Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.51.4
->0.53.0
3.20.0
->3.20.1
v1.59.0
->v1.59.1
v3.14.1
->v3.15.2
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
aquasecurity/trivy (docker.io/aquasec/trivy)
v0.53.0
Compare Source
⚠ BREAKING CHANGES
Features
environment.yml
files (#6953) (654217a)maven-metadata.xml
files for remote snapshot repositories. (#6950) (1f8fca1)CycloneDX v1.6
(#6903) (09e50ce)Bug Fixes
file-patterns
and scan.conan2
cache dir (#6949) (38b35dd)advisory.url
(#6952) (417212e)image.inspect.Created
field only for non-empty values (#6948) (0af5730),
,or
, etc. (#6916) (52f7aa5)package-lock.json
file is broken (#6858) (cf5aa33)pnpm
with cyclic imports (#6857) (7d083bc)--insecure
(#7022) (3d02a31)poetry.lock
andpyproject.toml
in lowercase (#6852) (faa9d92)srcEpoch
when decoding SBOM files (#6866) (04af59c)purl
for maven pkgs (#7008) (a76e328)purl
forbitnami
pkg names (#6982) (7eabb92)Asymmetric Private Key
shouldn't start with space (#6867) (bb26445)v0.52.2
Compare Source
Changelog
8709d4f
release: v0.52.2 [release/v0.52] (#6896)a4b8ad7
ci: useubuntu-latest-m
runner [backport: release/v0.52] (#6933)2b711bc
chore(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 [backport: release/v0.52] (#6919)191d31e
test: bump docker API to 1.45 [backport: release/v0.52] (#6922)3f5874c
ci: bumpgithub.com/goreleaser/goreleaser
tov2.0.0
[backport: release/v0.52] (#6893)8f8c76a
fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892)v0.52.1
Compare Source
Changelog
a3caf06
release: v0.52.1 [release/v0.52] (#6877)01dbb42
fix(nodejs): fix infinite loop when package link frompackage-lock.json
file is broken [backport: release/v0.52] (#6888)f186d22
fix(sbom): don't overwritesrcEpoch
when decoding SBOM files [backport: release/v0.52] (#6881)093c0ae
fix(python): compare pkg names frompoetry.lock
andpyproject.toml
in lowercase [backport: release/v0.52] (#6878)6bfda76
Merge pull request #6879 from aquasecurity/backport-pr-6864-to-release/v0.5253850c8
docs: explain how VEX is applied (#6864)2211962
Merge pull request #6875 from aquasecurity/backport-pr-6857-to-release/v0.52a614b69
fix(nodejs): fix infinity loops forpnpm
with cyclic imports (#6857)v0.52.0
Compare Source
Features
requirement.txt
files (#6782) (29615be)requirement.txt
files (#6729) (2bc54ad)Bug Fixes
pip
deps forenvironment.yml
files (#6675) (150a773)gobinaries
(#6710) (c96f2a5).version
|.ver
(no prefixes) ldflags forgobinaries
(#6705) (afb4f9d)requirements.txt
files. (#6804) (ea3a124)convert
mode when scanning json file derived from sbom file (#6808) (f92ea09)Performance Improvements
golangci/golangci-lint (golangci/golangci-lint)
v1.59.1
Compare Source
go-errorlint
: from 1.5.1 to 1.5.2gomnd
: deprecated configuration compatibilityintrange
: addstyle
presetmisspell
: from 0.5.1 to 0.6.0sloglint
: from 0.7.0 to 0.7.1testifylint
: from 1.3.0 to 1.3.1unparam
: bump to HEADusestdlibvars
: from 1.25.0 to 1.26.0revive
configurationhelm/helm (helm/helm)
v3.15.2
: Helm v3.15.2Compare Source
Helm v3.15.2 is a security (patch) release. Users are strongly recommended to update to this release.
The community keeps growing, and we'd love to see you there!
Installation and Upgrading
Download Helm v3.15.2. The common platform binaries are here:
This release was signed with
672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E
and can be found at @mattfarina keybase account. Please use the attached signatures for verifying this release usinggpg
.The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with
bash
.What's Next
Changelog
1a500d5
(yyzxw)70b225c
(yxxhero)b3640f1
(Daniel Strobusch)46e2ba0
(dependabot[bot])fb311d3
(Austin Abro)23552a7
(Aaron U'Ren)v3.15.1
: Helm v3.15.1Compare Source
Helm v3.15.1 is a patch release. The Helm application source is the same as 3.15.0. The 3.15.0 builds stated the wrong version when running
helm version
. Instead of the release number it had the release candidate version which pointed to the same revision of the source.The community keeps growing, and we'd love to see you there!
Installation and Upgrading
Download Helm v3.15.1. The common platform binaries are here:
This release was signed with
672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E
and can be found at @mattfarina keybase account. Please use the attached signatures for verifying this release usinggpg
.The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with
bash
.What's Next
Changelog
e211f2a
(Matt Farina)v3.15.0
: Helm v3.15.0Compare Source
Helm v3.15.0 is a feature release. Users are encouraged to upgrade for the best experience.
The community keeps growing, and we'd love to see you there!
Notable Changes
Installation and Upgrading
Download Helm v3.15.0. The common platform binaries are here:
This release was signed with
672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E
and can be found at @mattfarina keybase account. Please use the attached signatures for verifying this release usinggpg
.The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with
bash
.What's Next
Changelog
c4e37b3
(Matt Farina)d7afa3b
(Matt Farina)7743467
(Matt Farina)214fb6e
(Calvin Krist)1b75d48
(Dirk Müller)dac23c8
(dependabot[bot])167d576
(dependabot[bot])dd37787
(deterclosed)0a69a0d
(Andrew Block)aaaf112
(dependabot[bot])7f53529
(dependabot[bot])25c4738
(Matt Farina)ff94e93
(dependabot[bot])d58d7b3
(Robert Sirchia)a23dd9e
(Matt Farina)275f2ab
(dependabot[bot])8b424ba
(Robert Sirchia)e22d881
(dependabot[bot])4f200fa
(dependabot[bot])764557c
(Matt Farina)5bc97b9
(dependabot[bot])e6db0ec
(dependabot[bot])8d19bcb
(George Jenkins)68294fd
(George Jenkins)8e6a514
(Matt Farina)94c1dea
(Ricardo Maraschini)cbab6d6
(dependabot[bot])de332ae
(dependabot[bot])a2dd34b
(dependabot[bot])57a1bb8
(weidongkl)8cab7c1
(dependabot[bot])5f9533f
(dependabot[bot])4790bb9
(George Jenkins)f980ad3
(dependabot[bot])c25736c
(Matt Carr)d2cf8c6
(MichaelMorris)fc74964
(MichaelMorris)f908379
(Alex Petrov)9e198fa
(Alex Petrov)v3.14.4
: Helm v3.14.4Compare Source
Helm v3.14.4 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.
The community keeps growing, and we'd love to see you there!
Installation and Upgrading
Download Helm v3.14.4. The common platform binaries are here:
This release was signed with
672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E
and can be found at @mattfarina keybase account. Please use the attached signatures for verifying this release usinggpg
.The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with
bash
.What's Next
Changelog
81c902a
(Alex Petrov)5a11c76
(Alex Petrov)fb3d880
(deterclosed)01ac4a2
(dependabot[bot])138602d
(dependabot[bot])aa7d953
(Ricardo Maraschini)v3.14.3
: Helm v3.14.3Compare Source
Helm v3.14.3 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.
The community keeps growing, and we'd love to see you there!
Installation and Upgrading
Download Helm v3.14.3. The common platform binaries are here:
This release was signed with
672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E
and can be found at @mattfarina keybase account. Please use the attached signatures for verifying this release usinggpg
.The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with
bash
.What's Next
Changelog
f03cc04
(Matt Farina)1a7330f
(George Jenkins)d6acc00
(George Jenkins)b2738fb
(dependabot[bot])5b0847e
(dependabot[bot])7e18c39
(weidongkl)v3.14.2
: Helm v3.14.2Compare Source
Helm v3.14.2 is a security (patch) release. Users are strongly recommended to update to this release.
A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content.
Jakub Ciolek with AlphaSense discovered the vulnerability.
Installation and Upgrading
Download Helm v3.14.2. The common platform binaries are here:
This release was signed with
672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E
and can be found at @mattfarina keybase account. Please use the attached signatures for verifying this release usinggpg
.The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with
bash
.What's Next
Configuration
📅 Schedule: Branch creation - "on the first day of the month" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.