trillian/1.6.1 package update #27252

octo-sts · 2024-08-28T13:49:30Z

Signed-off-by: wolfi-bot <[email protected]>

github-actions · 2024-08-28T13:54:31Z

Package trillian: Click to expand/collapse

Package trillian:
Unchanged

Package trillian-logserver: Click to expand/collapse

Package trillian-logserver:
Modified: /usr/bin/trillian_log_server

Package trillian-logsigner: Click to expand/collapse

Package trillian-logsigner:
Modified: /usr/bin/trillian_log_signer

bincapz found differences: Click to expand/collapse

Deleted: trillian-logserver/var/lib/db/sbom/trillian-logserver-1.6.0-r8.spdx.json [⚠️ MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	net/download	download files	downloadLocation
-LOW	ref/site/url	contains embedded HTTPS URLs	https://spdx.org/spdxdocs/chainguard/melange/e8ec453d7002aa4ab996ba778cc0

Deleted: trillian-logsigner/var/lib/db/sbom/trillian-logsigner-1.6.0-r8.spdx.json [⚠️ MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	net/download	download files	downloadLocation
-LOW	ref/site/url	contains embedded HTTPS URLs	https://spdx.org/spdxdocs/chainguard/melange/420884c6364ff4f4c65849b5b6e5

Deleted: trillian/var/lib/db/sbom/trillian-1.6.0-r8.spdx.json [⚠️ MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	net/download	download files	downloadLocation
-LOW	ref/site/url	contains embedded HTTPS URLs	https://spdx.org/spdxdocs/chainguard/melange/abc5670435c1c3a0d56b2434e5a6

Added: trillian-logserver/var/lib/db/sbom/trillian-logserver-1.6.1-r0.spdx.json [⚠️ MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/download	download files	downloadLocation
+LOW	ref/site/url	contains embedded HTTPS URLs	https://spdx.org/spdxdocs/chainguard/melange/3b8bfc9c89c1e0db19dc7cf0ba94

Added: trillian-logsigner/var/lib/db/sbom/trillian-logsigner-1.6.1-r0.spdx.json [⚠️ MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/download	download files	downloadLocation
+LOW	ref/site/url	contains embedded HTTPS URLs	https://spdx.org/spdxdocs/chainguard/melange/dc2ff3e2bb0d0e5ce1c00f002c64

Added: trillian/var/lib/db/sbom/trillian-1.6.1-r0.spdx.json [⚠️ MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/download	download files	downloadLocation
+LOW	ref/site/url	contains embedded HTTPS URLs	https://spdx.org/spdxdocs/chainguard/melange/4804019b72c1607b99eaf29efe09

philroche · 2024-08-29T15:15:29Z

Changes summay:
Total files changed: 44

Total changes: 3037
Total additions: 2191
Total deletions: 846

Total commits: 279

Bump google-auth-library from 9.5.0 to 9.6.0 in /scripts/gcb2slack ([Wolfi Package Request]: JWT_TOOL #3319)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-01-29T21:39:00Z
Bump google.golang.org/api from 0.159.0 to 0.160.0 (jwt_tool was added #3320)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-01-30T09:07:57Z
Bump alpine in /examples/deployment/docker/envsubst (ipfs/0.21.0 package update #3321)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-01-30T17:51:46Z
Bump cloud.google.com/go/spanner from 1.55.0 to 1.56.0 (kubernetes-ingress-defaultbackend/1.23.2 package update #3322)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-01-31T10:50:54Z
Bump go.etcd.io/etcd/v3 from 3.5.11 to 3.5.12 (wolfi-bot/perl #3327)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-01-31T23:58:53Z
Bump google.golang.org/api from 0.160.0 to 0.161.0 (nuclei/2.9.8 package update #3323)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-01T00:01:27Z
Bump nick-fields/retry from 2.9.0 to 3.0.0 (curl: split out rustls-ffi backend to its own dedicated package #3328)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-01T08:53:30Z
Bump golang in /examples/deployment/docker/db_client (ferretdb/1.5.0 package update #3329)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-01T22:07:11Z
Bump golang in /integration/cloudbuild/testbase (flux-source-controller/1.0.0 package update #3331)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-02T00:10:55Z
Bump golang in /examples/deployment/docker/log_signer (aws-c-s3/0.3.12 package update #3330)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-02T00:24:46Z
Bump golang in /examples/deployment/docker/log_server

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-01T21:52:38Z
Bump google-auth-library from 9.6.0 to 9.6.1 in /scripts/gcb2slack (hugo-extended/0.115.1 package update #3333)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-02T11:49:00Z
Bump google-auth-library from 9.6.1 to 9.6.2 in /scripts/gcb2slack (enable telnet #3334)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-03T09:16:37Z
Bump ubuntu in /examples/deployment/kubernetes/mysql/image (update ingress-nginx build to work with ingress-nginx image #3335)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-03T22:18:11Z
Bump distroless/base-debian12 in /examples/deployment/docker/log_server (Bump minio-client. #3336)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-03T23:29:04Z
Bump distroless/base-debian12 in /examples/deployment/docker/log_signer (zarf/0.28.1 package update #3337)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-05T00:37:17Z
Bump google.golang.org/api from 0.161.0 to 0.162.0 (kubevela/1.9.3 package update #3340)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-06T22:59:52Z
Bump actions/upload-artifact from 4.3.0 to 4.3.1 (flux-kustomize-controller/1.0.0 package update #3342)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-06T23:10:51Z
Bump kaniko to v1.20.0

Al Cutter ([email protected]) @ 2024-02-06T18:16:40Z
Bump golang.org/x/crypto from 0.18.0 to 0.19.0 (Add oranda tool #3347)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-08T08:26:37Z
Bump golang in /integration/cloudbuild/testbase (k8sgpt/0.3.9 package update #3346)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-08T09:35:09Z
Bump google-auth-library from 9.6.2 to 9.6.3 in /scripts/gcb2slack

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-07T22:04:45Z
Bump golang in /examples/deployment/docker/log_server

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-07T21:50:08Z
Bump golang in /examples/deployment/docker/log_signer

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-07T21:48:03Z
Bump golang in /examples/deployment/docker/db_client

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-07T21:43:46Z
Bump golangci/golangci-lint-action from 3.7.0 to 3.7.1

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-08T21:48:39Z
Bump google.golang.org/api from 0.162.0 to 0.163.0

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-08T21:46:26Z
Bump distroless/base-debian12 in /examples/deployment/docker/log_server (php/8.2.8 package update #3355)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-13T14:15:13Z
Bump distroless/base-debian12 in /examples/deployment/docker/log_signer

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-13T21:05:21Z
Bump golang in /integration/cloudbuild/testbase (Drop noexecheap from wayland-protocols #3361)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-14T16:01:16Z
Bump cloud.google.com/go/spanner from 1.56.0 to 1.57.0 (kaf/0.2.4 package update #3358)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-15T08:24:56Z
Bump github.com/apache/beam/sdks/v2 from 2.53.0 to 2.54.0 (deno/1.35.0 package update #3365)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-15T14:41:19Z
Bump google.golang.org/api from 0.163.0 to 0.165.0

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-15T08:26:27Z
Bump golang in /examples/deployment/docker/log_signer (Fix envoy build by pinning to gcc 12. #3357)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-15T20:30:51Z
Bump golang in /examples/deployment/docker/db_client (cython/0.29.36 package update #3362)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-15T22:30:39Z
Bump golang.org/x/tools from 0.17.0 to 0.18.0

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-15T15:45:14Z
Bump google.golang.org/grpc from 1.61.0 to 1.61.1 (Resolve vulnerabilities in paranoia #3364)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-16T17:40:15Z
Bump golang in /examples/deployment/docker/log_server (envoy/1.26.2 package update #3363)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-16T22:14:49Z
Bump github.com/prometheus/client_model from 0.5.0 to 0.6.0 (wolfi-bot/fuse3 #3367)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-16T23:06:27Z
Bump ubuntu in /examples/deployment/kubernetes/mysql/image (rabbitmq-server/3.12.1 package update #3368)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-17T01:01:41Z
Bump golang/govulncheck-action from 1.0.1 to 1.0.2 (move bash completions into separate subpackage #3369)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-21T21:54:20Z
Bump google.golang.org/api from 0.165.0 to 0.166.0 (Add sudo-rs package. #3370)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-21T22:17:56Z
Bump google.golang.org/grpc from 1.61.1 to 1.62.0 (wolfi-bot/nodejs-20 #3371)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-26T09:26:34Z
Bump google.golang.org/api from 0.166.0 to 0.167.0 (flux/2.0.0 package update #3374)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-26T09:53:41Z
Bump distroless/base-debian12 in /examples/deployment/docker/log_server

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-23T21:19:14Z
Bump distroless/base-debian12 in /examples/deployment/docker/log_signer (calico: remove nsswitch.conf from typhad package #3372)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-26T21:43:57Z
Bump golang.org/x/crypto from 0.19.0 to 0.20.0 (update libjpeg-turbo to 3.0.0 #3375)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-27T09:17:53Z
Bump distroless/base-debian12 in /examples/deployment/docker/log_signer (gcc-12: disable libcc1 #3377)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-28T14:04:06Z
Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 (skaffold/2.6.1 package update #3376)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-29T09:25:51Z
Bump distroless/base-debian12 in /examples/deployment/docker/log_signer (aws-c-mqtt/0.8.14 package update #3379)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-02-29T10:42:25Z
Bump golang.org/x/crypto from 0.20.0 to 0.21.0 (Add ocaml. #3380)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-05T09:23:48Z
Bump google.golang.org/api from 0.167.0 to 0.168.0 (gcc-12: add gcc-12-default package which can provide the gcc slot #3382)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-05T20:02:55Z
Bump go-version-input from 1.21.6 to 1.21.8 in govulncheck and bump google.golang.org/protobuf from 1.32.0 to 1.33.0 and bump github.com/golang/protobuf from 1.5.3 to 1.5.4 (ruff/0.0.277 package update #3393)

Roger Ng ([email protected]) @ 2024-03-07T18:30:00Z
Bump google.golang.org/grpc from 1.62.0 to 1.62.1 (argo-cd/2.7.7 package update #3385)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-07T19:00:59Z
Bump golang.org/x/tools from 0.18.0 to 0.19.0 (terragrunt/0.48.1 package update #3383)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-07T19:27:12Z
Bump cloud.google.com/go/spanner from 1.57.0 to 1.58.0 (Update images digests #3391)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-07T19:46:18Z
Bump golang in /integration/cloudbuild/testbase (Consolidate fluentd versions and track latest #3389)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-07T20:09:46Z
Bump ubuntu in /examples/deployment/kubernetes/mysql/image (Add fftw package and libsamplerate packages #3392)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-07T21:41:35Z
Bump golang in /examples/deployment/docker/log_server (envoy: use gcc 12 slot to build, instead of pinning #3387)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-08T08:16:25Z
Bump github.com/cockroachdb/cockroach-go/v2 from 2.3.6 to 2.3.7 (Add flac and libsndfile. #3390)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-08T08:47:10Z
Bump golang in /examples/deployment/docker/db_client (Add speexdsp library. #3388)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-08T10:02:13Z
Bump golang in /examples/deployment/docker/log_signer (zookeeper/3.8.2-0 package update #3386)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-08T10:13:28Z
Bump google.golang.org/api from 0.168.0 to 0.169.0 (comment grype scan results on PR, only works for PRs from … #3394)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-08T10:41:26Z
Bump distroless/base-debian12 in /examples/deployment/docker/log_server (weaviate/1.19.12 package update #3396)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-12T09:37:11Z
Bump github.com/go-sql-driver/mysql from 1.7.1 to 1.8.0 (kyverno/1.10.1 package update #3395)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-12T11:05:09Z
Bump distroless/base-debian12 in /examples/deployment/docker/log_signer (kubescape/2.3.7 package update #3397)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-12T12:39:06Z
Bump github.com/jackc/pgx/v4 from 4.18.1 to 4.18.2 (add node-problem-detector-compat #3398)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-12T17:00:27Z
Bump actions/checkout from 4.1.1 to 4.1.2 (Add ell and libical. #3401)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-12T23:19:40Z
Bump golang in /examples/deployment/docker/log_server (Add jack and sbc packages. #3399)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-13T09:12:39Z
Bump golang in /integration/cloudbuild/testbase (k8s-sidecar/1.24.6 package update #3403)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-13T09:49:38Z
Bump golang in /examples/deployment/docker/db_client (Add libasyncns package. #3402)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-13T09:49:58Z
Bump golang in /examples/deployment/docker/log_signer (Add libatomic_ops libasyncns and soxr packages. #3400)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-13T09:50:25Z
Bump google-auth-library from 9.6.3 to 9.7.0 in /scripts/gcb2slack (Add kube-fluentd-operator #3404)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-13T21:39:51Z
Bump cloud.google.com/go/spanner from 1.58.0 to 1.59.0 (Fix fftw and orc packages. #3405)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-14T00:21:41Z
Bump google.golang.org/api from 0.169.0 to 0.170.0 (fix the subpackage name #3406)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-15T10:58:46Z
Bump follow-redirects from 1.15.4 to 1.15.6 in /scripts/gcb2slack (Fix speex and speexdsp packages. #3407)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-15T18:19:02Z
Bump cloud.google.com/go/spanner from 1.59.0 to 1.60.0 (update ncurses-20230701 source #3408)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-20T11:24:38Z
Bump github.com/docker/docker (Rebuild the perl-xml-parser with the new build of perl. #3409)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-20T22:21:50Z
Bump google.golang.org/api from 0.170.0 to 0.171.0 (Adding php-igbinary PHP extension #3410)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-22T18:23:39Z
Bump github.com/go-sql-driver/mysql from 1.8.0 to 1.8.1 (tomcat/10.1.11 package update #3412)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-26T22:12:21Z
Bump express from 4.18.2 to 4.19.2 in /scripts/gcb2slack ([Wolfi Package Request]: pgbouncer #3413)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-27T08:37:53Z
Bump github.com/apache/beam/sdks/v2 from 2.54.0 to 2.55.0 (Add pulseaudio #3411)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-03-27T09:10:56Z
Bump go.etcd.io/etcd/v3 from 3.5.12 to 3.5.13 (ensures usr/lib exists for target of the usr/lib64 symlink #3415)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-01T22:34:52Z
Bump google.golang.org/api from 0.171.0 to 0.172.0 ([Wolfi Package Request]: pgcat #3414)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-01T22:37:46Z
Bump distroless/base-debian12 in /examples/deployment/docker/log_signer (py3-botocore/1.30.1 package update #3419)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-03T18:30:43Z
Bump distroless/base-debian12 in /examples/deployment/docker/log_server (mercurial/6.5 package update #3420)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-03T18:36:21Z
Bump golang in /examples/deployment/docker/db_client (skopeo/1.13.0 package update #3421)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-04T08:58:30Z
update govulncheck go version from 1.21.8 to 1.21.9 and bump golang.org/x/net from v0.22.0 to v0.23.0 (remediate some GHSAs in calico #3427)

phbnf ([email protected]) @ 2024-04-04T12:01:55Z
Bump golang in /integration/cloudbuild/testbase (weaviate/1.20.0 package update #3426)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-04T14:12:09Z
Bump github.com/prometheus/client_model from 0.6.0 to 0.6.1 (groff/1.23.0 package update #3422)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-04T16:05:44Z
Bump golang.org/x/sys from 0.18.0 to 0.19.0 (protobuf/3.23.4 package update #3428)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-05T09:56:53Z
Bump golang in /examples/deployment/docker/log_signer (calico: add flexvol.sh #3424)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-05T14:26:06Z
Bump golang in /examples/deployment/docker/log_server (aws-c-io/0.13.28 package update #3425)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-06T20:05:47Z
Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (karpenter/0.29.0 package update #3429)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-06T22:13:50Z
Bump golang.org/x/tools from 0.19.0 to 0.20.0 (build lua-lzlib with -fPIC #3432)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-08T08:47:39Z
Bump github.com/apache/beam/sdks/v2 from 2.55.0 to 2.55.1 (Add missing WOLFICTL to use the image #3433)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-09T09:13:05Z
Bump google.golang.org/grpc from 1.62.1 to 1.63.2 (Drop -i from docker run #3434)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-09T21:50:01Z
Bump golang in /examples/deployment/docker/log_signer (Try installing wolfictl from the latest SDK container instead #3437)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-11T07:57:20Z
Bump golang in /examples/deployment/docker/db_client (Makefile should fail when commands fail #3435)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-11T11:28:20Z
Bump golang in /integration/cloudbuild/testbase (more luajit fixes #3436)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-11T14:38:29Z
Bump golang in /examples/deployment/docker/log_server (Revert "makefile: use wolfictl -t name-version to speed up makefile performance 875x" #3439)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-11T22:01:27Z
Bump golang in /integration/cloudbuild/testbase (glibc enhancements #3440)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-12T09:06:18Z
Bump golang in /examples/deployment/docker/db_client (Upgrade guava dependency to resolve vulnerability #3442)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-12T10:09:06Z
Bump golang in /examples/deployment/docker/log_signer (Bump buck2 epoch and commit #3441)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-12T15:59:41Z
Bump golang in /examples/deployment/docker/log_server (Add cedar cli. #3443)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-12T18:59:23Z
Bump google-auth-library from 9.7.0 to 9.8.0 in /scripts/gcb2slack (jaeger-agent/1.47.0 package update #3444)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-16T08:54:28Z
Bump google.golang.org/api from 0.172.0 to 0.173.0 (pgcat: new package #3445)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-16T21:50:12Z
Bump ubuntu in /examples/deployment/kubernetes/mysql/image (Adding php-amqp #3446)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-16T22:27:01Z
Bump google.golang.org/api from 0.173.0 to 0.174.0 (fq/0.7.0 package update #3447)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-18T04:37:53Z
Bump actions/upload-artifact from 4.3.1 to 4.3.2 (remove unused packages.txt #3448)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-19T08:31:19Z
Bump google.golang.org/api from 0.174.0 to 0.175.0 (kube-fluentd-operator/1.17.4 package update #3449)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-20T08:11:05Z
Bump actions/checkout from 4.1.2 to 4.1.3 (add fluent-plugin-splunk-hec #3450)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-20T14:14:56Z
Replace prune-whitelist with prune-allowlist for kubectl command (graphviz switch libjpeg-dev to libjpeg-turbo-dev #3307)

Roger Ng ([email protected]) @ 2024-04-22T10:52:50Z
Bump actions/upload-artifact from 4.3.2 to 4.3.3 (Add eksctl package. #3451)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-22T21:56:40Z
Bump google.golang.org/api from 0.175.0 to 0.176.0 (haproxy-ingress/0.14.4 package update #3452)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-23T08:49:13Z
Bump google.golang.org/api from 0.176.0 to 0.176.1 (eksctl/0.148.0 package update #3453)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-24T08:30:40Z
Bump actions/checkout from 4.1.3 to 4.1.4 (fix kube-fluentd-operator config symlink + kube-fluentd-operator/1.17.4 package update #3455)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-25T03:15:42Z
Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 (Use the wolfictl in the SDK container we run inside #3460)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-26T03:01:59Z
Bump google-auth-library from 9.8.0 to 9.9.0 in /scripts/gcb2slack (kube-fluentd-operator/1.17.4 package update #3456)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-27T12:48:36Z
Bump golang in /integration/cloudbuild/testbase (only build graph via wolfictl when needed #3454)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-27T18:06:00Z
Bump golang in /examples/deployment/docker/db_client (Remedidate CVE-2022-40897 in k8s-sidecar #3457)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-27T21:20:14Z
Bump ubuntu in /examples/deployment/kubernetes/mysql/image (py3-botocore/1.31.0 package update #3461)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-28T09:42:32Z
Bump golang in /examples/deployment/docker/log_signer (dive/0.11.0 package update #3459)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-29T14:41:27Z
Bump golang in /examples/deployment/docker/log_server (vulkan-headers/1.3.257 package update #3458)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-29T15:24:09Z
Bump distroless/base-debian12 in /examples/deployment/docker/log_signer (wolfi-bot/libmilter #3463)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-30T12:13:56Z
Bump distroless/base-debian12 in /examples/deployment/docker/log_server (wolfi-bot/graphviz #3464)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-04-30T18:29:58Z
Bump cloud.google.com/go/spanner from 1.60.0 to 1.61.0 (goreleaser/1.19.2 package update #3468)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-01T11:16:06Z
Bump golangci/golangci-lint-action from 5.0.0 to 5.1.0 (perl-http-date/6.06 package update #3462)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-01T14:13:18Z
Bump @google-cloud/functions-framework in /scripts/gcb2slack (adds valgrind-3.21.0 #3465)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-01T22:22:19Z
Bump mysql from 8.3 to 8.4 in /examples/deployment/docker/db_server (kubernetes-ingress-defaultbackend/1.24.0 package update #3469)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-02T10:26:20Z
Bump actions/setup-go from 5.0.0 to 5.0.1 (guacamole-server: add libpulse support #3470)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-02T21:39:19Z
Bump ubuntu in /examples/deployment/kubernetes/mysql/image (Add aws-flb-cloudwatch and aws-flb-firehose #3471)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-02T22:42:21Z
Bump github.com/apache/beam/sdks/v2 from 2.55.1 to 2.56.0 (Adds aws-flb-kinesis #3472)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-02T23:38:01Z
Bump github.com/cockroachdb/cockroach-go/v2 from 2.3.7 to 2.3.8 (Add aws-for-fluent-bit #3473)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-04T20:20:52Z
Bump distroless/base-debian12 in /examples/deployment/docker/log_signer (workflows: push-production: explicitly call "make all" due to GNU make bug #3474)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-07T09:19:37Z
Bump golangci/golangci-lint-action from 5.1.0 to 5.3.0 (rqlite/7.21.3 package update #3479)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-07T09:45:36Z
Bump golang.org/x/crypto from 0.22.0 to 0.23.0 (Fix CVE-2023-32731 in pulumi packages #3476)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-07T10:15:07Z
Bump distroless/base-debian12 in /examples/deployment/docker/log_server (vim/9.0.1676 package update #3480)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-07T10:44:41Z
Bump golang in /integration/cloudbuild/testbase (rqlite/7.21.4 package update #3482)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-07T21:53:01Z
Bump golang in /examples/deployment/docker/log_server (aws-c-s3/0.3.13 package update #3481)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-08T09:03:35Z
Bump go-version-input to 1.21.10 in govulncheck.yml (wolfi-bot/zlib #3488)

Roger Ng ([email protected]) @ 2024-05-08T10:33:16Z
Bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (kube-fluentd-operator: include kube-fluentd-operator config reloader … #3475)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-08T14:59:24Z
Bump google.golang.org/api from 0.176.1 to 0.178.0 (py3-botocore/1.31.1 package update #3484)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-08T15:14:26Z
Bump github.com/fullstorydev/grpcurl from 1.8.9 to 1.9.1 (makefile: use wolfictl -t name-version to speed up makefile performance 875x #3438)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-08T15:52:13Z
Bump actions/checkout from 4.1.4 to 4.1.5 (Update images digests #3478)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-08T15:56:33Z
Bump golang.org/x/tools from 0.20.0 to 0.21.0 (py3-charset-normalizer/3.2.0 package update #3485)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-08T16:21:19Z
Bump golang in /examples/deployment/docker/db_client (wolfi-bot/mpfr #3487)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-08T16:25:50Z
Bump golang in /examples/deployment/docker/log_signer (graphviz/8.1.0 package update #3483)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-08T16:32:49Z
Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (hugo-extended/0.115.2 package update #3490)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-08T16:43:00Z
Fix invalid Go toolchain version (harfbuzz/8.0.0 package update #3491)

Roger Ng ([email protected]) @ 2024-05-09T08:48:43Z
Add instructions for using docker to regen derived files (hugo/0.115.2 package update #3489)

Martin Hutchinson ([email protected]) @ 2024-05-09T09:45:59Z
Bump ossf/scorecard-action from 2.3.1 to 2.3.3 (clickhouse/23.6.2.18 package update #3492)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-09T21:48:42Z
Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 (vim/9.0.1677 package update #3493)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-09T22:12:07Z
Bump google.golang.org/api from 0.178.0 to 0.180.0 (dgraph/23.0.1 package update #3494)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-11T22:00:28Z
Bump google-auth-library from 9.9.0 to 9.10.0 in /scripts/gcb2slack (kube-fluentd-operator fix symlinks + add more runtime deps #3495)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-14T08:14:10Z
Bump golang in /integration/cloudbuild/testbase (iperf3/3.14 package update #3496)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-14T22:27:25Z
Bump golang in /examples/deployment/docker/log_server (sbt/1.9.2 package update #3497)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-14T23:31:20Z
Bump golang in /examples/deployment/docker/log_signer (kube-fluentd-operator: remove unnecessary files from final package #3498)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-15T07:10:10Z
Bump golang in /examples/deployment/docker/db_client (flux-source-controller/1.0.1 package update #3499)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-15T09:30:50Z
Bump golang in /examples/deployment/docker/db_client (flux-kustomize-controller/1.0.1 package update #3501)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-15T23:13:29Z
Bump golang in /examples/deployment/docker/log_server (flux-image-reflector-controller/0.29.1 package update #3500)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-16T07:43:33Z
Bump golang in /integration/cloudbuild/testbase (Remedidate CVE-2023-1428 and CVE-2023-32732 in kube-fluentd-operator #3505)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-16T08:59:06Z
Bump golang in /examples/deployment/docker/log_signer (redis/7.0.12 package update #3502)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-16T09:32:28Z
Bump cloud.google.com/go/spanner from 1.61.0 to 1.62.0 (gradle-8/8.2.1 package update #3504)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-16T10:10:57Z
Bump google.golang.org/api from 0.180.0 to 0.181.0 (Provide developers a means of seeing "estimated build times" for each package #3506)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-17T09:56:14Z
Bump actions/checkout from 4.1.5 to 4.1.6 (telegraf/1.27.2 package update #3508)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-17T14:10:07Z
Bump golang in /examples/deployment/docker/db_client (kube-fluentd-operator/1.17.5 package update #3507)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-17T17:44:10Z
Bump golang in /integration/cloudbuild/testbase (vulkan-loader/1.3.257 package update #3510)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-18T20:30:47Z
Bump golang in /examples/deployment/docker/log_server (ruby3.0-bundler/2.4.16 package update #3511)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-18T22:17:37Z
Bump github/codeql-action from 2.13.4 to 3.25.5 (aws-efs-csi-driver/1.5.8 package update #3512)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-19T11:18:26Z
Bump golang in /examples/deployment/docker/log_signer (aws-c-http/0.7.11 package update #3509)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-19T15:16:37Z
Bump github/codeql-action from 3.25.5 to 3.25.6 (ruby3.1-bundler/2.4.16 package update #3513)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-21T12:26:44Z
Bump alpine from 3.19 to 3.20 in /examples/deployment/docker/envsubst (ruby3.2-bundler/2.4.16 package update #3514)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-23T06:47:00Z
Remove @pphaneuf from CODEOWNERS (libbpf/1.2.1 package update #3516)

Roger Ng ([email protected]) @ 2024-05-28T09:04:59Z
Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (redis-6.2/6.2.13 package update #3503)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-29T17:42:27Z
Bump cloud.google.com/go/spanner from 1.62.0 to 1.63.0 (Update zip.yaml #3515)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-29T20:44:55Z
Bump google.golang.org/api from 0.181.0 to 0.182.0 (Override exa binary #3517)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-29T22:01:33Z
Bump go.etcd.io/etcd/v3 from 3.5.13 to 3.5.14 (wasm-tools/1.0.36 package update #3520)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-05-30T09:27:45Z
Bump github/codeql-action from 3.25.6 to 3.25.7 (cri-tools/1.27.1 package update #3523)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-02T21:18:45Z
Bump golang/govulncheck-action from 1.0.2 to 1.0.3 (cadvisor/0.47.3 package update #3524)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-04T08:19:45Z
Bump the version of go used by the vuln scanner (go-1.19/1.19.11 package update #3536)

Martin Hutchinson ([email protected]) @ 2024-06-05T09:13:34Z
Group dependabot updates together (go-fips-1.19/1.19.11 package update #3535)

Martin Hutchinson ([email protected]) @ 2024-06-05T13:27:56Z
Bump ubuntu (dag-push-production: bump pending timeout to 20min #3537)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-05T15:41:49Z
Bump the go-deps group with 8 updates (add ruby3.2-fluent-plugin-splunk-hec and package runtime deps #3538)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-06T09:53:52Z
Bump github/codeql-action from 3.25.7 to 3.25.8 (cilium-cli/0.15.1 package update #3534)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-08T19:45:13Z
Bump golang in /integration/cloudbuild/testbase (wolfi-bot/openldap #3533)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-08T20:05:00Z
Bump golang in /examples/deployment/docker/log_server (add splunk-hec-gems deps #3526)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-10T02:21:08Z
Bump golang in /examples/deployment/docker/log_signer (jenkins/2.414 package update #3528)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-10T09:12:29Z
Bump golang in /examples/deployment/docker/db_client (adds ruby deps for ruby-splunk-hec #3527)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-10T09:12:46Z
Bump golang (yq/4.34.2 package update #3545)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-18T10:27:20Z
Bump golang (kubevela/1.9.4 package update #3544)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-18T10:27:30Z
Bump golang (Update images digests #3543)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-18T11:14:54Z
Bump the github-actions-deps group with 2 updates (Fix runtime for aws-for-fluent-bit #3540)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-18T13:51:24Z
Bump google-auth-library from 9.10.0 to 9.11.0 in /scripts/gcb2slack (Fix symlink for aws-for-fluent-bit-compat #3539)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-18T13:54:58Z
Bump golang in /integration/cloudbuild/testbase in the docker-deps group (libbpf/1.2.2 package update #3542)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-18T14:48:03Z
Bump alpine (harfbuzz/8.0.1 package update #3546)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-25T06:40:15Z
Bump the go-deps group across 1 directory with 7 updates (nri-prometheus/2.18.5 package update #3547)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-06-25T13:00:20Z
Bump the go-deps group with 5 updates (aws-ebs-csi-driver/1.21.0 package update #3550)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-02T08:45:26Z
Bump github/codeql-action in the github-actions-deps group (bump epochs on packages dependent on Go #3549)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-02T08:45:39Z
Bump the version of go, and make vuln check share version (fix CVEs in argocd #3551)

Martin Hutchinson ([email protected]) @ 2024-07-04T10:33:06Z
Bump golang in /integration/cloudbuild/testbase in the docker-deps group (cilium-cli/0.15.2 package update #3552)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-09T08:05:15Z
Bump actions/upload-artifact in the github-actions-deps group (nghttp2/1.55.0 package update #3556)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-09T09:25:30Z
Bump golang (libva/2.19.0 package update #3559)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-09T09:38:25Z
Don't bump to MySQL 9 until we explicitly choose to (krb5/1.21.1-final new package update #3560)

Martin Hutchinson ([email protected]) @ 2024-07-09T09:41:21Z
Bump the docker-deps group (eksctl/0.149.0 package update #3554)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-09T09:55:30Z
Bump ubuntu (py3-botocore/1.31.2 package update #3558)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-09T10:38:12Z
Bump the docker-deps group (openldap/2.6.5 package update #3555)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-09T18:18:01Z
Bump the go-deps group with 5 updates (libnftnl/1.2.6 package update #3557)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-09T18:21:13Z
Bump the go-deps group with 4 updates (ruff/0.0.278 package update #3564)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-15T23:40:57Z
Bump @google-cloud/functions-framework in /scripts/gcb2slack (syft/0.85.0 package update #3563)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-16T04:11:39Z
Bump the github-actions-deps group with 2 updates (spicedb/1.23.0 package update #3562)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-16T09:30:41Z
Bump the go-deps group with 7 updates (zarf/0.28.2 package update #3565)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-23T08:19:23Z
Bump alpine (buildkitd/0.12.0 package update #3567)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-23T10:18:34Z
Bump github/codeql-action in the github-actions-deps group (go-1.21: Add missing go.env file #3566)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-24T08:36:00Z
Bump golang (aws-load-balancer-controller/2.5.4 package update #3569)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-29T22:56:12Z
Bump golang in /integration/cloudbuild/testbase in the docker-deps group (k8s-sidecar/1.25.0 package update #3576)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-30T08:47:31Z
Bump alpine (fluent-bit/2.1.7 package update #3571)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-30T08:47:40Z
Bump golang (esbuild/0.18.12 package update #3573)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-30T08:57:45Z
Bump the go-deps group with 3 updates (conda/23.5.1 package update #3568)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-30T09:21:09Z
Bump the github-actions-deps group with 2 updates (deno/1.35.1 package update #3572)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-30T09:21:35Z
Bump @google-cloud/functions-framework in /scripts/gcb2slack (newrelic-infrastructure-agent/1.44.0 package update #3574)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-30T23:24:21Z
Bump golang (pulumi/3.75.0 package update #3570)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-31T09:03:12Z
Bump google-auth-library from 9.11.0 to 9.12.0 in /scripts/gcb2slack (weaviate/1.20.1 package update #3575)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-07-31T12:50:59Z
Upgrade to go-licenses v2 (newrelic-infrastructure-bundle/3.2.10 package update #3578)

Martin Hutchinson ([email protected]) @ 2024-08-01T08:50:48Z
Bump github.com/docker/docker in the go_modules group (new package: ko-fips #3579)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-02T12:15:48Z
Bump the github-actions-deps group with 2 updates (calico: bump epoch to pick up new runtime deps #3582)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-06T08:25:43Z
Bump google-auth-library from 9.12.0 to 9.13.0 in /scripts/gcb2slack (rust/1.71.0 package update #3583)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-06T08:56:39Z
Don't update to MySQL 9.0 (conda/23.5.2 package update #3584)

Martin Hutchinson ([email protected]) @ 2024-08-06T10:23:13Z
Bump the go-deps group with 6 updates (reliably build and test building wolfi from scratch #3580)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-06T10:35:10Z
Bump golang in /integration/cloudbuild/testbase in the docker-deps group (wolfi-bot/pixman #3586)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-13T09:14:05Z
Bump the go-deps group with 6 updates (hugo-extended/0.115.3 package update #3590)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-13T09:29:44Z
Bump golang (grype/0.64.0 package update #3588)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-13T10:40:41Z
Bump the github-actions-deps group with 2 updates (wolfi-bot/perl-file-listing #3587)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-13T11:18:27Z
Bump golang (hugo/0.115.3 package update #3589)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-13T12:33:16Z
Bump golang (DNM See if perl is really busted #3591)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-13T14:01:28Z
Add MySQL TLS support (helm/3.12.2 package update #3593)

Firas Ghanmi ([email protected]) @ 2024-08-16T16:40:46Z
Bump ubuntu (nats-server/2.9.20 package update #3595)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-20T09:34:38Z
Bump golang in /integration/cloudbuild/testbase in the docker-deps group (ruby3.2-fluentd/1.16.2 package update #3601)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-20T09:35:53Z
Bump golang (secrets-store-csi-driver-provider-aws/0.3.4 package update #3594)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-20T09:55:43Z
Bump @slack/webhook from 7.0.2 to 7.0.3 in /scripts/gcb2slack (luajit: fix search path #3596)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-20T09:56:11Z
Bump github/codeql-action in the github-actions-deps group (nvidia-device-plugin/0.14.1 package update #3599)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-20T09:58:13Z
Bump golang (esbuild/0.18.12 package update #3598)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-20T09:59:00Z
Bump golang (newrelic-infrastructure-bundle/3.2.10 package update #3600)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-20T10:05:35Z
Bump the go-deps group with 4 updates (powershell/7.3.6 package update #3597)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-20T14:06:54Z
Bump go version to 1.22.6 (buildkitd/0.12.0 package update #3602)

Roger Ng ([email protected]) @ 2024-08-22T09:44:40Z
Bump the go-deps group with 6 updates (cilium-cli/0.15.2 package update #3606)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-26T22:25:09Z
Bump google-auth-library from 9.13.0 to 9.14.0 in /scripts/gcb2slack (weaviate/1.20.1 package update #3604)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-27T07:59:37Z
Bump github/codeql-action in the github-actions-deps group (spicedb/1.23.0 package update #3605)

dependabot[bot] (49699333+dependabot[bot]@users.noreply.github.com) @ 2024-08-27T11:01:54Z
dedup leafidentityhash values ahead of SQL lookup of existing leaves (terraform/1.5.3 package update #3607)

Bob Callaway ([email protected]) @ 2024-08-27T17:36:57Z
Update changelog for v1.6.1 release (aws-load-balancer-controller/2.5.4 package update #3608)

Roger Ng ([email protected]) @ 2024-08-28T13:08:14Z

GitHub compare URL: google/trillian@aa8c9dc...68ab90c

philroche

This is a patch version bump.

All checks pass.

trillian/1.6.1 package update

bec2282

Signed-off-by: wolfi-bot <[email protected]>

octo-sts bot added request-version-update request for a newer version of a package automated pr labels Aug 28, 2024

octo-sts bot added service:bincapz/pass tests/missing labels Aug 28, 2024

philroche self-assigned this Aug 29, 2024

philroche approved these changes Aug 29, 2024

View reviewed changes

philroche merged commit 2885466 into main Aug 29, 2024

philroche deleted the wolfictl-d3a5448d-d5a6-4dcf-8e1c-0c95c5ed40b8 branch August 29, 2024 15:16

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

trillian/1.6.1 package update #27252

trillian/1.6.1 package update #27252

Uh oh!

octo-sts bot commented Aug 28, 2024

Uh oh!

github-actions bot commented Aug 28, 2024

Deleted: trillian-logserver/var/lib/db/sbom/trillian-logserver-1.6.0-r8.spdx.json [⚠️ MEDIUM]

Deleted: trillian-logsigner/var/lib/db/sbom/trillian-logsigner-1.6.0-r8.spdx.json [⚠️ MEDIUM]

Deleted: trillian/var/lib/db/sbom/trillian-1.6.0-r8.spdx.json [⚠️ MEDIUM]

Added: trillian-logserver/var/lib/db/sbom/trillian-logserver-1.6.1-r0.spdx.json [⚠️ MEDIUM]

Added: trillian-logsigner/var/lib/db/sbom/trillian-logsigner-1.6.1-r0.spdx.json [⚠️ MEDIUM]

Added: trillian/var/lib/db/sbom/trillian-1.6.1-r0.spdx.json [⚠️ MEDIUM]

Uh oh!

philroche commented Aug 29, 2024

Uh oh!

philroche left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

trillian/1.6.1 package update #27252

trillian/1.6.1 package update #27252

Uh oh!

Conversation

octo-sts bot commented Aug 28, 2024

Uh oh!

github-actions bot commented Aug 28, 2024

Deleted: trillian-logserver/var/lib/db/sbom/trillian-logserver-1.6.0-r8.spdx.json [⚠️ MEDIUM]

Deleted: trillian-logsigner/var/lib/db/sbom/trillian-logsigner-1.6.0-r8.spdx.json [⚠️ MEDIUM]

Deleted: trillian/var/lib/db/sbom/trillian-1.6.0-r8.spdx.json [⚠️ MEDIUM]

Added: trillian-logserver/var/lib/db/sbom/trillian-logserver-1.6.1-r0.spdx.json [⚠️ MEDIUM]

Added: trillian-logsigner/var/lib/db/sbom/trillian-logsigner-1.6.1-r0.spdx.json [⚠️ MEDIUM]

Added: trillian/var/lib/db/sbom/trillian-1.6.1-r0.spdx.json [⚠️ MEDIUM]

Uh oh!

philroche commented Aug 29, 2024

Uh oh!

philroche left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants