 4.0.0 to 4.3.0 by @dependabot in #967
- build(deps): bump github.com/chainguard-dev/yam from 0.0.0-20230807153807-4de7c531f3e1 to 0.0.1 by @dependabot in #947
- build(deps): bump actions/download-artifact from 4.1.0 to 4.1.1 by @dependabot in #923
- build(deps): bump github.com/kubescape/go-git-url from 0.0.26 to 0.0.27 by @dependabot in #917
- stop logging tons of "detected git commit for build configuration" wh… by @rawlingsj in #974
- melange bump: only update expected commit shas for the main git-checkout by @rawlingsj in #975
- test: skip when executing on an unsupported arch by @imjasonh in #976
- Pass the correct env.env to the container. by @vaikas in #977
New Contributors
- @jedsalazar made their first contribution in #940
Full Changelog: v0.5.6...v0.5.7
Release v0.5.6
What's Changed
- Bypass warning about detached head by @imjasonh in #906
- Add a python/test pipeline. by @vaikas in #907
- meson/configure: don't download subprojects by default by @imjasonh in #909
- add
*_config
pattern to split/dev pipeline by @joemiller in #879 - Add --test-package-append that you can specify extra test packages for each test. by @vaikas in #910
- Add python/import test pipeline, as well as e2e tests for python test pipelines. by @vaikas in #911
- Tiny cleanup: Move test pipelines to where others are. Remove unnecessary test packages. by @vaikas in #912
- build(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 by @dependabot in #918
- Convert some sca code to early return style by @jonjohnsonjr in #921
- Take an fs as an argument to RetrieveWorkspace by @jonjohnsonjr in #926
- Move more mutations into parameters by @jonjohnsonjr in #927
- Drop mutable imgRef from build.Build by @jonjohnsonjr in #928
- Remove some more struct mutating and shadowing by @jonjohnsonjr in #929
- Replace packages in APKINDEX with same version by @jonjohnsonjr in #930
- Use errgroup over github.com/korovkin/limiter by @jonjohnsonjr in #931
- Fix sbom loopvar issue by @jonjohnsonjr in #933
- Make BuildGuest more similar for Build and Test by @jonjohnsonjr in #932
- Allow execable shared objects if name has ".so." by @jonjohnsonjr in #934
- drop pkg/logger and use slog by @imjasonh in #919
- Make "unable to detect git commit" a debug message by @imjasonh in #936
- Allow vendored pkgconfig deps by @jonjohnsonjr in #935
- Audit the permissions of workflows. by @mattmoor in #937
- add e2e test that packages can be installed with apk by @imjasonh in #939
- Fail if unknown variable is used in substitution by @jonjohnsonjr in #942
- sort with key/values by @imjasonh in #943
Full Changelog: v0.5.5...v0.5.6
Release v0.5.5
What's Changed
- update release to add some clarification regarding the homebrew by @cpanato in #876
- Pull in
go-apk
withprovider_priority
ini
fix. by @mattmoor in #878 - Set a default env var for GOMODCACHE. by @dlorenc in #880
- convert: sort packages alphabetically by @imjasonh in #889
- Mark update.manual as an optional field. by @wlynch in #877
- build(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 by @dependabot in #897
- build(deps): bump github.com/containerd/containerd from 1.7.7 to 1.7.11 by @dependabot in #898
- build(deps): bump actions/setup-go from 4 to 5 by @dependabot in #886
- build(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.11.0 by @dependabot in #881
- build(deps): bump github.com/kubescape/go-git-url from 0.0.25 to 0.0.26 by @dependabot in #884
- build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 by @dependabot in #887
- build(deps): bump cloud.google.com/go/storage from 1.35.1 to 1.36.0 by @dependabot in #893
- bump upload/download github actions by @cpanato in #900
- build(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 by @dependabot in #883
- build(deps): bump google.golang.org/api from 0.152.0 to 0.154.0 by @dependabot in #892
- build(deps): bump github.com/lima-vm/lima from 0.18.0 to 0.19.1 by @dependabot in #895
Full Changelog: v0.5.4...v0.5.5
Release v0.5.4
What's Changed
- improve 'melange convert python' to remove manual steps by @imjasonh in #846
- fix docs for --runner by @imjasonh in #848
- format manifests with yam by @imjasonh in #849
- convert python: don't overwrite existing files by @imjasonh in #850
- default --use-github=true by @imjasonh in #847
- fix and continuously validate SBOMs by @imjasonh in #851
- Add jsonschema generation binary. by @wlynch in #861
- Fix lints, or ignore safe ones. No functional changes. by @vaikas in #865
- Fix the lint warnings in pkg/linter by @vaikas in #866
- UTC-ify source date epoch when set by @imjasonh in #868
- support resource requests and timeouts by @imjasonh in #869
- Fix capitalization of SBOM originators by @imjasonh in #867
- Add Test pipelines by @vaikas in #864
- cleanup: don't use pkg/errors by @imjasonh in #870
- Ensure jsonschema is kept up to date. by @wlynch in #862
- build(deps): bump github.com/klauspost/compress from 1.17.2 to 1.17.4 by @dependabot in #874
- build(deps): bump google.golang.org/api from 0.150.0 to 0.152.0 by @dependabot in #873
- build(deps): bump go.opentelemetry.io/otel from 1.20.0 to 1.21.0 by @dependabot in #857
- build(deps): bump k8s.io/apimachinery from 0.28.3 to 0.28.4 by @dependabot in #853
- build(deps): bump sigs.k8s.io/release-utils from 0.7.6 to 0.7.7 by @dependabot in #852
- prefix should be /usr by @lpcalisi in #863
- schema: update for new test pipeline configuration by @kaniini in #875
- build(deps): bump k8s.io/client-go from 0.28.3 to 0.28.4 by @dependabot in #855
- build(deps): bump chainguard.dev/apko from 0.11.3-0.20231103184130-c376bfafbda0 to 0.12.0 by @dependabot in #872
- build(deps): bump golang.org/x/sys from 0.14.0 to 0.15.0 by @dependabot in #871
New Contributors
Full Changelog: v0.5.3...v0.5.4
Release v0.5.3
What's Changed
- use forked alpine-go in go-apk by @imjasonh in #815
- test runtime replacements by @imjasonh in #837
- apply substitutions to .environment.contents.packages by @imjasonh in #838
- update go-apk dependency by @imjasonh in #842
- build(deps): bump cloud.google.com/go/storage from 1.33.0 to 1.35.1 by @dependabot in #840
- build(deps): bump google.golang.org/api from 0.149.0 to 0.150.0 by @dependabot in #835
- move spammy logs to debugf by @imjasonh in #807
- pipelines: go/build: add support for go.mod overlay files by @kaniini in #843
- build(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 by @dependabot in #841
- build(deps): bump go.opentelemetry.io/otel from 1.19.0 to 1.20.0 by @dependabot in #839
- build(deps): bump golang.org/x/time from 0.3.0 to 0.4.0 by @dependabot in #825
- build(deps): bump github.com/sigstore/cosign/v2 from 2.2.0 to 2.2.1 by @dependabot in #836
- Update release.md by @imjasonh in #844
Full Changelog: v0.5.2...v0.5.3
Release v0.5.2
What's Changed
- Document the release steps. by @vaikas in #759
- Add APK linting to Melange by @Elizafox in #760
- replace the fetch python url to more friendly URI by @cpanato in #761
- document full-version, add pointer to docs. by @vaikas in #753
- Centralize SOURCE_DATE_EPOCH parsing. by @wlynch in #767
- Add multiple Python packages post-linter by @Elizafox in #764
- build(deps): bump google.golang.org/api from 0.147.0 to 0.148.0 by @dependabot in #774
- build(deps): bump k8s.io/client-go from 0.28.2 to 0.28.3 by @dependabot in #773
- build(deps): bump github.com/klauspost/compress from 1.17.1 to 1.17.2 by @dependabot in #771
- build(deps): bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in #768
- build(deps): bump chainguard.dev/apko from 0.10.1-0.20230918194837-e9722fcc3e50 to 0.11.0 by @dependabot in #770
- build(deps): bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0 by @dependabot in #782
- Improve linter diagnostic output by @Elizafox in #783
- Fix ownership not being preserved by @epsilon-phase in #781
- linter: refactor check block generation in tests by @Elizafox in #786
- melange bump: only reset the epoch if version changes, else increment it by @rawlingsj in #733
- Add Python docs linter by @Elizafox in #789
- readlinkfs: ignore security.selinux xattrs by @joemiller in #790
- Rename Python linters to python/* by @Elizafox in #791
- drop sync-issues-to-project-board.yaml not used anymore by @cpanato in #765
- SCA: add python dependency generator by @kaniini in #788
- Add python/test linter by @Elizafox in #795
- SCA refactoring, part 1 by @kaniini in #793
- Add json tags to melange Configuration. by @wlynch in #796
- Separate out package and build lints by @Elizafox in #797
- Fix ownership issue by @epsilon-phase in #784
- Add SBOM linter by @Elizafox in #801
- pipelines: add npm-install pipeline by @julienv3 in #763
- build(deps): bump sigs.k8s.io/release-utils from 0.7.5 to 0.7.6 by @dependabot in #798
- build(deps): bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible by @dependabot in #800
- build(deps): bump chainguard.dev/apko from 0.11.1-0.20231026220613-a2b17f6490d2 to 0.11.1 by @dependabot in #799
- Fix Typo in the
./hack/make-devenv.sh
by @debasishbsws in #727 - Add linters for documentation and object files by @epsilon-phase in #806
- Add a test to ensure that ranges are handled properly. by @epsilon-phase in #809
- Bump go-apk and use faster tarfs implementation by @jonjohnsonjr in #810
- Filter out noise opening non-ELF files by @jonjohnsonjr in #811
- Bump go-apk by @jonjohnsonjr in #812
- Fix deduplication of strings because slices.Compact doesn't sort the input by @kaniini in #814
- Remove impossible errors by @jonjohnsonjr in #816
- Make loadUse test actually test something by @jonjohnsonjr in #817
- Remove impossible errors by @jonjohnsonjr in #818
- Get rid of PackageContext and SubpackageContext by @jonjohnsonjr in #819
- Error early if uses and runs are both present by @jonjohnsonjr in #820
- remove unimplemented references to fulcio support by @imjasonh in #830
- fail if 'with' is used with 'runs' by @imjasonh in #829
- Delete no-op sbom code by @jonjohnsonjr in #832
- Plumb check configs through to linters by @jonjohnsonjr in #833
- GithubReleaseMonitor: add tagprefix and tagcontains to be used in git… by @ajayk in #834
New Contributors
- @epsilon-phase made their first contribution in #781
- @joemiller made their first contribution in #790
- @julienv3 made their first contribution in #763
- @debasishbsws made their first contribution in #727
- @ajayk made their first contribution in #834
Full Changelog: v0.5.1...v0.5.2
Release v0.5.1
What's Changed
- update with 0.5.0 changes by @joshrwolf in #740
- Fix and update deprecated fields for goreleaser by @cpanato in #741
- Track vendored deps for .PKGINFO by @jonjohnsonjr in #721
- Extricate config stuff from linter. by @Elizafox in #746
- build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 by @dependabot in #749
- build(deps): bump sigs.k8s.io/release-utils from 0.7.5-0.20230601212346-3866fe05b204 to 0.7.5 by @dependabot in #745
- build(deps): bump golang.org/x/sync from 0.3.0 to 0.4.0 by @dependabot in #744
- Add function to lint APK files. by @Elizafox in #750
- linter: fix a typo in package linting function by @Elizafox in #752
- build(deps): bump google.golang.org/api from 0.143.0 to 0.146.0 by @dependabot in #751
- Fix a bug where substitutions were not done for runtime. by @vaikas in #754
- build(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @dependabot in #755
- build(deps): bump github.com/lima-vm/lima from 0.17.2 to 0.18.0 by @dependabot in #756
- build(deps): bump google.golang.org/api from 0.146.0 to 0.147.0 by @dependabot in #757
- build(deps): bump github.com/klauspost/compress from 1.17.0 to 1.17.1 by @dependabot in #758
Full Changelog: v0.5.0...v0.5.1
Release v0.5.0
What's Changed
- Rename Contexts to Builds by @jonjohnsonjr in #525
- Add missing context propagation by @jonjohnsonjr in #527
- Bug fix: silent env var replacement by @luhring in #533
- Add otel spans by @jonjohnsonjr in #529
- Bump apko dep to pick up otel spans by @jonjohnsonjr in #535
- docs: explain how build cache works practically by @luhring in #537
- build: package: forcibly treat libc as a shared library by @kaniini in #538
- Change git-checkout depth default to 1 by @luhring in #539
- Fix/python version issue by @mesaglio in #532
- pull in apko with fix for blank SOURCE_DATE_EPOCH by @deitch in #542
- Remove use of deprecated WaitImmediate by @jonjohnsonjr in #528
- lima startup issues fixed by @deitch in #543
- add dir option to ruby pipelines as not all gemspecs live in the root… by @rawlingsj in #544
- K8s runner template bugs by @joshrwolf in #550
- K8s runner retry exec by @joshrwolf in #549
- Refactor some pipelines to more safely use pipeline expansions by @kaniini in #554
- Default remove builder by @joshrwolf in #552
- use go-apk.FullFS for retrieving builder workspaces by @joshrwolf in #548
- Correct the variable name in the patch pipeline by @mattmoor in #555
- Stop breaking github action. by @mesaglio in #546
- Pod names must be RFC1123 compliant by @mattmoor in #557
- K8s runner fetch workspace tgz by @joshrwolf in #551
- Avoid using pargzip for compression by @jonjohnsonjr in #558
- Add more otel spans to k8s runner by @jonjohnsonjr in #565
- build(deps): bump k8s.io/client-go from 0.27.3 to 0.27.4 by @dependabot in #562
- skip the cache mount for kubernetes runner builds by @joshrwolf in #566
- Make sure we log errors. by @mattmoor in #570
- Log errors bundling, enable GGCR Warn/Progress logs by @mattmoor in #574
- add k8s runner config loading from envvars by @joshrwolf in #571
- Remove
wget -q
fromfetch
by @mattmoor in #575 - Several fixes to k8s runner. by @mattmoor in #578
- Tweak the strip pipeline so that it never fails for deleted files by @mattmoor in #573
- convert/python: check if release is found by @Dentrax in #572
- Fix subpackage SBOM generation by @jonjohnsonjr in #569
- build(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 by @dependabot in #530
- build(deps): bump github.com/klauspost/pgzip from 1.2.5 to 1.2.6 by @dependabot in #561
- build(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 by @dependabot in #564
- build(deps): bump google.golang.org/api from 0.129.0 to 0.133.0 by @dependabot in #576
- build(deps): bump github.com/docker/docker from 24.0.2+incompatible to 24.0.5+incompatible by @dependabot in #577
- build(deps): bump google.golang.org/api from 0.133.0 to 0.134.0 by @dependabot in #580
- build(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.1 by @dependabot in #579
- Refactor the config/logging stuff out of build by @Elizafox in #581
- renovate: update to use new config infrastructure by @Elizafox in #585
- pipelines: meson/configure: explicitly invoke meson setup action by @kaniini in #582
- Updates on ci and release by @cpanato in #583
- Make var transforms work in bump by @Elizafox in #586
- container: bubblewrap: do not defer closing files by @kaniini in #596
- build: package: add pkgconf-based SCA to catalog SDKs which use it by @kaniini in #590
- doc and lint revisions by @jessp01 in #598
- build(deps): bump google.golang.org/api from 0.134.0 to 0.136.0 by @dependabot in #597
- build(deps): bump golang.org/x/sys from 0.10.0 to 0.11.0 by @dependabot in #594
- build(deps): bump github.com/lima-vm/lima from 0.16.0 to 0.17.0 by @dependabot in #593
- build(deps): bump github.com/google/go-containerregistry from 0.15.2 to 0.16.1 by @dependabot in #592
- Version transform block in melange by @Elizafox in #588
- Add docs about custom pipelines, defining and using. by @vaikas in #604
- Support for setting context in .melange.k8s.yaml by @tcnghia in #605
- allow override go version for uses: go/build and go/install by @rawlingsj in #606
- add melange sign command, slightly refactor and make public the signing methods by @joshrwolf in #607
- plumb through SDE to EmitSignature by @joshrwolf in #608
- support substitutions in provides lists by @imjasonh in #610
- Set reasonable concurrency levels for pgzip by @jonjohnsonjr in #611
- Bump pkgconfig to pick up the openblas fix. by @dlorenc in #612
- Bump pkg-config again to actually pick up the openblas fix. by @dlorenc in #618
- Add ${{targets.contextdir}} by @kaniini in #622
- add --force option to recreate apk indexes with given signatures by @joshrwolf in #626
- sign: do not rename across device boundaries by @kaniini in #627
- Fix the links to commands, fix the URLs generated. by @vaikas in #624
- cli: index: add --signing-key, --source and --merge options by @kaniini in #629
- docs: typo in go-build example by @acuteaura in #630
- Bump apko and fix everything I broke by @jonjohnsonjr in #631
- Print the path to generated melange config. by @vaikas in #636
- feat: support --recurse-submodules in git clone by @stormqueen1990 in #639
- readlinkfs: ignore some security-module specific xattrs by @kaniini in #640
- Add --wolfi-defaults flag, clean up flag handling. by @vaikas in #641
- Start of exhaustively documenting the build file. by @vaikas in #609
- Add a maven/configure-mirror pipeline to redirect to GCP. by @dlorenc in #644
- Add flags for resolving git tags, release-monitoring by @vaikas in #643
- add builtin pipelines for python by @imjasonh in #642
- remove extra backtick. by @vaikas in #647
- Bunch of lint fixes. No functional changes. by @vaikas in #645
- Change GeneratedMelangeConfig to embed pkg/config/config instead of redefining it. by @vaikas in #650
- Fix syntax in maven pipeline (and add test). by @dlorenc in #652
- package: dereference symlinks for aliased pkg-config modules by @kaniini in #653
- Fix issue: #658 by @vaikas in #659
- feat: add output logs for the apkbuild converter by @stormqueen1990 in #660
- Change default python-v...
Release v0.4.0
What's Changed
- update NEWS for melange 0.3.0. by @kaniini in #357
- Add darwin goreleaser target (macOS) by @jdolitsky in #359
- Upgrade go to 1.20 and clean up ci by @cpanato in #358
- Allow construction of empty packages without environment/pipelines by @kaniini in #360
- build: fix SBOM language gathering for subpackage pipelines by @kaniini in #361
- package: allow any library which has a SONAME to be a provider by @kaniini in #362
- Fix goreleaser cosign flags by @jdolitsky in #365
- Bump apko to pick up busybox detection fix. by @dlorenc in #366
- melange bump: optional flag to modify git-checkout pipeline expected-… by @rawlingsj in #367
- make original test commit sha different from the new expected sha to … by @rawlingsj in #368
- fix: log package new names+versions when regenerating index by @imjasonh in #369
- add a
update.manual:
key to indicate a package should be manually u… by @rawlingsj in #371 - Add --arch to melange index to skip packages with the wrong arch by @kaniini in #372
- index: rework architecture filtering by @kaniini in #375
- feat: respect target-architecture to filter archs by @imjasonh in #376
- export mutate functions as these are very useful to be called outside… by @rawlingsj in #377
- update to apko git by @kaniini in #379
- Use logrus for logging, like apko by @kaniini in #380
- build(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.2 by @dependabot in #382
- build(deps): bump actions/add-to-project from 0.4.1 to 0.5.0 by @dependabot in #373
- feat: send useragent in HTTP requests by @imjasonh in #378
- upgrade alpine pkgs lima by @developer-guy in #289
- build(deps): bump google.golang.org/api from 0.114.0 to 0.116.0 by @dependabot in #383
- Upgrade to apko 0.7.4-20230411 snapshot. by @kaniini in #386
- Use formatted YAML encoder from yam by @luhring in #385
- build: package: append subpackages to build log by @kaniini in #387
- pipelines: autoconf/make-install: delete all GNU libtool metadata files by @kaniini in #388
- Do not depend on concrete logger by @luhring in #389
- Print full uri to debug file download errors by @patflynn in #390
- update apko to 20230413 snapshot by @kaniini in #391
- fix 403 error when melange bumping some packages, https://www.netfilt… by @rawlingsj in #392
- build(deps): bump actions/checkout from 3.5.0 to 3.5.2 by @dependabot in #393
- Fix parse configuration's use of abstract filesystems by @luhring in #395
- update apko dependency to 20230419 snapshot by @kaniini in #397
- update apko to 20230420, use apko log.Logger everywhere by @kaniini in #399
- build(deps): bump google.golang.org/api from 0.116.0 to 0.119.0 by @dependabot in #398
- upgrade apko to 20230421 snapshot by @kaniini in #400
- build(deps): bump github.com/docker/docker from 23.0.3+incompatible to 23.0.4+incompatible by @dependabot in #402
- cli: build: warn when no work to do instead of throwing an error by @kaniini in #403
- bump to latest apko which handles file overwrites by @deitch in #404
- add a strip-suffix: key to melange update struct to indicate strippin… by @rawlingsj in #405
- add
ignore-regex-patterns
update config to indicate you want to ign… by @rawlingsj in #406 - simplify DataItems to use the builtin marshallable map type by @joshrwolf in #407
- update alpine-go to include replaces hotfix by @kaniini in #410
- use go-apk library instead of apko by @deitch in #411
- move signing funcs to rely on external go-apk library by @deitch in #412
- build(deps): bump gitlab.alpinelinux.org/alpine/go from 0.6.1-0.20230428211436-f22972d078c8 to 0.7.0 by @dependabot in #414
- Add name method to build config by @luhring in #419
- build: add support for configurable logging policies by @kaniini in #420
- Add trimpath to the go pipeline. by @dlorenc in #424
- build: package: skip SONAME analysis when ELF interpreter setting is present by @kaniini in #425
- chore: improve mac quick-start guide by @AlexsJones in #427
- Add an optional "deps" paramter to the go/build pipeline. by @dlorenc in #428
- pipelines: patch: add support for quilt patch-series files by @kaniini in #429
- build(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0 by @dependabot in #432
- Set
builddate
in our.PKGINFO
control data. by @mattmoor in #435 - use latest version of melange in lima configuration file by @developer-guy in #436
- add multiple runner options by @deitch in #263
- Add go vendor support to the go build pipeline. by @dlorenc in #440
- add configuration field inline docs by @joshrwolf in #430
- add extra logging when runner fails to TestUsability by @rawlingsj in #446
- default for mac is docker, not bwrap by @deitch in #447
- Update distroless references by @jonjohnsonjr in #452
- Update README.md by @imjasonh in #453
- Allow built in melange pipelines to be used in subpackages by @rawlingsj in #455
- Try to make install work on Linux and Mac. by @amouat in #451
- Pull in index builddate support. by @mattmoor in #460
- build(deps): bump github.com/docker/docker from 23.0.4+incompatible to 24.0.1+incompatible by @dependabot in #458
- Pull in the latest go-apk for xattrs support by @mattmoor in #462
- upgrade go-apk to latest commit, implement go-apk XattrFS interfaces by @kaniini in #463
- build(deps): bump google.golang.org/api from 0.119.0 to 0.123.0 by @dependabot in #457
- Require that build config YAML has only known fields by @luhring in #465
- include filename when parsing fails by @imjasonh in #466
- Remove secfixes and advisories altogether by @luhring in #468
- Validate configuration at the end of parsing by @luhring in #469
- upgrade alpine-lima to 3.18 by @developer-guy in #467
- add wolfictl by @developer-guy in #473
- Bump apko and fix what that breaks by @jonjohnsonjr in #477
- build(deps): bump github.com/containerd/containerd from 1.6.15 to 1.6.18 by @dependabot in #439
- build(deps): bump actions/setup-go from 4.0.0 to 4.0.1 by @dependabot in #448
- Refactor index code, support writing APKINDEX JSON representation natively by @kaniini in #478
- build(deps): bump github.com/lima-vm/lima from 0.14.2 to 0.16.0 by @dependabot in #479
- build(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.5 by @dependabot in https://github.com/chainguard-dev/melan...