diff --git a/Makefile b/Makefile index 7531da89d52..dc396e89572 100644 --- a/Makefile +++ b/Makefile @@ -25,6 +25,7 @@ MELANGE_OPTS += ${MELANGE_EXTRA_OPTS} # Enter interactive mode on failure for debug MELANGE_DEBUG_OPTS += --interactive +MELANGE_DEBUG_OPTS += --debug MELANGE_DEBUG_OPTS += --package-append apk-tools MELANGE_DEBUG_OPTS += ${MELANGE_OPTS} diff --git a/age.yaml b/age.yaml index 76227b3cb6f..ccb121780bb 100644 --- a/age.yaml +++ b/age.yaml @@ -1,7 +1,7 @@ package: name: age version: 1.2.0 - epoch: 2 + epoch: 3 description: A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability. copyright: - license: BSD-3-Clause @@ -13,6 +13,10 @@ pipeline: tag: v${{package.version}} expected-commit: bbe6ce5eeb1bb70cfc705d0961c943f0dd637ffd + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./cmd/age/ diff --git a/airflow.yaml b/airflow.yaml index bb529098ae5..6f6496ec280 100644 --- a/airflow.yaml +++ b/airflow.yaml @@ -1,7 +1,7 @@ package: name: airflow version: 2.10.3 - epoch: 0 + epoch: 1 description: Platform to programmatically author, schedule, and monitor workflows options: # There is a dependency on libarrow.so although it @@ -75,6 +75,10 @@ pipeline: # The tldr; For that case it is not needed in runtime. ./venv/bin/pip uninstall --yes setuptools + #GHSA-8w49-h785-mj3c/GHSA-8495-4g3g-x7pr/GHSA-27mf-ghqm-j3j8 fixes + ./venv/bin/pip install aiohttp==3.10.11 + ./venv/bin/pip install tornado==6.4.2 + - working-directory: venv/lib/python3.12/site-packages/airflow/www runs: | # front-end build diff --git a/apicurio-registry.yaml b/apicurio-registry.yaml index 017b9f46489..a67cf52adc3 100644 --- a/apicurio-registry.yaml +++ b/apicurio-registry.yaml @@ -1,6 +1,6 @@ package: name: apicurio-registry - version: 3.0.5 + version: 3.0.6 epoch: 0 description: An API/Schema registry - stores APIs and Schemas copyright: @@ -32,7 +32,7 @@ pipeline: with: repository: https://github.com/Apicurio/apicurio-registry tag: v${{package.version}} - expected-commit: c17f6e85d4d3839db515294eeeb12b10b2ea2304 + expected-commit: 779f0994a1de5ebd48f617f476f3e3b7c5a36e48 - uses: patch with: diff --git a/atlantis.yaml b/atlantis.yaml index efba5d7267d..0a487692947 100644 --- a/atlantis.yaml +++ b/atlantis.yaml @@ -1,7 +1,7 @@ package: name: atlantis version: 0.31.0 - epoch: 0 + epoch: 1 description: Terraform Pull Request Automation copyright: - license: Apache-2.0 @@ -26,6 +26,11 @@ pipeline: tag: v${{package.version}} expected-commit: 245044c17fe85f7330c0a1cca919e7bf3bd52c4d + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + modroot: . + - uses: go/build with: modroot: . diff --git a/authservice.yaml b/authservice.yaml index 80408912e70..5d3e2db16f2 100644 --- a/authservice.yaml +++ b/authservice.yaml @@ -1,7 +1,7 @@ package: name: authservice version: 1.0.3 - epoch: 0 + epoch: 1 description: Move OIDC token acquisition out of your app code and into the Istio mesh copyright: - license: Apache-2.0 @@ -17,6 +17,10 @@ pipeline: repository: https://github.com/istio-ecosystem/authservice tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./cmd diff --git a/aws-c-auth.yaml b/aws-c-auth.yaml index 563973c8943..31f71fc166d 100644 --- a/aws-c-auth.yaml +++ b/aws-c-auth.yaml @@ -1,7 +1,7 @@ package: name: aws-c-auth version: 0.8.0 - epoch: 0 + epoch: 1 description: "C99 library implementation of AWS client-side authentication: standard credentials providers and signing" copyright: - license: Apache-2.0 @@ -64,14 +64,10 @@ subpackages: description: aws-c-auth dev test: - environment: - contents: - packages: - - posix-libc-utils pipeline: - - name: "Verify shared library dependencies" - runs: | - ldd /usr/lib/libaws-c-auth.so.1.0.0 + - uses: test/ldd-check + with: + files: /usr/lib/libaws-c-auth.so.1.0.0 update: enabled: true diff --git a/aws-c-cal.yaml b/aws-c-cal.yaml index 8062bd25bc7..f9b58e3037b 100644 --- a/aws-c-cal.yaml +++ b/aws-c-cal.yaml @@ -1,7 +1,7 @@ package: name: aws-c-cal version: 0.8.1 - epoch: 0 + epoch: 1 description: "AWS Crypto Abstraction Layer: Cross-Platform, C99 wrapper for cryptography primitives" copyright: - license: Apache-2.0 @@ -58,14 +58,10 @@ subpackages: description: aws-c-cal dev test: - environment: - contents: - packages: - - posix-libc-utils pipeline: - - name: "Verify shared library dependencies" - runs: | - ldd /usr/lib/libaws-c-cal.so.1.0.0 + - uses: test/ldd-check + with: + files: /usr/lib/libaws-c-cal.so.1.0.0 update: enabled: true diff --git a/aws-c-common.yaml b/aws-c-common.yaml index 4ac8610b293..16cf77ace2f 100644 --- a/aws-c-common.yaml +++ b/aws-c-common.yaml @@ -1,7 +1,7 @@ package: name: aws-c-common version: 0.10.6 - epoch: 0 + epoch: 1 description: Core c99 package for AWS SDK for C including cross-platform primitives, configuration, data structures, and error handling copyright: - license: Apache-2.0 @@ -57,14 +57,10 @@ subpackages: description: aws-c-common dev test: - environment: - contents: - packages: - - posix-libc-utils pipeline: - - name: "Verify shared library dependencies" - runs: | - ldd /usr/lib/libaws-c-common.so.1.0.0 + - uses: test/ldd-check + with: + files: /usr/lib/libaws-c-common.so.1.0.0 update: enabled: true diff --git a/aws-c-compression.yaml b/aws-c-compression.yaml index 3b088a9f0a3..0213999e0d8 100644 --- a/aws-c-compression.yaml +++ b/aws-c-compression.yaml @@ -1,7 +1,7 @@ package: name: aws-c-compression version: 0.3.0 - epoch: 0 + epoch: 1 description: C99 implementation of huffman encoding/decoding copyright: - license: Apache-2.0 @@ -54,14 +54,10 @@ subpackages: description: aws-c-compression dev test: - environment: - contents: - packages: - - posix-libc-utils pipeline: - - name: "Verify shared library dependencies" - runs: | - ldd /usr/lib/libaws-c-compression.so.1.0.0 + - uses: test/ldd-check + with: + files: /usr/lib/libaws-c-compression.so.1.0.0 update: enabled: true diff --git a/aws-c-event-stream.yaml b/aws-c-event-stream.yaml index 5c3eb8b3881..b385699bb39 100644 --- a/aws-c-event-stream.yaml +++ b/aws-c-event-stream.yaml @@ -1,7 +1,7 @@ package: name: aws-c-event-stream version: 0.5.0 - epoch: 0 + epoch: 1 description: "AWS C99 implementation of the vnd.amazon.eventstream content-type" copyright: - license: Apache-2.0 @@ -62,14 +62,10 @@ subpackages: description: aws-c-event-stream dev test: - environment: - contents: - packages: - - posix-libc-utils pipeline: - - name: "Verify shared library dependencies" - runs: | - ldd /usr/lib/libaws-c-event-stream.so.1.0.0 + - uses: test/ldd-check + with: + files: /usr/lib/libaws-c-event-stream.so.1.0.0 update: enabled: true diff --git a/aws-c-http.yaml b/aws-c-http.yaml index 3c1f798288a..dd78cc97bbe 100644 --- a/aws-c-http.yaml +++ b/aws-c-http.yaml @@ -1,7 +1,7 @@ package: name: aws-c-http version: 0.9.2 - epoch: 0 + epoch: 1 description: AWS C99 implementation of the HTTP/1.1 and HTTP/2 specifications copyright: - license: Apache-2.0 @@ -61,14 +61,10 @@ subpackages: description: aws-c-http dev test: - environment: - contents: - packages: - - posix-libc-utils pipeline: - - name: "Verify shared library dependencies" - runs: | - ldd /usr/lib/libaws-c-http.so.1.0.0 + - uses: test/ldd-check + with: + files: /usr/lib/libaws-c-http.so.1.0.0 update: enabled: true diff --git a/aws-c-mqtt.yaml b/aws-c-mqtt.yaml index 074b7d6ff0d..77c6bd24de1 100644 --- a/aws-c-mqtt.yaml +++ b/aws-c-mqtt.yaml @@ -1,7 +1,7 @@ package: name: aws-c-mqtt version: 0.11.0 - epoch: 0 + epoch: 1 description: AWS C99 implementation of the MQTT 3.1.1 specification copyright: - license: Apache-2.0 @@ -79,12 +79,11 @@ test: - aws-c-io-dev - build-base - gcc - - posix-libc-utils - aws-c-mqtt-dev pipeline: - - name: "Verify shared library dependencies" - runs: | - ldd /usr/lib/libaws-c-mqtt.so.1.0.0 + - uses: test/ldd-check + with: + files: /usr/lib/libaws-c-mqtt.so.1.0.0 - name: "Compile simple MQTT test program" runs: | cat << 'EOF' > test.c diff --git a/aws-c-s3.yaml b/aws-c-s3.yaml index 19e5c68279f..30cc87f9244 100644 --- a/aws-c-s3.yaml +++ b/aws-c-s3.yaml @@ -74,14 +74,10 @@ subpackages: description: aws-c-s3 dev test: - environment: - contents: - packages: - - posix-libc-utils pipeline: - - name: "Verify shared library dependencies" - runs: | - ldd /usr/lib/libaws-c-s3.so.1.0.0 + - uses: test/ldd-check + with: + files: /usr/lib/libaws-c-s3.so.1.0.0 update: enabled: true diff --git a/aws-c-sdkutils.yaml b/aws-c-sdkutils.yaml index ab686d22c5c..a43d1bb4b88 100644 --- a/aws-c-sdkutils.yaml +++ b/aws-c-sdkutils.yaml @@ -57,14 +57,10 @@ subpackages: description: aws-c-sdkutils dev test: - environment: - contents: - packages: - - posix-libc-utils pipeline: - - name: "Verify shared library dependencies" - runs: | - ldd /usr/lib/libaws-c-sdkutils.so.1.0.0 + - uses: test/ldd-check + with: + files: /usr/lib/libaws-c-sdkutils.so.1.0.0 update: enabled: true diff --git a/aws-checksums.yaml b/aws-checksums.yaml index d925403c4cf..c5b67f7a447 100644 --- a/aws-checksums.yaml +++ b/aws-checksums.yaml @@ -57,14 +57,10 @@ subpackages: description: aws-checksums dev test: - environment: - contents: - packages: - - posix-libc-utils pipeline: - - name: "Verify shared library dependencies" - runs: | - ldd /usr/lib/libaws-checksums.so.1.0.0 + - uses: test/ldd-check + with: + files: /usr/lib/libaws-checksums.so.1.0.0 update: enabled: true diff --git a/aws-eks-pod-identity-agent.yaml b/aws-eks-pod-identity-agent.yaml index f90d17c3795..6772604ef01 100644 --- a/aws-eks-pod-identity-agent.yaml +++ b/aws-eks-pod-identity-agent.yaml @@ -1,7 +1,7 @@ #nolint:git-checkout-must-use-github-updates,valid-pipeline-git-checkout-tag package: name: aws-eks-pod-identity-agent - version: 0_git20241212 + version: 0_git20241213 epoch: 0 description: EKS Pod Identity is a feature of Amazon EKS that simplifies the process for cluster administrators to configure Kubernetes applications with AWS IAM permissions copyright: diff --git a/azuredisk-csi-1.31.yaml b/azuredisk-csi-1.31.yaml index 2e2b75d9f11..2390947b70e 100644 --- a/azuredisk-csi-1.31.yaml +++ b/azuredisk-csi-1.31.yaml @@ -1,7 +1,7 @@ package: name: azuredisk-csi-1.31 version: 1.31.1 - epoch: 0 + epoch: 1 description: Azure Disk CSI Driver copyright: - license: Apache-2.0 @@ -29,6 +29,10 @@ pipeline: repository: https://github.com/kubernetes-sigs/azuredisk-csi-driver tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: ldflags: | diff --git a/bank-vaults.yaml b/bank-vaults.yaml index a1b358427d2..b47bb44d951 100644 --- a/bank-vaults.yaml +++ b/bank-vaults.yaml @@ -1,7 +1,7 @@ package: name: bank-vaults version: 1.20.4 - epoch: 20 + epoch: 21 description: A Vault swiss-army knife. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). copyright: - license: Apache-2.0 @@ -25,7 +25,7 @@ pipeline: - uses: go/bump with: # CVE-2023-39325 and CVE-2023-3978 - deps: google.golang.org/grpc@v1.56.3 golang.org/x/crypto@v0.17.0 github.com/go-jose/go-jose/v3@v3.0.3 google.golang.org/protobuf@v1.33.0 golang.org/x/net@v0.23.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.6.0 github.com/hashicorp/go-retryablehttp@v0.7.7 github.com/golang-jwt/jwt/v4@v4.5.1 + deps: google.golang.org/grpc@v1.56.3 github.com/go-jose/go-jose/v3@v3.0.3 google.golang.org/protobuf@v1.33.0 golang.org/x/net@v0.23.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.6.0 github.com/hashicorp/go-retryablehttp@v0.7.7 github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 replaces: github.com/go-jose/go-jose/v3=github.com/go-jose/go-jose/v3@v3.0.3 - uses: go/build diff --git a/boost.yaml b/boost.yaml index 55efa9c6db3..934f2d6268e 100644 --- a/boost.yaml +++ b/boost.yaml @@ -1,7 +1,7 @@ package: name: boost - version: 1.86.0 - epoch: 2 + version: 1.87.0 + epoch: 0 description: "Free peer-reviewed portable C++ source libraries" copyright: - license: "BSL-1.0" @@ -59,13 +59,7 @@ pipeline: - uses: fetch with: uri: https://boostorg.jfrog.io/artifactory/main/release/${{package.version}}/source/boost_${{vars.mangled-package-version}}.tar.gz - expected-sha256: 2575e74ffc3ef1cd0babac2c1ee8bdb5782a0ee672b1912da40e5b4b591ca01f - - # Apply patches to fix build https://github.com/boostorg/bcp/pull/18 - - runs: | - cd ./tools/bcp - patch -p1 < ../../c98516b5b76e9132eba78a399af9c95ec8d23bd4.patch - patch -p1 < ../../cd21e9b4a749a77c24facf2da44f01e032c40842.patch + expected-sha256: f55c340aa49763b1925ccf02b2e83f35fdcf634c9d5164a2acb87540173c741d - runs: | abiflags="$(python3-config --abiflags)" diff --git a/boost/c98516b5b76e9132eba78a399af9c95ec8d23bd4.patch b/boost/c98516b5b76e9132eba78a399af9c95ec8d23bd4.patch deleted file mode 100644 index 2f0f6252ff8..00000000000 --- a/boost/c98516b5b76e9132eba78a399af9c95ec8d23bd4.patch +++ /dev/null @@ -1,62 +0,0 @@ -From c98516b5b76e9132eba78a399af9c95ec8d23bd4 Mon Sep 17 00:00:00 2001 -From: Andrey Semashev -Date: Sun, 24 Mar 2024 15:43:33 +0300 -Subject: [PATCH] Updated list of special dependencies. - ---- - add_path.cpp | 16 ++++++---------- - 1 file changed, 6 insertions(+), 10 deletions(-) - -diff --git a/add_path.cpp b/add_path.cpp -index 747bb8c..9ae43c9 100644 ---- a/add_path.cpp -+++ b/add_path.cpp -@@ -196,12 +196,6 @@ void bcp_implementation::add_file(const fs::path& p) - // - static const std::pair - specials[] = { -- std::pair("tools/build/src/kernel/modules.jam", "libs/predef/check"), -- std::pair("tools/build/src/kernel/modules.jam", "libs/predef/tools"), -- std::pair("tools/build/src/kernel/modules.jam", "tools/boost_install/boost-install.jam"), -- std::pair("tools/build/src/kernel/modules.jam", "tools/boost_install/boost-install-dirs.jam"), -- std::pair("tools/build/src/kernel/modules.jam", "tools/boost_install/Jamfile"), -- std::pair("tools/build/src/kernel/modules.jam", "libs/headers"), - std::pair("libs/test/build/Jamfile.v2", "libs/timer/src"), - std::pair("libs/test/build/Jamfile.v2", "libs/timer/build"), - std::pair("boost/atomic/capabilities.hpp", "boost/atomic/detail"), -@@ -226,14 +220,14 @@ static const std::pair - std::pair("libs/thread/build", "boost/system"), - std::pair("libs/thread/build", "boost/cerrno.hpp"), - std::pair("libs/thread/build", "boost/chrono"), -- std::pair("boost/filesystem/convenience.hpp", "boost/filesystem.hpp"), -+ std::pair("boost/filesystem/cstdio.hpp", "boost/filesystem.hpp"), -+ std::pair("boost/filesystem/directory.hpp", "boost/filesystem.hpp"), - std::pair("boost/filesystem/exception.hpp", "boost/filesystem.hpp"), - std::pair("boost/filesystem/fstream.hpp", "boost/filesystem.hpp"), - std::pair("boost/filesystem/operations.hpp", "boost/filesystem.hpp"), -+ std::pair("boost/filesystem/file_status.hpp", "boost/filesystem.hpp"), - std::pair("boost/filesystem/path.hpp", "boost/filesystem.hpp"), - std::pair("boost/filesystem.hpp", "libs/filesystem/build"), -- std::pair("boost/filesystem.hpp", "libs/filesystem/v2"), -- std::pair("boost/filesystem.hpp", "libs/filesystem/v3"), - std::pair("boost/config.hpp", "boost/config"), - std::pair("tools/build/bootstrap.sh", "libs/config/checks"), - std::pair("tools/build/bootstrap.sh", "libs/config/test"), -@@ -242,6 +236,7 @@ static const std::pair - std::pair("tools/build/bootstrap.sh", "tools/boost_install/BoostDetectToolset.cmake"), - std::pair("tools/build/bootstrap.sh", "tools/boost_install/boost-install.jam"), - std::pair("tools/build/bootstrap.sh", "tools/boost_install/boost-install-dirs.jam"), -+ std::pair("tools/build/bootstrap.sh", "tools/boost_install/Jamfile"), - std::pair("tools/build/bootstrap.sh", "boostcpp.jam"), - std::pair("tools/build/bootstrap.sh", "project-config.jam"), - std::pair("tools/build/bootstrap.sh", "bootstrap.bat"), -@@ -271,7 +266,8 @@ static const std::pair - std::pair("boost/test/detail/config.hpp", "libs/test/src"), - std::pair("boost/test/detail/config.hpp", "libs/test/build"), - std::pair("boost/test/detail/config.hpp", "libs/predef/build.jam"), -- std::pair("boost/test/detail/config.hpp", "libs/predef/check"), -+ std::pair("boost/test/detail/config.hpp", "libs/predef/tools/check"), -+ std::pair("boost/test/detail/config.hpp", "libs/predef/check"), // libs/predef/check if obsolete, but may still be used - std::pair("boost/typeof.hpp", "boost/typeof/incr_registration_group.hpp"), - std::pair("boost/function_types/detail/pp_loop.hpp", "boost/function_types/detail/pp_cc_loop"), - std::pair("boost/function_types/components.hpp", "boost/function_types/detail/components_impl"), diff --git a/boost/cd21e9b4a749a77c24facf2da44f01e032c40842.patch b/boost/cd21e9b4a749a77c24facf2da44f01e032c40842.patch deleted file mode 100644 index e45881c204f..00000000000 --- a/boost/cd21e9b4a749a77c24facf2da44f01e032c40842.patch +++ /dev/null @@ -1,184 +0,0 @@ -From cd21e9b4a749a77c24facf2da44f01e032c40842 Mon Sep 17 00:00:00 2001 -From: Andrey Semashev -Date: Sun, 24 Mar 2024 14:49:18 +0300 -Subject: [PATCH] Remove usage of deprecated and removed Boost.Filesystem APIs. - ---- - add_dependent_lib.cpp | 5 +++-- - add_path.cpp | 30 +++++++++++++++--------------- - bcp_imp.hpp | 1 + - copy_path.cpp | 8 ++++---- - file_types.cpp | 2 +- - 5 files changed, 24 insertions(+), 22 deletions(-) - -diff --git a/add_dependent_lib.cpp b/add_dependent_lib.cpp -index 4852914..521b70d 100644 ---- a/add_dependent_lib.cpp -+++ b/add_dependent_lib.cpp -@@ -15,6 +15,7 @@ - #include "bcp_imp.hpp" - #include "fileview.hpp" - #include -+#include - #include - #include - #include -@@ -43,12 +44,12 @@ static void init_library_scanner(const fs::path& p, bool cvs_mode, const std::st - // - // Don't add files created by build system: - // -- if((p.leaf() == "bin") || (p.leaf() == "bin-stage")) -+ if((p.filename() == "bin") || (p.filename() == "bin-stage")) - return; - // - // Don't add version control directories: - // -- if((p.leaf() == "CVS") || (p.leaf() == ".svn")) -+ if((p.filename() == "CVS") || (p.filename() == ".svn")) - return; - // - // don't add directories not under version control: -diff --git a/add_path.cpp b/add_path.cpp -index 8a1fee3..747bb8c 100644 ---- a/add_path.cpp -+++ b/add_path.cpp -@@ -15,6 +15,7 @@ - #include "bcp_imp.hpp" - #include "fileview.hpp" - #include -+#include - #include - #include - #include -@@ -24,8 +25,7 @@ void bcp_implementation::add_path(const fs::path& p) - { - if (m_excluded.find(p) != m_excluded.end()) - return; -- fs::path normalized_path = p; -- normalized_path.normalize(); -+ fs::path normalized_path = p.lexically_normal(); - if(fs::exists(m_boost_path / normalized_path)) - { - if(fs::is_directory(m_boost_path / normalized_path)) -@@ -45,12 +45,12 @@ void bcp_implementation::add_directory(const fs::path& p) - // - // Don't add files created by build system: - // -- if((p.leaf() == "bin") || (p.leaf() == "bin-stage")) -+ if((p.filename() == "bin") || (p.filename() == "bin-stage")) - return; - // - // Don't add version control directories: - // -- if((p.leaf() == "CVS") || (p.leaf() == ".svn")) -+ if((p.filename() == "CVS") || (p.filename() == ".svn")) - return; - // - // don't add directories not under version control: -@@ -180,7 +180,7 @@ void bcp_implementation::add_file(const fs::path& p) - { - // only concatonate if it's a relative path - // rather than a URL: -- fs::path dep(p.branch_path() / s); -+ fs::path dep(p.parent_path() / s); - if(!m_dependencies.count(dep)) - { - m_dependencies[dep] = p; // set up dependency tree -@@ -355,13 +355,13 @@ void bcp_implementation::add_file_dependencies(const fs::path& p, bool scanfile) - continue; - } - include_file = i->str(); -- fs::path test_file(m_boost_path / p.branch_path() / include_file); -- if(fs::exists(test_file) && !fs::is_directory(test_file) && (p.branch_path().string() != "boost")) -+ fs::path test_file(m_boost_path / p.parent_path() / include_file); -+ if(fs::exists(test_file) && !fs::is_directory(test_file) && (p.parent_path().string() != "boost")) - { -- if(!m_dependencies.count(p.branch_path() / include_file)) -+ if(!m_dependencies.count(p.parent_path() / include_file)) - { -- m_dependencies[p.branch_path() / include_file] = p; -- add_pending_path(p.branch_path() / include_file); -+ m_dependencies[p.parent_path() / include_file] = p; -+ add_pending_path(p.parent_path() / include_file); - } - } - else if(fs::exists(m_boost_path / include_file)) -@@ -405,13 +405,13 @@ void bcp_implementation::add_file_dependencies(const fs::path& p, bool scanfile) - ++i; - continue; - } -- fs::path test_file(m_boost_path / p.branch_path() / include_file); -- if(fs::exists(test_file) && !fs::is_directory(test_file) && (p.branch_path().string() != "boost")) -+ fs::path test_file(m_boost_path / p.parent_path() / include_file); -+ if(fs::exists(test_file) && !fs::is_directory(test_file) && (p.parent_path().string() != "boost")) - { -- if(!m_dependencies.count(p.branch_path() / include_file)) -+ if(!m_dependencies.count(p.parent_path() / include_file)) - { -- m_dependencies[p.branch_path() / include_file] = p; -- add_pending_path(p.branch_path() / include_file); -+ m_dependencies[p.parent_path() / include_file] = p; -+ add_pending_path(p.parent_path() / include_file); - } - } - else if(fs::exists(m_boost_path / include_file)) -diff --git a/bcp_imp.hpp b/bcp_imp.hpp -index e515581..51c85ba 100644 ---- a/bcp_imp.hpp -+++ b/bcp_imp.hpp -@@ -14,6 +14,7 @@ - #include - #include - #include -+#include - #include - - namespace fs = boost::filesystem; -diff --git a/copy_path.cpp b/copy_path.cpp -index 4143c79..6b7a370 100644 ---- a/copy_path.cpp -+++ b/copy_path.cpp -@@ -49,18 +49,18 @@ void bcp_implementation::copy_path(const fs::path& p) - if(fs::exists(m_dest_path / p)) - { - std::cout << "Copying (and overwriting) file: " << p.string() << "\n"; -- fs::remove(m_dest_path / p); -+ fs::remove(m_dest_path / p); - } - else - std::cout << "Copying file: " << p.string() << "\n"; - // - // create the path to the new file if it doesn't already exist: - // -- create_path(p.branch_path()); -+ create_path(p.parent_path()); - // - // do text based copy if requested: - // -- if((p.leaf() == "Jamroot") && m_namespace_name.size()) -+ if((p.filename() == "Jamroot") && m_namespace_name.size()) - { - static std::vector v1, v2; - v1.clear(); -@@ -240,7 +240,7 @@ void bcp_implementation::create_path(const fs::path& p) - if(!fs::exists(m_dest_path / p)) - { - // recurse then create the path: -- create_path(p.branch_path()); -+ create_path(p.parent_path()); - fs::create_directory(m_dest_path / p); - } - } -diff --git a/file_types.cpp b/file_types.cpp -index 297d304..69f6027 100644 ---- a/file_types.cpp -+++ b/file_types.cpp -@@ -52,7 +52,7 @@ bool bcp_implementation::is_binary_file(const fs::path& p) - "|" - "(Jamfile|makefile|configure)", - boost::regex::perl | boost::regex::icase); -- return !boost::regex_match(p.leaf().generic_string(), e); -+ return !boost::regex_match(p.filename().generic_string(), e); - - } - diff --git a/buildah.yaml b/buildah.yaml index ff62fc6bac9..afa536d4d63 100644 --- a/buildah.yaml +++ b/buildah.yaml @@ -2,7 +2,7 @@ package: name: buildah version: 1.38.0 description: "A tool that facilitates building OCI images" - epoch: 0 + epoch: 1 copyright: - license: Apache-2.0 @@ -26,6 +26,10 @@ pipeline: tag: v${{package.version}} expected-commit: 7aa3b5ee0470647fcf125930913132fe7c556bcd + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make make install PREFIX=${{targets.destdir}} diff --git a/cert-manager-1.16.yaml b/cert-manager-1.16.yaml index 38c755372ad..71b7a7a426c 100644 --- a/cert-manager-1.16.yaml +++ b/cert-manager-1.16.yaml @@ -2,7 +2,7 @@ package: name: cert-manager-1.16 # See https://cert-manager.io/docs/installation/supported-releases/ for upstream-supported versions version: 1.16.2 - epoch: 1 + epoch: 2 description: Automatically provision and manage TLS certificates in Kubernetes copyright: - license: Apache-2.0 @@ -34,6 +34,10 @@ pipeline: tag: v${{package.version}} expected-commit: 33df0f22ab5753b942ce2deb36d7e452bc78e49d + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + # the makefile hardcodes the requirement for some container runtime (CTR), even when we don't need it # to workaround, set CTR to anything $(command -v)able - runs: | diff --git a/chromium.yaml b/chromium.yaml index 73ac2199fed..f5f3788a07e 100644 --- a/chromium.yaml +++ b/chromium.yaml @@ -330,15 +330,16 @@ test: #- py3-pip #- python3 pipeline: + - uses: test/ldd-check + with: + verbose: true + files: /usr/lib/chromium/chrome - runs: | # Make sure Chrome and ChromeDriver are at the correct path test -x /usr/lib/chromium/chrome test -x /usr/lib/chromium/chromedriver test -f /usr/lib/chromium/locales/en-US.pak - # Ensure all libraries are linked - ldd /usr/lib/chromium/chrome - # Check status with new headless mode chromium --no-sandbox --headless --disable-gpu --dump-dom https://www.chromestatus.com diff --git a/cilium-cli.yaml b/cilium-cli.yaml index a0d70998a16..9bc2c9c5660 100644 --- a/cilium-cli.yaml +++ b/cilium-cli.yaml @@ -1,7 +1,7 @@ package: name: cilium-cli version: 0.16.22 - epoch: 0 + epoch: 1 description: CLI to install, manage & troubleshoot Kubernetes clusters running Cilium copyright: - license: Apache-2.0 @@ -22,6 +22,11 @@ pipeline: expected-commit: c52e8c38e6d6235bd8e6e961199a984275547d6f destination: cilium-cli + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + modroot: cilium-cli + - runs: | cd cilium-cli make install diff --git a/clusterctl.yaml b/clusterctl.yaml index d506cae5fce..ae34f5485da 100644 --- a/clusterctl.yaml +++ b/clusterctl.yaml @@ -1,7 +1,7 @@ package: name: clusterctl version: 1.9.0 - epoch: 0 + epoch: 1 description: A command line tool to manage clusters created by cluster API copyright: - license: Apache-2.0 @@ -25,6 +25,10 @@ pipeline: tag: v${{package.version}} expected-commit: e5c96a612bb9e5fca8439bb024e73840205bc4d8 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./cmd/clusterctl diff --git a/confluent-docker-utils.yaml b/confluent-docker-utils.yaml index 58359c3bcb3..e0ebfda5421 100644 --- a/confluent-docker-utils.yaml +++ b/confluent-docker-utils.yaml @@ -1,7 +1,7 @@ #nolint:git-checkout-must-use-github-updates package: name: confluent-docker-utils - version: 0.0.127 + version: 0.0.129 epoch: 0 description: This package provides Docker Utility Belt (dub) and Confluent Platform Utility Belt (cub). copyright: @@ -10,8 +10,14 @@ package: no-depends: true dependencies: runtime: - - py3-setuptools # To fix `No module named 'distutils'` - - python3 + - py${{vars.py-version}}-setuptools # To fix `No module named 'distutils'` + +vars: + # This will compile with py3.13, however tests will fail with errors: + # 'ModuleNotFoundError: No module named 'pipes' + # - https://github.com/jupyter/nbclassic/issues/308 + # Upstream may have to make some code changes to be compatible with py3.13. + py-version: 3.12 environment: contents: @@ -19,18 +25,13 @@ environment: - busybox - ca-certificates-bundle - cython - - py3-gpep517 - - py3-installer - - py3-pip - - py3-setuptools - - py3-wheel - - python-3 - - python-3-dev + - py${{vars.py-version}}-build-base-dev + - py${{vars.py-version}}-gpep517 pipeline: - uses: git-checkout with: - expected-commit: 964dc5fa47e7b361f3fff5854e3fd6e77e95a8d0 + expected-commit: 03c11854dddd276004e69c533496cd5803e9abdc repository: https://github.com/confluentinc/confluent-docker-utils tag: v${{package.version}} @@ -40,25 +41,28 @@ pipeline: echo 'PyYAML==6.0.1' >> requirements.txt - runs: | - python3 -m gpep517 build-wheel \ + python3=python${{vars.py-version}} + $python3 -m gpep517 build-wheel \ --wheel-dir dist \ --output-fd 3 3>&1 >&2 - python3 -m installer \ + $python3 -m installer \ -d "${{targets.destdir}}" \ dist/*.whl install -Dm644 LICENSE \ "${{targets.destdir}}"/usr/share/licenses/${{package.name}}/LICENSE - runs: | + python3=python${{vars.py-version}} # `--use-deprecated=legacy-resolver` is used force ignore the dependency check. # `docker-compose` was requiring `PyYAML<6` and also `PyYAML==5.4.1` was causing # `AttributeError: cython_sources` issue. - pip install --root=${{targets.destdir}} --prefix=/usr --prefer-binary --use-deprecated=legacy-resolver -r requirements.txt - pip install --root=${{targets.destdir}} --prefix=/usr setuptools + $python3 -m pip install --root=${{targets.destdir}} --prefix=/usr --prefer-binary --use-deprecated=legacy-resolver -r requirements.txt + $python3 -m pip install --root=${{targets.destdir}} --prefix=/usr setuptools find ${{targets.destdir}} -name "*.pyc" -exec rm -rf '{}' + - runs: | - _py3ver=$(python3 -c 'import sys; print("{}.{}".format(sys.version_info.major, sys.version_info.minor))') + python3=python${{vars.py-version}} + _py3ver=$($python3 -c 'import sys; print("{}.{}".format(sys.version_info.major, sys.version_info.minor))') mkdir -p ${{targets.destdir}}/usr/lib/python"$_py3ver"/site-packages/confluent/docker_utils cp -r confluent/docker_utils/* ${{targets.destdir}}/usr/lib/python"$_py3ver"/site-packages/confluent/docker_utils/ @@ -87,3 +91,6 @@ test: jsonschema --help normalizer --version normalizer --help + - uses: python/import + with: + import: confluent.docker_utils diff --git a/crossplane-provider-gcp.yaml b/crossplane-provider-gcp.yaml index 85ccc81aa69..d235abc99be 100644 --- a/crossplane-provider-gcp.yaml +++ b/crossplane-provider-gcp.yaml @@ -1,7 +1,7 @@ package: name: crossplane-provider-gcp version: 1.11.0 - epoch: 0 + epoch: 1 description: Official GCP Provider for Crossplane by Upbound copyright: - license: Apache-2.0 @@ -32,6 +32,10 @@ pipeline: expected-commit: b2f928499b2dd0dfea778e027012349f86faec6d recurse-submodules: true + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | # `make` downloads `up`, unless we move our prebuilt `up` to where it expects it. GOARCH=$(go env GOARCH) diff --git a/crossplane-provider-sql.yaml b/crossplane-provider-sql.yaml index 2fb43d5daa6..1aacf2145c9 100644 --- a/crossplane-provider-sql.yaml +++ b/crossplane-provider-sql.yaml @@ -1,7 +1,7 @@ package: name: crossplane-provider-sql - version: 0.9.0 - epoch: 2 + version: 0.10.0 + epoch: 0 description: Official SQL Provider for Crossplane by Upbound copyright: - license: Apache-2.0 @@ -20,14 +20,14 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: afdf5802c7445e6ed42db11b35e1a45d8f2771dd + expected-commit: cee2aea51f9340bbecfdac025ed959e09e3f6d7d repository: https://github.com/crossplane-contrib/provider-sql tag: v${{package.version}} - uses: go/bump with: - deps: google.golang.org/protobuf@v1.33.0 golang.org/x/text@v0.14.0 golang.org/x/crypto@v0.31.0 - replaces: golang.org/x/net=golang.org/x/net@v0.23.0 github.com/crossplane/crossplane-runtime=github.com/crossplane/crossplane-runtime@v0.19.2 + deps: google.golang.org/protobuf@v1.33.0 golang.org/x/crypto@v0.31.0 + replaces: golang.org/x/net=golang.org/x/net@v0.23.0 modroot: . - uses: go/build diff --git a/dagdotdev.yaml b/dagdotdev.yaml index e5e1d0d1907..76bd83068cf 100644 --- a/dagdotdev.yaml +++ b/dagdotdev.yaml @@ -1,7 +1,7 @@ package: name: dagdotdev - version: 0.0.11 - epoch: 1 + version: 0.0.12 + epoch: 0 description: oci and apk explorer copyright: - license: Apache-2.0 @@ -21,14 +21,10 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 1320c220b8942677e9021259ccf90879bb2ae2e3 + expected-commit: d218bb247a397482daad2c2274b3d940ee26d768 repository: https://github.com/jonjohnsonjr/dagdotdev tag: v${{package.version}} - - uses: go/bump - with: - deps: golang.org/x/crypto@v0.31.0 - - uses: go/build with: packages: . diff --git a/datadog-agent.yaml b/datadog-agent.yaml index 1309e7c2cda..ad4c7b48d3c 100644 --- a/datadog-agent.yaml +++ b/datadog-agent.yaml @@ -3,7 +3,7 @@ package: # This package has two git checkouts. For each new release, the commit SHA for # DataDog/integrations-core must also be updated. version: 7.59.1 - epoch: 0 + epoch: 1 description: "Collect events and metrics from your hosts that send data to Datadog." copyright: - license: Apache-2.0 @@ -105,7 +105,7 @@ pipeline: - uses: go/bump with: - deps: github.com/moby/buildkit@v0.13.1 + deps: github.com/moby/buildkit@v0.13.1 golang.org/x/crypto@v0.31.0 replaces: github.com/mholt/archiver/v3=github.com/anchore/archiver/v3@v3.5.2 show-diff: true diff --git a/ddp-tool.yaml b/ddp-tool.yaml index 3ccd9cc7241..e5ca0a886e2 100644 --- a/ddp-tool.yaml +++ b/ddp-tool.yaml @@ -1,7 +1,7 @@ #nolint:valid-pipeline-git-checkout-commit,valid-pipeline-git-checkout-tag package: name: ddp-tool - version: 1.0.34.0_git20241212 + version: 1.0.34.0_git20241213 epoch: 0 description: Intel Dynamic Device Personalization Tool copyright: diff --git a/docker-compose.yaml b/docker-compose.yaml index 2c4d1fd6e5e..abd27cc1180 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,6 +1,6 @@ package: name: docker-compose - version: 2.31.0 + version: 2.32.0 epoch: 0 description: Define and run multi-container applications with Docker copyright: @@ -28,7 +28,7 @@ pipeline: with: repository: https://github.com/docker/compose tag: v${{package.version}} - expected-commit: a8469db83f514a5abe4681c7fee773061f1941c6 + expected-commit: a20b69ac5b860f1aa270519e4d02207246d7cb6b - runs: | mkdir -p ${{targets.destdir}}/usr/bin diff --git a/docker.yaml b/docker.yaml index 846f496441b..22e0112cfda 100644 --- a/docker.yaml +++ b/docker.yaml @@ -1,7 +1,7 @@ package: name: docker version: 27.4.0 - epoch: 0 + epoch: 1 description: A meta package for Docker Engine and Docker CLI copyright: - license: Apache-2.0 @@ -20,10 +20,12 @@ package: - fuse-overlayfs - git - ip6tables + - iproute2 # docker dind also needs a couple of runtime dependencies mentioned here (https://github.com/moby/moby/blob/0eecd59153c03ced5f5ddd79cc98f29e4d86daec/project/PACKAGERS.md#runtime-dependencies) below are those dependencies. - iptables - openssh-client - openssl + - openssl-config - pigz - procps - shadow-subids # equivalent of shadow-uidmap in wolfi @@ -66,7 +68,8 @@ pipeline: # pin to older dependencies when this package auto updates, we use sed with # the specific replacement version. - # CVE-2023-47108 GHSA-8pgv-569h-w5rw CVE-2023-45142 GHSA-rcjv-mgp8-qvmr + # CVE-2023-47108 GHSA-8pgv-569h-w5rw CVE-2023-45142 GHSA-rcjv-mgp8-qvmr CVE-2024-45337 + sed -i 's|golang.org/x/crypto v0.27.0|golang.org/x/crypto v0.31.0|' vendor.mod sed -i 's|go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.45.0|go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0|' vendor.mod sed -i 's|go.opentelemetry.io/otel v1.19.0|go.opentelemetry.io/otel v1.21.0|' vendor.mod sed -i 's|go.opentelemetry.io/otel/sdk v1.19.0|go.opentelemetry.io/otel/sdk v1.21.0|' vendor.mod diff --git a/doppler-kubernetes-operator.yaml b/doppler-kubernetes-operator.yaml index b9180bfc472..3ac07d88b07 100644 --- a/doppler-kubernetes-operator.yaml +++ b/doppler-kubernetes-operator.yaml @@ -1,7 +1,7 @@ package: name: doppler-kubernetes-operator version: 1.5.1 - epoch: 5 + epoch: 6 description: Automatically sync secrets from Doppler to Kubernetes and auto-reload deployments when secrets change. copyright: - license: Apache-2.0 @@ -21,7 +21,7 @@ pipeline: - uses: go/bump with: - deps: github.com/gogo/protobuf@v1.3.2 golang.org/x/crypto@v0.17.0 github.com/prometheus/client_golang@v1.11.1 google.golang.org/protobuf@v1.33.0 golang.org/x/net@v0.23.0 github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/gogo/protobuf@v1.3.2 github.com/prometheus/client_golang@v1.11.1 google.golang.org/protobuf@v1.33.0 golang.org/x/net@v0.23.0 github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 - runs: | CGO_ENABLED=0 GO111MODULE=on GOOS=$(go env GOOS) GOARCH=$(go env GOARCH) diff --git a/dynamic-localpv-provisioner.yaml b/dynamic-localpv-provisioner.yaml index adb36db7a85..2cb686ec5a8 100644 --- a/dynamic-localpv-provisioner.yaml +++ b/dynamic-localpv-provisioner.yaml @@ -1,7 +1,7 @@ package: name: dynamic-localpv-provisioner version: 4.1.2 - epoch: 0 + epoch: 1 description: Dynamic Local Volumes for Kubernetes Stateful workloads. copyright: - license: Apache-2.0 @@ -32,7 +32,7 @@ pipeline: - uses: go/bump with: - deps: github.com/prometheus/client_golang@v1.11.1 github.com/Masterminds/goutils@v1.1.1 google.golang.org/grpc@v1.56.3 + deps: github.com/prometheus/client_golang@v1.11.1 github.com/Masterminds/goutils@v1.1.1 google.golang.org/grpc@v1.56.3 golang.org/x/crypto@v0.31.0 - runs: | make provisioner-localpv diff --git a/envoy-gateway.yaml b/envoy-gateway.yaml index f65e74b4745..4b5bd4e9589 100644 --- a/envoy-gateway.yaml +++ b/envoy-gateway.yaml @@ -1,7 +1,7 @@ package: name: envoy-gateway - version: 1.2.3 - epoch: 1 + version: 1.2.4 + epoch: 0 description: Manages Envoy Proxy as a Standalone or Kubernetes-based Application Gateway copyright: - license: Apache-2.0 @@ -14,14 +14,10 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 9fe25ce67e12e07ae6849a61d24ae0572aead970 + expected-commit: 6ca4fe3c5f9f734b748d85da46f6d790c0377c86 repository: https://github.com/envoyproxy/gateway tag: v${{package.version}} - - uses: go/bump - with: - deps: golang.org/x/crypto@v0.31.0 - - uses: go/build with: packages: ./cmd/envoy-gateway diff --git a/expat.yaml b/expat.yaml index f35f2461ff7..9e5f32f9e7f 100644 --- a/expat.yaml +++ b/expat.yaml @@ -97,9 +97,9 @@ test: gcc -o test test.c -lexpat ./test - - name: "Check shared library" - runs: | - ldd /usr/lib/libexpat.so.1 + - uses: test/ldd-check + with: + files: /usr/lib/libexpat.so.1 - name: "Verify XML parsing functionality" runs: | cat > test.xml << EOF diff --git a/external-secrets-operator.yaml b/external-secrets-operator.yaml index a7ad2eaf165..55aa400612a 100644 --- a/external-secrets-operator.yaml +++ b/external-secrets-operator.yaml @@ -1,7 +1,7 @@ package: name: external-secrets-operator version: 0.11.0 - epoch: 0 + epoch: 1 description: Integrate external secret management systems with Kubernetes copyright: - license: Apache-2.0 @@ -13,6 +13,10 @@ pipeline: tag: v${{package.version}} expected-commit: 0656bf33c5bde3b54afe6c5d21e246e58fb19be7 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: go-package: go diff --git a/falcoctl.yaml b/falcoctl.yaml index d70f8ba0545..613e5f899d3 100644 --- a/falcoctl.yaml +++ b/falcoctl.yaml @@ -1,7 +1,7 @@ package: name: falcoctl version: 0.10.1 - epoch: 0 + epoch: 1 description: Administrative tooling for Falco copyright: - license: Apache-2.0 @@ -22,6 +22,10 @@ pipeline: repository: https://github.com/falcosecurity/falcoctl tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make falcoctl RELEASE=${{package.version}} mkdir -p ${{targets.destdir}}/usr/bin diff --git a/flatbuffers.yaml b/flatbuffers.yaml index 40a86fddb6c..6ac27cb2387 100644 --- a/flatbuffers.yaml +++ b/flatbuffers.yaml @@ -2,7 +2,7 @@ package: name: flatbuffers version: 24.3.25 - epoch: 2 + epoch: 3 description: The FlatBuffers serialization format copyright: - license: Apache-2.0 @@ -17,7 +17,7 @@ data: 3.10: "310" 3.11: "311" 3.12: "312" - 3.13: "300" + 3.13: "313" environment: contents: diff --git a/fluent-plugin-label-router.yaml b/fluent-plugin-label-router.yaml index 93f86ef06f4..ec52c86139b 100644 --- a/fluent-plugin-label-router.yaml +++ b/fluent-plugin-label-router.yaml @@ -1,7 +1,7 @@ #nolint:valid-pipeline-git-checkout-tag package: name: fluent-plugin-label-router - version: 0.4.0_git20241212 + version: 0.4.0_git20241213 epoch: 0 description: Label-Router helps routing log messages based on their labels and namespace tag in a Kubernetes environment. copyright: diff --git a/fluent-plugin-tag-normaliser.yaml b/fluent-plugin-tag-normaliser.yaml index 43c76e95822..b7677b84a52 100644 --- a/fluent-plugin-tag-normaliser.yaml +++ b/fluent-plugin-tag-normaliser.yaml @@ -1,7 +1,7 @@ #nolint:valid-pipeline-git-checkout-tag package: name: fluent-plugin-tag-normaliser - version: 0_git20241212 + version: 0_git20241213 epoch: 0 description: Tag-normaliser is a `fluentd` plugin to help re-tag logs with Kubernetes metadata. It uses special placeholders to change tag. copyright: diff --git a/flux-helm-controller.yaml b/flux-helm-controller.yaml index 69e59e8bbe2..0d66842052c 100644 --- a/flux-helm-controller.yaml +++ b/flux-helm-controller.yaml @@ -1,7 +1,7 @@ package: name: flux-helm-controller version: 1.1.0 - epoch: 0 + epoch: 1 description: The GitOps Toolkit Helm reconciler, for declarative Helming copyright: - license: Apache-2.0 @@ -24,7 +24,7 @@ pipeline: - uses: go/bump with: - deps: oras.land/oras-go@v1.2.6 + deps: oras.land/oras-go@v1.2.6 golang.org/x/crypto@v0.31.0 - uses: go/build with: diff --git a/flux-image-automation-controller.yaml b/flux-image-automation-controller.yaml index 9529234cd52..fe815c22a64 100644 --- a/flux-image-automation-controller.yaml +++ b/flux-image-automation-controller.yaml @@ -1,7 +1,7 @@ package: name: flux-image-automation-controller version: 0.39.0 - epoch: 1 + epoch: 2 description: GitOps Toolkit controller that patches container image tags in Git copyright: - license: Apache-2.0 @@ -24,6 +24,10 @@ pipeline: repository: https://github.com/fluxcd/image-automation-controller tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | mkdir -p "${{targets.destdir}}"/usr/bin CGO_ENABLED=1 CGO_LDFLAGS="-static -fuse-ld=lld" go build \ diff --git a/flux-image-reflector-controller.yaml b/flux-image-reflector-controller.yaml index 172cc51d07e..a1e651a85cb 100644 --- a/flux-image-reflector-controller.yaml +++ b/flux-image-reflector-controller.yaml @@ -1,7 +1,7 @@ package: name: flux-image-reflector-controller version: 0.33.0 - epoch: 2 + epoch: 3 description: GitOps Toolkit controller that scans container registries copyright: - license: Apache-2.0 @@ -24,7 +24,7 @@ pipeline: - uses: go/bump with: - deps: github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 - uses: go/build with: diff --git a/flux-kustomize-controller.yaml b/flux-kustomize-controller.yaml index 0de16882af5..bd08915c189 100644 --- a/flux-kustomize-controller.yaml +++ b/flux-kustomize-controller.yaml @@ -1,7 +1,7 @@ package: name: flux-kustomize-controller version: 1.4.0 - epoch: 0 + epoch: 1 description: The GitOps Toolkit Kustomize reconciler copyright: - license: Apache-2.0 @@ -36,6 +36,10 @@ pipeline: repository: https://github.com/fluxcd/kustomize-controller tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: ldflags: -s -w -X main.Version=${{package.version}} diff --git a/fq.yaml b/fq.yaml index 09998d36af3..0dc196b09c7 100644 --- a/fq.yaml +++ b/fq.yaml @@ -1,7 +1,7 @@ package: name: fq version: 0.13.0 - epoch: 0 + epoch: 1 description: "jq for binary formats - tool, language and decoders for working with binary and text formats" copyright: - license: MIT @@ -13,6 +13,11 @@ pipeline: tag: v${{package.version}} expected-commit: 9857323e5d21655a087831791162410e04edb9cc + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + modroot: . + - uses: go/build with: packages: ./ diff --git a/gatekeeper-3.17.yaml b/gatekeeper-3.17.yaml index 11f447abc66..ea6df47a2d6 100644 --- a/gatekeeper-3.17.yaml +++ b/gatekeeper-3.17.yaml @@ -1,7 +1,7 @@ package: name: gatekeeper-3.17 version: 3.17.1 - epoch: 3 + epoch: 4 description: Gatekeeper - Policy Controller for Kubernetes copyright: - license: Apache-2.0 @@ -28,7 +28,7 @@ pipeline: - uses: go/bump with: - deps: github.com/open-policy-agent/opa@v0.68.0 + deps: github.com/open-policy-agent/opa@v0.68.0 golang.org/x/crypto@v0.31.0 - runs: | FRAMEWORKS_VERSION=$(go list -f '{{ .Version }}' -m github.com/open-policy-agent/frameworks/constraint) diff --git a/gitaly-17.6.yaml b/gitaly-17.6.yaml index d9c921766ab..e3a69d81701 100644 --- a/gitaly-17.6.yaml +++ b/gitaly-17.6.yaml @@ -1,7 +1,7 @@ package: name: gitaly-17.6 version: 17.6.2 - epoch: 0 + epoch: 1 description: copyright: - license: MIT @@ -38,6 +38,10 @@ pipeline: tag: v${{package.version}} expected-commit: d06e4074586fd7760f55ab0080d5c74fc735d25f + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make install DESTDIR="${{targets.destdir}}" PREFIX=/usr diff --git a/gitea.yaml b/gitea.yaml index 35ca01242c6..056441a1964 100644 --- a/gitea.yaml +++ b/gitea.yaml @@ -1,6 +1,6 @@ package: name: gitea - version: 1.22.5 + version: 1.22.6 epoch: 0 description: self-hosted git service copyright: @@ -19,7 +19,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: c0092af2e01c15d806435b9c4916a61415483e24 + expected-commit: 8eefa1f6dedf2488db2c9e12c916e8e51f673160 repository: https://github.com/go-gitea/gitea tag: v${{package.version}} diff --git a/gitlab-pages-17.6.yaml b/gitlab-pages-17.6.yaml index d84a4ef44b4..398b2e9bb91 100644 --- a/gitlab-pages-17.6.yaml +++ b/gitlab-pages-17.6.yaml @@ -1,7 +1,7 @@ package: name: gitlab-pages-17.6 version: 17.6.2 - epoch: 0 + epoch: 1 description: GitLab Pages daemon used to serve static websites for GitLab users. copyright: - license: MIT @@ -22,6 +22,10 @@ pipeline: tag: v${{package.version}} expected-commit: 2b0a27333cea5588b341f49e1ca725a48fd3b9f3 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: . diff --git a/gitlab-runner-17.6.yaml b/gitlab-runner-17.6.yaml index 136aa9bc0c1..3a0963f6c31 100644 --- a/gitlab-runner-17.6.yaml +++ b/gitlab-runner-17.6.yaml @@ -21,7 +21,7 @@ package: name: gitlab-runner-17.6 # ---Additional updates required--- Review 'vars' section (above), when reviewing version bumps. version: 17.6.0 - epoch: 0 + epoch: 1 description: GitLab Runner is the open source project that is used to run your CI/CD jobs and send the results back to GitLab copyright: - license: MIT @@ -36,6 +36,10 @@ pipeline: tag: v${{package.version}} expected-commit: 374d34fda25904c34e29770b2027cef3c2cebc21 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: . diff --git a/glab.yaml b/glab.yaml index 1bc7045fb5c..38e48027779 100644 --- a/glab.yaml +++ b/glab.yaml @@ -5,7 +5,7 @@ package: name: glab version: 1.50.0 - epoch: 0 + epoch: 1 description: A GitLab CLI tool bringing GitLab to your command line copyright: - license: MIT @@ -23,6 +23,10 @@ pipeline: tag: v${{package.version}} expected-commit: 2f23daa519be7cdd2562255235f6b1ad0da1931d + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./cmd/glab diff --git a/go-discover.yaml b/go-discover.yaml index c133dc8c23e..e2eb336c166 100644 --- a/go-discover.yaml +++ b/go-discover.yaml @@ -1,8 +1,8 @@ #nolint:valid-pipeline-git-checkout-tag package: name: go-discover - version: 0_git20241212 - epoch: 1 + version: 0_git20241213 + epoch: 0 description: go-discover is a Go (golang) library and command line tool to discover ip addresses of nodes in cloud environments based on meta information like tags provided by the environment. copyright: - license: MPL-2.0 diff --git a/go-licenses.yaml b/go-licenses.yaml index 87923798f8f..03ceb76fe47 100644 --- a/go-licenses.yaml +++ b/go-licenses.yaml @@ -1,7 +1,7 @@ package: name: go-licenses version: 1.6.0 - epoch: 16 + epoch: 17 description: A lightweight tool to report on the licenses used by a Go package and its dependencies. Highlight! Versioned external URL to licenses can be found at the same time. copyright: - license: Apache-2.0 @@ -19,7 +19,7 @@ pipeline: - uses: go/bump with: - deps: github.com/cloudflare/circl@v1.3.7 golang.org/x/net@v0.23.0 + deps: github.com/cloudflare/circl@v1.3.7 golang.org/x/net@v0.23.0 golang.org/x/crypto@v0.31.0 modroot: . - uses: go/build diff --git a/goreleaser.yaml b/goreleaser.yaml index 036840117c6..34ecc7f66b6 100644 --- a/goreleaser.yaml +++ b/goreleaser.yaml @@ -1,7 +1,7 @@ package: name: goreleaser version: 2.4.8 - epoch: 0 + epoch: 1 description: Deliver Go binaries as fast and easily as possible copyright: - license: Apache-2.0 @@ -18,6 +18,11 @@ pipeline: tag: v${{package.version}} expected-commit: 377981ebd76e1bbb0dbe07d5428239ec8c5381a8 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + modroot: . + - uses: go/build with: packages: . diff --git a/gostatsd.yaml b/gostatsd.yaml index 922ac4e56fe..45b51fb293e 100644 --- a/gostatsd.yaml +++ b/gostatsd.yaml @@ -1,7 +1,7 @@ package: name: gostatsd version: 28.3.0 - epoch: 6 + epoch: 7 description: An implementation of Etsy's statsd in Go with tags support copyright: - license: MIT @@ -19,7 +19,7 @@ pipeline: - uses: go/bump with: - deps: github.com/gogo/protobuf@v1.3.2 golang.org/x/crypto@v0.17.0 golang.org/x/net@v0.23.0 k8s.io/client-go@v0.17.16 github.com/aws/aws-sdk-go@v1.34.0 + deps: github.com/gogo/protobuf@v1.3.2 golang.org/x/net@v0.23.0 k8s.io/client-go@v0.17.16 github.com/aws/aws-sdk-go@v1.34.0 golang.org/x/crypto@v0.31.0 - uses: go/build with: diff --git a/grpc-health-probe.yaml b/grpc-health-probe.yaml index d2589e733da..e050c33e3a4 100644 --- a/grpc-health-probe.yaml +++ b/grpc-health-probe.yaml @@ -2,7 +2,7 @@ package: name: grpc-health-probe version: 0.4.35 # bump to epoch 1 when 0.4.29 is released - epoch: 0 + epoch: 1 description: A command-line tool to perform health-checks for gRPC applications in Kubernetes and elsewhere copyright: - license: Apache-2.0 @@ -24,6 +24,10 @@ pipeline: tag: v${{package.version}} expected-commit: 0d66e8ae39ccdf7a5c22f584560692ca5cf930af + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: . diff --git a/harbor-registry.yaml b/harbor-registry.yaml index 44cc530f191..2e77530e9dd 100644 --- a/harbor-registry.yaml +++ b/harbor-registry.yaml @@ -1,7 +1,7 @@ package: name: harbor-registry version: 3.0.0_alpha1 - epoch: 7 + epoch: 8 description: An open source trusted cloud native registry project that stores, signs, and scans content (registry) copyright: - license: Apache-2.0 @@ -32,7 +32,7 @@ pipeline: - uses: go/bump with: - deps: github.com/go-jose/go-jose/v3@v3.0.3 google.golang.org/protobuf@v1.33.0 golang.org/x/net@v0.23.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.6.0 + deps: github.com/go-jose/go-jose/v3@v3.0.3 google.golang.org/protobuf@v1.33.0 golang.org/x/net@v0.23.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.6.0 golang.org/x/crypto@v0.31.0 - runs: | # Adds source modules to $GOPATH diff --git a/helm-docs.yaml b/helm-docs.yaml index 6a1dcd25ce0..0390252e878 100644 --- a/helm-docs.yaml +++ b/helm-docs.yaml @@ -1,7 +1,7 @@ package: name: helm-docs version: 1.14.2 - epoch: 2 + epoch: 3 description: A tool for automatically generating markdown documentation for helm charts copyright: - license: GPL-3.0-only @@ -26,6 +26,10 @@ pipeline: tag: v${{package.version}} expected-commit: 37d3055fece566105cf8cff7c17b7b2355a01677 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make helm-docs install -Dm755 ./helm-docs "${{targets.contextdir}}/usr/bin/helm-docs" diff --git a/hugo-extended.yaml b/hugo-extended.yaml index 55fc729b8e0..dcd42a48295 100644 --- a/hugo-extended.yaml +++ b/hugo-extended.yaml @@ -1,7 +1,7 @@ package: name: hugo-extended - version: 0.139.3 - epoch: 1 + version: 0.139.4 + epoch: 0 description: The world's fastest framework for building websites. copyright: - license: Apache-2.0 @@ -22,7 +22,7 @@ pipeline: with: repository: https://github.com/gohugoio/hugo tag: v${{package.version}} - expected-commit: 2f6864387cd31b975914e8373d4bf38bddbd47bc + expected-commit: 3afe91d4b1b069abbedd6a96ed755b1e12581dfe - uses: go/bump with: diff --git a/hugo.yaml b/hugo.yaml index d64afca5dae..2ee7ddacd58 100644 --- a/hugo.yaml +++ b/hugo.yaml @@ -1,7 +1,7 @@ package: name: hugo version: 0.139.4 - epoch: 0 + epoch: 1 description: The world's fastest framework for building websites. copyright: - license: Apache-2.0 @@ -20,6 +20,10 @@ pipeline: tag: v${{package.version}} expected-commit: 3afe91d4b1b069abbedd6a96ed755b1e12581dfe + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: . diff --git a/icu.yaml b/icu.yaml index 8106624bec7..4e01b59bda5 100644 --- a/icu.yaml +++ b/icu.yaml @@ -1,7 +1,7 @@ package: name: icu - version: "76.1" - epoch: 0 + version: "75.1" + epoch: 5 description: "International Components for Unicode library" copyright: - license: MIT @@ -37,7 +37,7 @@ pipeline: - uses: fetch with: uri: https://github.com/unicode-org/icu/releases/download/release-${{vars.dash-package-version}}/icu4c-${{vars.underscore-package-version}}-src.tgz - expected-sha256: dfacb46bfe4747410472ce3e1144bf28a102feeaa4e3875bac9b4c6cf30f4f3e + expected-sha256: cb968df3e4d2e87e8b11c49a5d01c787bd13b9545280fc6642f826527618caef strip-components: 0 - runs: | @@ -104,6 +104,7 @@ subpackages: # strip-prefix: release- update: enabled: true + manual: true # ICU updates contain ABI breaking changes which require manual intervention version-transform: - match: \- replace: . diff --git a/istio-1.24.yaml b/istio-1.24.yaml index 4c1c84ee67c..7549c58dd53 100644 --- a/istio-1.24.yaml +++ b/istio-1.24.yaml @@ -1,7 +1,7 @@ package: name: istio-1.24 version: 1.24.1 - epoch: 0 + epoch: 1 description: Istio is an open source service mesh that layers transparently onto existing distributed applications. copyright: - license: Apache-2.0 @@ -28,6 +28,10 @@ pipeline: tag: ${{package.version}} expected-commit: 5c178358f9c61c50d3d6149a0b05a609a0d7defd + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + subpackages: - name: istio-cni-${{vars.major-minor-version}} pipeline: diff --git a/k6.yaml b/k6.yaml index ef6d3924487..56e4c5ec2ed 100644 --- a/k6.yaml +++ b/k6.yaml @@ -1,7 +1,7 @@ package: name: k6 version: 0.55.0 - epoch: 0 + epoch: 1 description: A modern load testing tool, using Go and JavaScript copyright: - license: AGPL-3.0-or-later @@ -22,6 +22,10 @@ pipeline: tag: v${{package.version}} expected-commit: 90bb9415d0724355e93eb276624d25394751d54d + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: . diff --git a/k8sgpt.yaml b/k8sgpt.yaml index 32d01eaed5a..97fe74bbc82 100644 --- a/k8sgpt.yaml +++ b/k8sgpt.yaml @@ -1,7 +1,7 @@ package: name: k8sgpt version: 0.3.48 - epoch: 0 + epoch: 1 description: Giving Kubernetes Superpowers to everyone copyright: - license: Apache-2.0 @@ -27,7 +27,7 @@ pipeline: - uses: go/bump with: - deps: github.com/open-policy-agent/opa@v0.68.0 + deps: github.com/open-policy-agent/opa@v0.68.0 golang.org/x/crypto@v0.31.0 - runs: | make tidy diff --git a/kaniko.yaml b/kaniko.yaml index c345d998448..edc4dc81746 100644 --- a/kaniko.yaml +++ b/kaniko.yaml @@ -1,7 +1,7 @@ package: name: kaniko version: 1.23.2 - epoch: 5 + epoch: 6 description: Build Container Images In Kubernetes copyright: - license: Apache-2.0 @@ -22,7 +22,7 @@ pipeline: - uses: go/bump with: - deps: github.com/opencontainers/runc@v1.1.12 google.golang.org/grpc@v1.64.1 github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/opencontainers/runc@v1.1.12 google.golang.org/grpc@v1.64.1 github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 tidy: false - uses: go/build diff --git a/kapp-controller.yaml b/kapp-controller.yaml index 3fee5cc2aa2..f0ec49ef1a7 100644 --- a/kapp-controller.yaml +++ b/kapp-controller.yaml @@ -1,6 +1,6 @@ package: name: kapp-controller - version: 0.54.0 + version: 0.54.1 epoch: 0 description: Continuous delivery and package management for Kubernetes copyright: @@ -22,7 +22,7 @@ package: pipeline: - uses: git-checkout with: - expected-commit: 36280985b86416dd023682b7bb02e0ffe1c6171c + expected-commit: c1d08f9df47a68659d0f37065060fb02b0dd32a5 repository: https://github.com/carvel-dev/kapp-controller tag: v${{package.version}} diff --git a/ko.yaml b/ko.yaml index 3ef0c43d3a4..4d57b2431e9 100644 --- a/ko.yaml +++ b/ko.yaml @@ -1,7 +1,7 @@ package: name: ko version: 0.17.1 - epoch: 1 + epoch: 2 description: Simple, fast container image builder for Go applications. copyright: - license: Apache-2.0 @@ -25,7 +25,7 @@ pipeline: - uses: go/bump with: - deps: github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 modroot: ko - uses: go/build diff --git a/kots.yaml b/kots.yaml index 2c045afd1c8..0f278683d3f 100644 --- a/kots.yaml +++ b/kots.yaml @@ -1,6 +1,6 @@ package: name: kots - version: 1.121.2 + version: 1.122.0 epoch: 0 description: Kubernetes Off-The-Shelf (KOTS) Software copyright: @@ -22,7 +22,11 @@ pipeline: with: repository: https://github.com/replicatedhq/kots tag: v${{package.version}} - expected-commit: 2417b58d3166126d8d2927af7bb760d4939c7ee3 + expected-commit: acfe1ac384b98e189982def68402d769fe2734f6 + + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 - runs: | set -x diff --git a/kserve-modelmesh-serving.yaml b/kserve-modelmesh-serving.yaml index 0e373d7cf4f..18351d5c16b 100644 --- a/kserve-modelmesh-serving.yaml +++ b/kserve-modelmesh-serving.yaml @@ -1,7 +1,7 @@ package: name: kserve-modelmesh-serving version: 0.12.0 - epoch: 2 + epoch: 3 description: ModelMesh Serving is the Controller for managing ModelMesh, a general-purpose model serving management/routing layer. copyright: - license: Apache-2.0 @@ -13,6 +13,10 @@ pipeline: tag: v${{package.version}} expected-commit: d0e56fa4ac7547e644c87d63dc97a14f612c0391 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: . diff --git a/kserve.yaml b/kserve.yaml index 4451d1d352c..360c7ef49ef 100644 --- a/kserve.yaml +++ b/kserve.yaml @@ -1,7 +1,7 @@ package: name: kserve - version: 0.13.1 - epoch: 5 + version: 0.14.0 + epoch: 0 description: "Standardized Serverless ML Inference Platform on Kubernetes" copyright: - license: Apache-2.0 @@ -11,14 +11,20 @@ environment: packages: - go - py3.11-pip - - python-3.11-dev + - py3.11-poetry + - py3.11-poetry-bin + - python-3.11-dev # Upstream https://github.com/kserve/kserve/blob/master/python/storage-initializer.Dockerfile uses python-3.11 pipeline: - uses: git-checkout with: repository: https://github.com/kserve/kserve tag: v${{package.version}} - expected-commit: e7d9ac8c48900bfd6db4821305b762bc51d8a67b + expected-commit: 7e4364246449715b902dc967167e38b38773c9cd + + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 data: - name: go-components @@ -62,114 +68,52 @@ subpackages: options: no-commands: true pipeline: - - working-directory: ./python + - name: poetry-build-storage-controller + working-directory: ./python/kserve runs: | - python=$(which python3.11) - - ( - set -x - cd kserve - - # get poetry - until poetry is multi-versioned, just install from pip - workd=$(mktemp -d) - $python -m venv "$workd" - $workd/bin/pip install poetry - - # PATCH_RAY: patch ray to address its embedded thirdparty_files - # aiohttp CVE-2024-30251, CVE-2024-27306, CVE-2024-42367 - # idna CVE-2024-3651 - # - # error if new version does not have 2.10.0, so we do not pin - # current version is 2.35 - $workd/bin/poetry show ray >/tmp/out - ver=$(awk '$1 == "version" { print $3 }' /tmp/out) - case "$ver" in - 2.10.*) :;; - *) echo "FAIL: Found ray at version '$ver', expected 2.10.*," - echo "FAIL: update or drop PATCH_RAY section" - exit 1;; - esac - $workd/bin/poetry add ray~2.35 --extras=serve --lock - - $workd/bin/poetry build - - wheel=$(echo dist/*.whl) - [ -f "$wheel" ] || { echo "not exactly one wheel: $wheel"; exit 1; } - - # just let pip handle deps for now. - $python -m pip install --verbose --prefix=/usr "--root=${{targets.contextdir}}" \ - "$wheel[storage]" - - rm -Rf "$workd" - ) - - # CVE-2024-6345 - see duplicate code in py3-virtualenv.yaml - ( cd "${{targets.contextdir}}" && - cd usr/lib/python*/site-packages/virtualenv/seed/wheels/embed && - rm -v \ - setuptools-68.0.0-py3-none-any.whl \ - pip-24.0-py3-none-any.whl \ - wheel-0.42.0-py3-none-any.whl - ) + # Install dependencies and build the package using poetry + poetry install --no-interaction --no-root --extras "storage ray" + poetry build + + # Install the wheel file with the root directory set to ${{targets.contextdir}} + python3 -m pip install --verbose --prefix=/usr --root=${{targets.contextdir}} dist/*.whl + - name: install storage-initializer entrypoint + working-directory: ./python/storage-initializer + runs: | + mkdir -p ${{targets.contextdir}}/storage-initializer/scripts/ - ( - d=${{targets.contextdir}}/storage-initializer/scripts/ - mkdir -p "$d" - cp storage-initializer/scripts/initializer-entrypoint "$d" - cd "$d" - chmod 755 initializer-entrypoint + cp ./scripts/initializer-entrypoint ${{targets.contextdir}}/storage-initializer/scripts/ + chmod 755 ${{targets.contextdir}}/storage-initializer/scripts/initializer-entrypoint - # update shbang to point to the python used rather than '/usr/bin/env python' - sed -i.dist "1s,#!/usr/bin/env python[^ ]*,#!$python," initializer-entrypoint - # exit fail if it did not change anything - diff -u initializer-entrypoint.dist initializer-entrypoint && exit 1 - rm initializer-entrypoint.dist - ) + cd ${{targets.contextdir}}/storage-initializer/scripts/ + # update shbang to point to the python used rather than '/usr/bin/env python' + sed -i.dist "1s,#!/usr/bin/env python[^ ]*,#!$(which python3.11)," initializer-entrypoint + # exit fail if it did not change anything + diff -u initializer-entrypoint.dist initializer-entrypoint && exit 1 + rm initializer-entrypoint.dist - uses: strip test: environment: contents: packages: - busybox + - py3.11-poetry + - python-3.11 pipeline: - name: "test entrypoint usage" runs: | /storage-initializer/scripts/initializer-entrypoint --help - dotenv --version dotenv --help - f2py --version - f2py --help - httpx --help - jp.py --help - jsonschema --version - jsonschema --help - markdown-it --version - markdown-it --help - memray --version - memray --help - memray3.11 --version - memray3.11 --help - normalizer --version - normalizer --help - py-spy --version - py-spy --help - pygmentize -v - pygmentize --help + f2py --help pyrsa-decrypt --help pyrsa-encrypt --help pyrsa-keygen --help pyrsa-priv2pub --help pyrsa-sign --help pyrsa-verify --help - ray --version - ray --help - serve --help tabulate --help uvicorn --version uvicorn --help - virtualenv --version - virtualenv --help - watchfiles --version watchfiles --help wsdump --help diff --git a/kube-metrics-adapter.yaml b/kube-metrics-adapter.yaml index 9ed1d3cbf57..438324b5c89 100644 --- a/kube-metrics-adapter.yaml +++ b/kube-metrics-adapter.yaml @@ -1,7 +1,7 @@ package: name: kube-metrics-adapter version: 0.2.3 - epoch: 2 + epoch: 3 description: General purpose metrics adapter for Kubernetes HPA metrics copyright: - license: MIT @@ -15,7 +15,7 @@ pipeline: - uses: go/bump with: - deps: github.com/gomarkdown/markdown@v0.0.0-20240930133441-72d49d9543d8 + deps: github.com/gomarkdown/markdown@v0.0.0-20240930133441-72d49d9543d8 golang.org/x/crypto@v0.31.0 modroot: . - uses: go/build diff --git a/kube-rbac-proxy.yaml b/kube-rbac-proxy.yaml index 99d3fdb0d66..fda9de1142e 100644 --- a/kube-rbac-proxy.yaml +++ b/kube-rbac-proxy.yaml @@ -1,7 +1,7 @@ package: name: kube-rbac-proxy version: 0.18.2 - epoch: 0 + epoch: 1 description: Kubernetes RBAC authorizing HTTP proxy for a single upstream. copyright: - license: Apache-2.0 @@ -21,6 +21,10 @@ pipeline: tag: v${{package.version}} expected-commit: 28ede67b07bfa78103e78a4c4ce43560d6b15dba + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | # Mitigate CVE-2023-45142/GHSA-rcjv-mgp8-qvmr go get -u go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.46.1 diff --git a/kube-state-metrics.yaml b/kube-state-metrics.yaml index 901dc250402..45343d6ed75 100644 --- a/kube-state-metrics.yaml +++ b/kube-state-metrics.yaml @@ -1,7 +1,7 @@ package: name: kube-state-metrics version: 2.14.0 - epoch: 0 + epoch: 1 description: Add-on agent to generate and expose cluster-level metrics. copyright: - license: Apache-2.0 @@ -23,7 +23,7 @@ pipeline: - uses: go/bump with: - deps: github.com/emicklei/go-restful/v3@v3.11.3 + deps: github.com/emicklei/go-restful/v3@v3.11.3 golang.org/x/crypto@v0.31.0 modroot: . - runs: | diff --git a/kubeflow-pipelines-visualization-server.yaml b/kubeflow-pipelines-visualization-server.yaml index 3f49747b562..64ec6092272 100644 --- a/kubeflow-pipelines-visualization-server.yaml +++ b/kubeflow-pipelines-visualization-server.yaml @@ -1,7 +1,7 @@ package: name: kubeflow-pipelines-visualization-server version: 2.3.0 - epoch: 3 + epoch: 4 description: Machine Learning Pipelines for Kubeflow copyright: - license: Apache-2.0 diff --git a/kubeflow-pipelines-visualization-server/0001-Bump-dependencies.patch b/kubeflow-pipelines-visualization-server/0001-Bump-dependencies.patch index e23afbfe570..ed46fe551f8 100644 --- a/kubeflow-pipelines-visualization-server/0001-Bump-dependencies.patch +++ b/kubeflow-pipelines-visualization-server/0001-Bump-dependencies.patch @@ -746,7 +746,7 @@ index 00cc9a82e..8f69cbc48 100644 +threadpoolctl==3.5.0 # via scikit-learn -tornado==6.3.3 -+tornado==6.4.1 ++tornado==6.4.2 # via # -r requirements.in # bokeh diff --git a/kubernetes-1.31.yaml b/kubernetes-1.32.yaml similarity index 96% rename from kubernetes-1.31.yaml rename to kubernetes-1.32.yaml index d053342f198..85483329e09 100644 --- a/kubernetes-1.31.yaml +++ b/kubernetes-1.32.yaml @@ -1,6 +1,6 @@ package: - name: kubernetes-1.31 - version: 1.31.4 + name: kubernetes-1.32 + version: 1.32.0 epoch: 0 description: Production-Grade Container Scheduling and Management copyright: @@ -41,15 +41,11 @@ pipeline: with: repository: https://github.com/kubernetes/kubernetes tag: v${{package.version}} - expected-commit: a78aa47129b8539636eb86a9d00e31b2720fe06b + expected-commit: 7e247d1acd3bd293fd854a8e4a408e4af010af32 - runs: | export GOWORK=off - - uses: go/bump - with: - deps: go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful@v0.46.1 github.com/opencontainers/runc@v1.1.14 - - runs: | # Use our Go version instead of downloading another one export FORCE_HOST_GO=true @@ -253,7 +249,7 @@ update: github: identifier: kubernetes/kubernetes strip-prefix: v - tag-filter: v1.31. + tag-filter: v1.32. test: pipeline: diff --git a/kubernetes-dashboard-api.yaml b/kubernetes-dashboard-api.yaml index f2a19c86864..b61b5bc35e9 100644 --- a/kubernetes-dashboard-api.yaml +++ b/kubernetes-dashboard-api.yaml @@ -1,7 +1,7 @@ package: name: kubernetes-dashboard-api version: 1.10.1 - epoch: 0 + epoch: 1 description: Go module handling authentication to the Kubernetes API copyright: - license: Apache-2.0 @@ -13,6 +13,11 @@ pipeline: tag: api/v${{package.version}} expected-commit: 8c15a76aec0489f63ab841e4aaf09391d2e68912 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + modroot: ./modules/api + - uses: go/build with: packages: . diff --git a/kubernetes-event-exporter.yaml b/kubernetes-event-exporter.yaml index df9722da72b..a034a0cd13b 100644 --- a/kubernetes-event-exporter.yaml +++ b/kubernetes-event-exporter.yaml @@ -1,7 +1,7 @@ package: name: kubernetes-event-exporter version: "1.7" - epoch: 11 + epoch: 12 description: Export Kubernetes events to multiple destinations with routing and filtering copyright: - license: Apache-2.0 @@ -26,7 +26,7 @@ pipeline: - uses: go/bump with: - deps: google.golang.org/grpc@v1.56.3 github.com/sirupsen/logrus@v1.9.3 google.golang.org/protobuf@v1.33.0 golang.org/x/net@v0.23.0 github.com/hashicorp/go-retryablehttp@v0.7.7 + deps: google.golang.org/grpc@v1.56.3 github.com/sirupsen/logrus@v1.9.3 google.golang.org/protobuf@v1.33.0 golang.org/x/net@v0.23.0 github.com/hashicorp/go-retryablehttp@v0.7.7 golang.org/x/crypto@v0.31.0 modroot: . - uses: go/build diff --git a/kubernetes-latest.yaml b/kubernetes-latest.yaml index df9adfb569c..2a84b0f1e60 100644 --- a/kubernetes-latest.yaml +++ b/kubernetes-latest.yaml @@ -1,7 +1,7 @@ package: name: kubernetes-latest version: 0 - epoch: 5 + epoch: 6 description: "Compatibility infrastructure for Kubernetes components" copyright: - license: GPL-2.0-or-later @@ -13,7 +13,7 @@ environment: vars: components: "kubectl kubeadm kubelet kube-scheduler kube-proxy kube-controller-manager kube-apiserver" - kubernetes-version: 1.31 + kubernetes-version: 1.32 pipeline: - runs: | diff --git a/kubescape.yaml b/kubescape.yaml index 7b7e2744621..f2d963ff99c 100644 --- a/kubescape.yaml +++ b/kubescape.yaml @@ -1,7 +1,7 @@ package: name: kubescape version: 3.0.22 - epoch: 0 + epoch: 1 description: Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources. copyright: - license: Apache-2.0 AND MIT @@ -27,7 +27,7 @@ pipeline: - uses: go/bump with: - deps: github.com/mholt/archiver/v3@v3.5.2 + deps: github.com/mholt/archiver/v3@v3.5.2 golang.org/x/crypto@v0.31.0 replaces: github.com/mholt/archiver/v3=github.com/anchore/archiver/v3@v3.5.2 - runs: | diff --git a/kubewatch.yaml b/kubewatch.yaml index c76086e235c..712656c26bd 100644 --- a/kubewatch.yaml +++ b/kubewatch.yaml @@ -1,7 +1,7 @@ package: name: kubewatch version: 2.9.0 - epoch: 0 + epoch: 1 description: Watch k8s events and trigger Handlers copyright: - license: Apache-2.0 @@ -24,6 +24,10 @@ pipeline: - runs: | go mod tidy + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: output: kubewatch diff --git a/lazygit.yaml b/lazygit.yaml index 868f6fce706..d115144e3f9 100644 --- a/lazygit.yaml +++ b/lazygit.yaml @@ -1,7 +1,7 @@ package: name: lazygit version: 0.44.1 - epoch: 0 + epoch: 1 description: simple terminal UI for git commands copyright: - license: MIT @@ -24,7 +24,7 @@ pipeline: - uses: go/bump with: - deps: golang.org/x/net@v0.23.0 + deps: golang.org/x/net@v0.23.0 golang.org/x/crypto@v0.31.0 replaces: golang.org/x/net=golang.org/x/net@v0.23.0 - uses: go/build diff --git a/libeconf.yaml b/libeconf.yaml index 7504693f9b4..04355b71c6f 100644 --- a/libeconf.yaml +++ b/libeconf.yaml @@ -1,6 +1,6 @@ package: name: libeconf - version: 0.7.5 + version: 0.7.6 epoch: 0 description: Enhanced Config File Parser copyright: @@ -20,7 +20,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 55395fda6890603ca5061cd15a32dfb2d6817928 + expected-commit: acbf7e06de84ea289fd4d3dd189d7e36c49c09ae repository: https://github.com/openSUSE/libeconf tag: v${{package.version}} diff --git a/libreoffice-24.8.yaml b/libreoffice-24.8.yaml index df4583cc69e..3a3853ef225 100644 --- a/libreoffice-24.8.yaml +++ b/libreoffice-24.8.yaml @@ -1,6 +1,6 @@ package: name: libreoffice-24.8 - version: 24.8.4.1 + version: 24.8.4.2 epoch: 0 description: # https://www.libreoffice.org/about-us/licenses @@ -101,7 +101,7 @@ pipeline: with: repository: https://github.com/LibreOffice/core tag: libreoffice-${{package.version}} - expected-commit: 1be9007f5d86a3741c366527d13e2970cbeef057 + expected-commit: bb3cfa12c7b1bf994ecc5649a80400d06cd71002 # patch rather than cherry-pick. The git fetch of main takes multiple minutes. - uses: patch diff --git a/libspatialindex.yaml b/libspatialindex.yaml index 8d16aa2b1b9..9dc21b3566d 100644 --- a/libspatialindex.yaml +++ b/libspatialindex.yaml @@ -36,6 +36,9 @@ subpackages: - name: libspatialindex-dev pipeline: - uses: split/dev + test: + pipeline: + - uses: test/pkgconf test: environment: @@ -139,10 +142,6 @@ test: # Run the program to check if it can open the BPF object ./test_prog - - name: "Check pkg-config" - runs: | - pkg-config --exists libspatialindex - pkg-config --modversion libspatialindex update: enabled: true diff --git a/litestream.yaml b/litestream.yaml index daee118bae1..e647b547e78 100644 --- a/litestream.yaml +++ b/litestream.yaml @@ -1,7 +1,7 @@ package: name: litestream version: 0.3.13 - epoch: 5 + epoch: 6 description: Streaming replication for SQLite. copyright: - license: Apache-2.0 @@ -15,7 +15,7 @@ pipeline: - uses: go/bump with: - deps: golang.org/x/crypto@v0.17.0 golang.org/x/net@v0.23.0 google.golang.org/grpc@v1.57.1 google.golang.org/protobuf@v1.33.0 + deps: golang.org/x/net@v0.23.0 google.golang.org/grpc@v1.57.1 google.golang.org/protobuf@v1.33.0 golang.org/x/crypto@v0.31.0 - uses: go/build with: diff --git a/local-path-provisioner.yaml b/local-path-provisioner.yaml index 3a9f435e5f8..9d4c43a4ff4 100644 --- a/local-path-provisioner.yaml +++ b/local-path-provisioner.yaml @@ -1,7 +1,7 @@ package: name: local-path-provisioner version: 0.0.30 - epoch: 0 + epoch: 1 description: Dynamically provisioning persistent local storage with Kubernetes copyright: - license: Apache-2.0 @@ -25,6 +25,10 @@ pipeline: tag: v${{package.version}} expected-commit: c4fdcada94c2e632cd7d9231e73406d554eb40e2 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: . diff --git a/local-static-provisioner.yaml b/local-static-provisioner.yaml index e31c8ad27ad..1c6bf51fdb8 100644 --- a/local-static-provisioner.yaml +++ b/local-static-provisioner.yaml @@ -1,7 +1,7 @@ package: name: local-static-provisioner version: 2.7.0 - epoch: 7 + epoch: 8 description: Static provisioner of local volumes copyright: - license: Apache-2.0 @@ -27,9 +27,13 @@ pipeline: tag: v${{package.version}} expected-commit: 4f81db77908ff67d8cac223c31413a293cd65d73 + - uses: patch + with: + patches: k8s-GHSA-27wf-5967-98gx-fix.patch + - uses: go/bump with: - deps: google.golang.org/protobuf@v1.33.0 golang.org/x/net@v0.23.0 k8s.io/apiserver@v0.27.13 k8s.io/kubernetes@v1.27.16 + deps: google.golang.org/protobuf@v1.35.2 golang.org/x/net@v0.32.0 golang.org/x/crypto@v0.31.0 - uses: go/build with: diff --git a/local-static-provisioner/k8s-GHSA-27wf-5967-98gx-fix.patch b/local-static-provisioner/k8s-GHSA-27wf-5967-98gx-fix.patch new file mode 100644 index 00000000000..bc6a7758749 --- /dev/null +++ b/local-static-provisioner/k8s-GHSA-27wf-5967-98gx-fix.patch @@ -0,0 +1,108 @@ +diff --git a/go.mod b/go.mod +index d19a005d..166c689b 100644 +--- a/go.mod ++++ b/go.mod +@@ -11,13 +11,13 @@ require ( + github.com/spf13/pflag v1.0.5 + golang.org/x/sys v0.17.0 + gopkg.in/yaml.v2 v2.4.0 +- k8s.io/api v0.27.8 +- k8s.io/apimachinery v0.27.8 +- k8s.io/apiserver v0.27.8 +- k8s.io/client-go v0.27.8 +- k8s.io/component-base v0.27.8 ++ k8s.io/api v0.28.15 ++ k8s.io/apimachinery v0.28.15 ++ k8s.io/apiserver v0.28.15 ++ k8s.io/client-go v0.28.15 ++ k8s.io/component-base v0.28.15 + k8s.io/klog/v2 v2.90.1 +- k8s.io/kubernetes v1.27.8 ++ k8s.io/kubernetes v1.28.15 + k8s.io/pod-security-admission v0.0.0 + k8s.io/utils v0.0.0-20230209194617-a36077c30491 + sigs.k8s.io/sig-storage-lib-external-provisioner/v6 v6.3.0 +@@ -123,15 +123,15 @@ require ( + gopkg.in/warnings.v0 v0.1.1 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/apiextensions-apiserver v0.0.0 // indirect +- k8s.io/cloud-provider v0.27.8 // indirect +- k8s.io/component-helpers v0.27.8 // indirect +- k8s.io/controller-manager v0.27.8 // indirect +- k8s.io/kms v0.27.8 // indirect ++ k8s.io/cloud-provider v0.28.15 // indirect ++ k8s.io/component-helpers v0.28.15 // indirect ++ k8s.io/controller-manager v0.28.15 // indirect ++ k8s.io/kms v0.28.15 // indirect + k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect + k8s.io/kubectl v0.0.0 // indirect + k8s.io/kubelet v0.0.0 // indirect + k8s.io/legacy-cloud-providers v0.0.0 // indirect +- k8s.io/mount-utils v0.27.8 // indirect ++ k8s.io/mount-utils v0.28.15 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.1.2 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect +@@ -139,33 +139,33 @@ require ( + + replace ( + github.com/emicklei/go-restful => github.com/emicklei/go-restful/v3 v3.8.0 +- k8s.io/api => k8s.io/api v0.27.8 +- k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.27.8 +- k8s.io/apimachinery => k8s.io/apimachinery v0.27.8 +- k8s.io/apiserver => k8s.io/apiserver v0.27.8 +- k8s.io/cli-runtime => k8s.io/cli-runtime v0.27.8 +- k8s.io/client-go => k8s.io/client-go v0.27.8 +- k8s.io/cloud-provider => k8s.io/cloud-provider v0.27.8 +- k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.27.8 +- k8s.io/code-generator => k8s.io/code-generator v0.27.8 +- k8s.io/component-base => k8s.io/component-base v0.27.8 +- k8s.io/component-helpers => k8s.io/component-helpers v0.27.8 +- k8s.io/controller-manager => k8s.io/controller-manager v0.27.8 +- k8s.io/cri-api => k8s.io/cri-api v0.27.8 +- k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.27.8 +- k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.27.8 +- k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.27.8 +- k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.27.8 +- k8s.io/kube-proxy => k8s.io/kube-proxy v0.27.8 +- k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.27.8 +- k8s.io/kubectl => k8s.io/kubectl v0.27.8 +- k8s.io/kubelet => k8s.io/kubelet v0.27.8 +- k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.27.8 +- k8s.io/metrics => k8s.io/metrics v0.27.8 +- k8s.io/mount-utils => k8s.io/mount-utils v0.27.8 +- k8s.io/node-api => k8s.io/node-api v0.27.8 +- k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.27.8 +- k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.27.8 +- k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.27.8 +- k8s.io/sample-controller => k8s.io/sample-controller v0.27.8 ++ k8s.io/api => k8s.io/api v0.28.15 ++ k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.28.15 ++ k8s.io/apimachinery => k8s.io/apimachinery v0.28.15 ++ k8s.io/apiserver => k8s.io/apiserver v0.28.15 ++ k8s.io/cli-runtime => k8s.io/cli-runtime v0.28.15 ++ k8s.io/client-go => k8s.io/client-go v0.28.15 ++ k8s.io/cloud-provider => k8s.io/cloud-provider v0.28.15 ++ k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.28.15 ++ k8s.io/code-generator => k8s.io/code-generator v0.28.15 ++ k8s.io/component-base => k8s.io/component-base v0.28.15 ++ k8s.io/component-helpers => k8s.io/component-helpers v0.28.15 ++ k8s.io/controller-manager => k8s.io/controller-manager v0.28.15 ++ k8s.io/cri-api => k8s.io/cri-api v0.28.15 ++ k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.28.15 ++ k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.28.15 ++ k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.28.15 ++ k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.28.15 ++ k8s.io/kube-proxy => k8s.io/kube-proxy v0.28.15 ++ k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.28.15 ++ k8s.io/kubectl => k8s.io/kubectl v0.28.15 ++ k8s.io/kubelet => k8s.io/kubelet v0.28.15 ++ k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.28.15 ++ k8s.io/metrics => k8s.io/metrics v0.28.15 ++ k8s.io/mount-utils => k8s.io/mount-utils v0.28.15 ++ k8s.io/node-api => k8s.io/node-api v0.28.15 ++ k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.28.15 ++ k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.28.15 ++ k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.28.15 ++ k8s.io/sample-controller => k8s.io/sample-controller v0.28.15 + ) diff --git a/loki-3.3.yaml b/loki-3.3.yaml index 2e91dafa7bf..5de0a6f2b48 100644 --- a/loki-3.3.yaml +++ b/loki-3.3.yaml @@ -1,7 +1,7 @@ package: name: loki-3.3 version: 3.3.1 - epoch: 0 + epoch: 1 description: Like Prometheus, but for logs. copyright: - license: AGPL-3.0-or-later @@ -27,7 +27,7 @@ pipeline: - uses: go/bump with: - deps: github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 - uses: autoconf/make diff --git a/melange.yaml b/melange.yaml index d2722876d6b..bb940bb6ffd 100644 --- a/melange.yaml +++ b/melange.yaml @@ -1,7 +1,7 @@ package: name: melange version: 0.17.7 - epoch: 0 + epoch: 1 description: build APKs from source code copyright: - license: Apache-2.0 diff --git a/melange/init b/melange/init index 19e2b44f756..352c9f281ac 100755 --- a/melange/init +++ b/melange/init @@ -34,11 +34,25 @@ fi # If this fails and we won't have network, the ifconfig command will fail anyway. # Also we load cpu accelleration drivers in case those are needed. depmod -a || : -sort -u \ - /sys/devices/system/cpu/modalias \ - /sys/devices/pci*/*/virtio*/modalias | xargs -n1 modprobe 2>/dev/null || : +sort -u /sys/devices/system/cpu/modalias | xargs -n1 modprobe 2>/dev/null || : +sort -u /sys/devices/pci*/*/virtio*/modalias | xargs -n1 modprobe 2>/dev/null || : # modprobe 9p if absent -grep -q 9p /proc/filesystems || modprobe 9p +if ! grep -q 9p /proc/filesystems; then + modprobe virtio + modprobe virtio_blk + modprobe virtio_gpu + modprobe virtio_net + modprobe virtio_pci + modprobe virtio_pci_legacy_dev + modprobe virtio_pci_modern_dev + modprobe virtio_pmem + modprobe virtio_ring + modprobe virtio_rng + modprobe virtio_scsi + modprobe 9pnet_virtio + modprobe 9pnet + modprobe 9p +fi # Setup default mountpoint for 9p shared dir mount -t 9p -otrans=virtio -oversion=9p2000.L defaultshare /mnt/ diff --git a/minio.yaml b/minio.yaml index c17d63b9fcb..6958136f0cd 100644 --- a/minio.yaml +++ b/minio.yaml @@ -1,7 +1,7 @@ package: name: minio version: 0.20241107.005220 - epoch: 0 + epoch: 1 description: Multi-Cloud Object Storage copyright: - license: AGPL-3.0-or-later @@ -28,6 +28,10 @@ pipeline: tag: ${{vars.mangled-package-version}} expected-commit: cefc43e4daa4cbb490ef6726ea374e26a93eb85e + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make build mkdir -p ${{targets.destdir}}/usr/bin diff --git a/mkcert.yaml b/mkcert.yaml index 2755efa2675..142f387d127 100644 --- a/mkcert.yaml +++ b/mkcert.yaml @@ -1,7 +1,7 @@ package: name: mkcert version: 1.4.4 - epoch: 5 + epoch: 6 description: A simple zero-config tool to make locally trusted development certificates with any names you'd like. copyright: - license: BSD-3-Clause @@ -20,8 +20,8 @@ pipeline: - uses: go/bump with: - deps: golang.org/x/net@v0.21.0 golang.org/x/text@v0.3.8 - replaces: golang.org/x/crypto=golang.org/x/crypto@v0.21.0 + deps: golang.org/x/net@v0.21.0 golang.org/x/text@v0.3.8 golang.org/x/crypto@v0.31.0 + replaces: golang.org/x/crypto=golang.org/x/crypto@v0.31.0 - uses: go/build with: diff --git a/modelmesh-runtime-adapter.yaml b/modelmesh-runtime-adapter.yaml index 934c027c373..ac51366df4f 100644 --- a/modelmesh-runtime-adapter.yaml +++ b/modelmesh-runtime-adapter.yaml @@ -1,7 +1,7 @@ package: name: modelmesh-runtime-adapter version: 0.12.0 - epoch: 2 + epoch: 3 description: Unified runtime-adapter package of the sidecar containers which run in the modelmesh pods dependencies: runtime: @@ -23,6 +23,10 @@ pipeline: expected-commit: 5d0c9a008cce30b2b3839874c9f1f2ca8ddc38de tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - name: build-mlserver-adapter uses: go/build with: diff --git a/mongo-tools.yaml b/mongo-tools.yaml index 311ccfdc25c..c8f23cc7f9d 100644 --- a/mongo-tools.yaml +++ b/mongo-tools.yaml @@ -1,7 +1,7 @@ package: name: mongo-tools version: 100.10.0 - epoch: 3 + epoch: 4 description: Tools for MongoDB copyright: - license: Apache-2.0 @@ -23,6 +23,10 @@ pipeline: tag: ${{package.version}} expected-commit: 6d4f001be3fcf673de04d20176e90ee02ef233a9 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: patch with: patches: release-platform.patch diff --git a/nerdctl.yaml b/nerdctl.yaml index 5b71684c9c0..97688ccf8fa 100644 --- a/nerdctl.yaml +++ b/nerdctl.yaml @@ -1,7 +1,7 @@ package: name: nerdctl version: 2.0.2 - epoch: 0 + epoch: 1 description: Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ... copyright: - license: Apache-2.0 @@ -21,6 +21,10 @@ pipeline: tag: v${{package.version}} expected-commit: 1220ce7ec2701d485a9b1beeea63dae3da134fb5 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make nerdctl install -Dm755 ./_output/nerdctl ${{targets.destdir}}/usr/bin/nerdctl diff --git a/newrelic-nri-statsd.yaml b/newrelic-nri-statsd.yaml index a74e6f75ad1..d8cfc545237 100644 --- a/newrelic-nri-statsd.yaml +++ b/newrelic-nri-statsd.yaml @@ -1,7 +1,7 @@ package: name: newrelic-nri-statsd - version: 2.9.2 - epoch: 2 + version: 2.10.0 + epoch: 0 description: An implementation of Etsy's statsd in Go with tags support copyright: - license: MIT @@ -19,14 +19,9 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 13951ecf771c00604d7fd37feab9b4f0df245219 + expected-commit: 21cb52ec9480869d1ff01675b9ed550cc9212c49 repository: https://github.com/newrelic/nri-statsd - tag: ${{package.version}} - - - uses: go/bump - with: - deps: golang.org/x/net@v0.23.0 - modroot: tests/integration + tag: v${{package.version}} - runs: | mkdir -p "${{targets.destdir}}"/bin @@ -42,6 +37,7 @@ update: enabled: true github: identifier: newrelic/nri-statsd + strip-prefix: v test: pipeline: diff --git a/node-feature-discovery-0.16.yaml b/node-feature-discovery-0.16.yaml index d7262d77797..e7fc323b4a8 100644 --- a/node-feature-discovery-0.16.yaml +++ b/node-feature-discovery-0.16.yaml @@ -1,7 +1,7 @@ package: name: node-feature-discovery-0.16 version: 0.16.6 - epoch: 2 + epoch: 3 description: Node feature discovery for Kubernetes copyright: - license: Apache-2.0 @@ -27,6 +27,11 @@ pipeline: mkdir -p ${{targets.contextdir}}/etc/kubernetes/node-feature-discovery/ cp ./deployment/components/worker-config/nfd-worker.conf.example ${{targets.contextdir}}/etc/kubernetes/node-feature-discovery/nfd-worker.conf + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + modroot: . + - uses: go/build with: modroot: . diff --git a/nodetaint.yaml b/nodetaint.yaml index ee2e29b2e89..d8e2aa4e67c 100644 --- a/nodetaint.yaml +++ b/nodetaint.yaml @@ -1,7 +1,7 @@ package: name: nodetaint version: 0.0.4 - epoch: 22 + epoch: 24 description: Controller to manage taints for nodes in a k8s cluster. copyright: - license: Apache-2.0 @@ -23,44 +23,22 @@ pipeline: - uses: go/bump with: - deps: k8s.io/api@v0.27.13 k8s.io/client-go@v0.27.13 google.golang.org/protobuf@v1.33.0 golang.org/x/net@v0.23.0 k8s.io/apimachinery@v0.27.13 k8s.io/kubernetes@v1.27.16 + deps: k8s.io/api@v0.28.15 k8s.io/client-go@v0.28.15 google.golang.org/protobuf@v1.33.0 golang.org/x/net@v0.23.0 k8s.io/apimachinery@v0.28.15 k8s.io/kubernetes@v1.28.15 + replaces: k8s.io/api=k8s.io/api@v0.28.15 k8s.io/apiextensions-apiserver=k8s.io/apiextensions-apiserver@v0.28.15 k8s.io/apimachinery=k8s.io/apimachinery@v0.28.15 k8s.io/apiserver=k8s.io/apiserver@v0.28.15 k8s.io/cli-runtime=k8s.io/cli-runtime@v0.28.15 k8s.io/client-go=k8s.io/client-go@v0.28.15 k8s.io/cloud-provider=k8s.io/cloud-provider@v0.28.15 k8s.io/cluster-bootstrap=k8s.io/cluster-bootstrap@v0.28.15 k8s.io/code-generator=k8s.io/code-generator@v0.28.15 k8s.io/component-base=k8s.io/component-base@v0.28.15 k8s.io/cri-api=k8s.io/cri-api@v0.28.15 k8s.io/csi-translation-lib=k8s.io/csi-translation-lib@v0.28.15 k8s.io/kube-aggregator=k8s.io/kube-aggregator@v0.28.15 k8s.io/kube-controller-manager=k8s.io/kube-controller-manager@v0.28.15 k8s.io/kube-proxy=k8s.io/kube-proxy@v0.28.15 k8s.io/kube-scheduler=k8s.io/kube-scheduler@v0.28.15 k8s.io/kubectl=k8s.io/kubectl@v0.28.15 k8s.io/kubelet=k8s.io/kubelet@v0.28.15 k8s.io/legacy-cloud-providers=k8s.io/legacy-cloud-providers@v0.28.15 k8s.io/metrics=k8s.io/metrics@v0.28.15 k8s.io/sample-apiserver=k8s.io/sample-apiserver@v0.28.15 k8s.io/sample-cli-plugin=k8s.io/sample-cli-plugin@v0.28.15 k8s.io/sample-controller=k8s.io/sample-controller@v0.28.15 - runs: | - # Mitigate CVE-2023-39325, CVE-2023-3978, CVE-2023-44487 - - # CVE-2021-25736, CVE-2023-3676, CVE-2023-3955, GHSA-8cfg-vx93-jvxw - go mod edit -replace=k8s.io/api=k8s.io/api@v0.27.8 - go mod edit -replace=k8s.io/apiextensions-apiserver=k8s.io/apiextensions-apiserver@v0.27.8 - go mod edit -replace=k8s.io/apimachinery=k8s.io/apimachinery@v0.27.8 - go mod edit -replace=k8s.io/apiserver=k8s.io/apiserver@v0.27.8 - go mod edit -replace=k8s.io/cli-runtime=k8s.io/cli-runtime@v0.27.8 - go mod edit -replace=k8s.io/client-go=k8s.io/client-go@v0.27.8 - go mod edit -replace=k8s.io/cloud-provider=k8s.io/cloud-provider@v0.27.8 - go mod edit -replace=k8s.io/cluster-bootstrap=k8s.io/cluster-bootstrap@v0.27.8 - go mod edit -replace=k8s.io/code-generator=k8s.io/code-generator@v0.27.8 - go mod edit -replace=k8s.io/component-base=k8s.io/component-base@v0.27.8 - go mod edit -replace=k8s.io/cri-api=k8s.io/cri-api@v0.27.8 - go mod edit -replace=k8s.io/csi-translation-lib=k8s.io/csi-translation-lib@v0.27.8 - go mod edit -replace=k8s.io/kube-aggregator=k8s.io/kube-aggregator@v0.27.8 - go mod edit -replace=k8s.io/kube-controller-manager=k8s.io/kube-controller-manager@v0.27.8 - go mod edit -replace=k8s.io/kube-proxy=k8s.io/kube-proxy@v0.27.8 - go mod edit -replace=k8s.io/kube-scheduler=k8s.io/kube-scheduler@v0.27.8 - go mod edit -replace=k8s.io/kubectl=k8s.io/kubectl@v0.27.8 - go mod edit -replace=k8s.io/kubelet=k8s.io/kubelet@v0.27.8 - go mod edit -replace=k8s.io/legacy-cloud-providers=k8s.io/legacy-cloud-providers@v0.27.8 - go mod edit -replace=k8s.io/metrics=k8s.io/metrics@v0.27.8 - go mod edit -replace=k8s.io/sample-apiserver=k8s.io/sample-apiserver@v0.27.8 - go mod edit -replace=k8s.io/sample-cli-plugin=k8s.io/sample-cli-plugin@v0.27.8 - go mod edit -replace=k8s.io/sample-controller=k8s.io/sample-controller@v0.27.8 - - go mod tidy -compat=1.17 - CGO_ENABLED=0 GOARCH=$(go env GOARCH) GOOS=$(go env GOOS) go build -o . -a -installsuffix cgo . mkdir -p ${{targets.destdir}}/usr/bin install -Dm755 nodetaint ${{targets.destdir}}/usr/bin/nodetaint - uses: strip +test: + pipeline: + - name: Verify nodetaint binary + runs: | + nodetaint --help | grep -q "Usage:" + update: enabled: true github: diff --git a/nsc.yaml b/nsc.yaml index 9d17c8e4d46..c434bc2ad5e 100644 --- a/nsc.yaml +++ b/nsc.yaml @@ -1,6 +1,6 @@ package: name: nsc - version: 2.10.0 + version: 2.10.1 epoch: 0 description: Tool for creating nkey/jwt based configurations copyright: @@ -11,7 +11,7 @@ pipeline: with: repository: https://github.com/nats-io/nsc tag: v${{package.version}} - expected-commit: ce4b0540970b221460e0dcfaafaa7865e33f6fd2 + expected-commit: d2af91035880fe69d230afdbca0729d70d7eefef - uses: go/build with: diff --git a/oauth2-proxy.yaml b/oauth2-proxy.yaml index ae3d42dea19..61838b5631a 100644 --- a/oauth2-proxy.yaml +++ b/oauth2-proxy.yaml @@ -1,7 +1,7 @@ package: name: oauth2-proxy version: 7.7.1 - epoch: 0 + epoch: 1 description: Reverse proxy and static file server that provides authentication using various providers to validate accounts by email, domain or group. copyright: - license: MIT @@ -24,7 +24,7 @@ pipeline: - uses: go/bump with: - deps: github.com/go-jose/go-jose/v3@v3.0.3 + deps: github.com/go-jose/go-jose/v3@v3.0.3 golang.org/x/crypto@v0.31.0 - uses: go/build with: diff --git a/octo-sts.yaml b/octo-sts.yaml index a9546737491..34848eeb1e7 100644 --- a/octo-sts.yaml +++ b/octo-sts.yaml @@ -1,7 +1,7 @@ package: name: octo-sts version: 0.4.2 - epoch: 2 + epoch: 3 description: A GitHub App that acts like a Security Token Service (STS) for the Github API. copyright: - license: Apache-2.0 @@ -16,7 +16,7 @@ pipeline: - uses: go/bump with: - deps: github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 modroot: octo-sts - uses: go/build diff --git a/ollama.yaml b/ollama.yaml index c80368a76a1..c8e2e9ed773 100644 --- a/ollama.yaml +++ b/ollama.yaml @@ -1,7 +1,7 @@ package: name: ollama version: 0.5.1 - epoch: 0 + epoch: 1 description: Get up and running with Llama 2 and other large language models locally copyright: - license: MIT @@ -22,6 +22,10 @@ pipeline: tag: v${{package.version}} expected-commit: de52b6c2f90ff220ed9469167d51e3f5d7474fa2 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | go generate ./... CGO_ENABLED=1 go build -ldflags '-linkmode external -extldflags "-static"' . diff --git a/openbao-k8s.yaml b/openbao-k8s.yaml index be02d8becc4..6425d2b4123 100644 --- a/openbao-k8s.yaml +++ b/openbao-k8s.yaml @@ -1,7 +1,7 @@ package: name: openbao-k8s version: 1.4.0 - epoch: 0 + epoch: 1 description: First-class support for OpenBao and Kubernetes. copyright: - license: MPL-2.0 @@ -15,7 +15,7 @@ pipeline: - uses: go/bump with: - deps: golang.org/x/net@v0.23.0 google.golang.org/protobuf@v1.33.0 + deps: golang.org/x/net@v0.23.0 google.golang.org/protobuf@v1.33.0 golang.org/x/crypto@v0.31.0 - uses: go/build with: diff --git a/openbao.yaml b/openbao.yaml index 5c0c187bb49..c5a9d369cb7 100644 --- a/openbao.yaml +++ b/openbao.yaml @@ -1,7 +1,7 @@ package: name: openbao version: 2.1.0 - epoch: 0 + epoch: 1 description: OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. copyright: - license: MPL-2.0 @@ -26,6 +26,9 @@ pipeline: - runs: | # NOTE: uncomment when enabling embedding of UI # make ember-dist + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 - uses: go/build with: # NOTE: add "ui" tag when enabling embedding of UI diff --git a/opentelemetry-collector-contrib.yaml b/opentelemetry-collector-contrib.yaml index 196ad562609..121662d62df 100644 --- a/opentelemetry-collector-contrib.yaml +++ b/opentelemetry-collector-contrib.yaml @@ -1,7 +1,7 @@ package: name: opentelemetry-collector-contrib version: 0.115.0 - epoch: 0 + epoch: 1 description: Contrib repository for the OpenTelemetry Collector copyright: - license: Apache-2.0 @@ -19,7 +19,7 @@ pipeline: - uses: go/bump with: - deps: github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 modroot: ./cmd/otelcontribcol - uses: go/build diff --git a/opentofu-1.8.yaml b/opentofu-1.8.yaml index bd161325cf3..4388f0c457a 100644 --- a/opentofu-1.8.yaml +++ b/opentofu-1.8.yaml @@ -1,7 +1,7 @@ package: name: opentofu-1.8 version: 1.8.7 - epoch: 0 + epoch: 1 copyright: - license: MPL-2.0 dependencies: @@ -19,6 +19,11 @@ pipeline: repository: https://github.com/opentofu/opentofu tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + modroot: . + - uses: go/build with: ldflags: -s -w -X 'github.com/opentofu/opentofu/version.dev=no' diff --git a/osv-scanner.yaml b/osv-scanner.yaml index a78fc19bde2..2f1ca1b6bb7 100644 --- a/osv-scanner.yaml +++ b/osv-scanner.yaml @@ -1,7 +1,7 @@ package: name: osv-scanner version: 1.9.1 - epoch: 0 + epoch: 1 description: Vulnerability scanner written in Go which uses the data provided by https://osv.dev copyright: - license: Apache-2.0 @@ -20,6 +20,10 @@ pipeline: tag: v${{package.version}} repository: https://github.com/google/osv-scanner + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./cmd/osv-scanner/ diff --git a/pgbouncer.yaml b/pgbouncer.yaml index 5eb6f996b50..460f5ca5cfa 100644 --- a/pgbouncer.yaml +++ b/pgbouncer.yaml @@ -1,7 +1,7 @@ package: name: pgbouncer - version: 1.22.1 - epoch: 1 + version: 1.23.1 + epoch: 0 description: lightweight connection pooler for PostgreSQL copyright: - license: ISC @@ -31,8 +31,8 @@ pipeline: # and the docs require pandoc which requires haskell - uses: fetch with: - uri: https://github.com/pgbouncer/pgbouncer/releases/download/pgbouncer_${{vars.mangled-package-version}}/pgbouncer-${{package.version}}.tar.gz - expected-sha256: 2b018aa6ce7f592c9892bb9e0fd90262484eb73937fd2af929770a45373ba215 + uri: https://github.com/pgbouncer/pgbouncer/releases/download/pgbouncer_${{vars.mangled-package-version}}-fixed/pgbouncer-${{package.version}}.tar.gz + expected-sha256: 1963b497231d9a560a62d266e4a2eae6881ab401853d93e5d292c3740eec5084 - uses: autoconf/configure diff --git a/pipelines/test/ldd-check.yaml b/pipelines/test/ldd-check.yaml new file mode 100644 index 00000000000..ca68c3bf3dc --- /dev/null +++ b/pipelines/test/ldd-check.yaml @@ -0,0 +1,59 @@ +name: ldd-check + +needs: + packages: + - busybox + - posix-libc-utils + +inputs: + files: + description: | + The files to run `ldd` on and check for missing deps. + required: true + verbose: + description: | + Should the full ldd output be shown + required: false + default: false + +pipeline: + - name: "run ldd on provided files" + runs: | + set +x + set -f + error() { echo "ERROR[ldd-check]:" "$@"; exit 1; } + fail() { echo "FAIL[ldd-check]:" "$@"; fails=$((fails+1)); } + pass() { echo "PASS[ldd-check]:" "$@"; passes=$((passes+1)); } + cleanup() { [ -n "$tmpd" -o -z "$tmpd" ] && return 0; rm -Rf "$tmpd"; } + + tmpd=$(mktemp -d) || fail "ERROR: failed to create tmpdir" + trap cleanup EXIT + + fails=0 + passes=0 + files="${{inputs.files}}" + verbose="${{inputs.verbose}}" + case "$verbose" in + true|false) :;; + *) error "verbose must be 'true' or 'false'. found '$verbose'";; + esac + + export LANG=C + set -- $files + outf="$tmpd/out" + for f in "$@"; do + [ -e "$f" ] || { fail "$f: does not exist"; continue; } + [ -f "$f" ] || { fail "$f: not a file"; continue; } + ldd "$f" > "$outf" || { fail "$f: ldd exited $?"; continue; } + missing=$(awk \ + '$0 ~ /=> not found/ { miss = miss " " $1; }; END { printf("%s\n", miss); }' \ + "$outf") || error "$f: parsing with awk failed $?"; + if [ "$verbose" = "true" ]; then + echo "> $ ldd $f" + sed 's,^,> ,' "$outf" + fi + [ -z "$missing" ] && { pass "$f"; continue; } + fail "$f: missing ${missing# }" + done + echo "tested $((passes+fails)) files with ldd. $passes passes. $fails fails." + exit $fails diff --git a/policy-controller.yaml b/policy-controller.yaml index 080b641ab9c..7659c705c24 100644 --- a/policy-controller.yaml +++ b/policy-controller.yaml @@ -1,7 +1,7 @@ package: name: policy-controller version: 0.11.0 - epoch: 0 + epoch: 1 description: The policy admission controller used to enforce policy on a cluster on verifiable supply-chain metadata from cosign. copyright: - license: Apache-2.0 @@ -24,6 +24,10 @@ pipeline: repository: https://github.com/sigstore/policy-controller tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | mkdir -p "${{targets.destdir}}/usr/bin" make policy-controller && mv policy-controller "${{targets.destdir}}/usr/bin/policy-controller" diff --git a/portieris.yaml b/portieris.yaml index f1ca6e5c330..d12645ad60c 100644 --- a/portieris.yaml +++ b/portieris.yaml @@ -1,7 +1,7 @@ package: name: portieris version: 0.13.22 - epoch: 0 + epoch: 1 description: A Kubernetes Admission Controller for verifying image trust. copyright: - license: Apache-2.0 @@ -17,6 +17,10 @@ pipeline: tag: v${{package.version}} expected-commit: ad0725d34f9ee1aa18078ab2ba624dee26dafba9 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: "./cmd/portieris" diff --git a/postgres-operator.yaml b/postgres-operator.yaml index de95ebfde24..3e149393b0e 100644 --- a/postgres-operator.yaml +++ b/postgres-operator.yaml @@ -1,7 +1,7 @@ package: name: postgres-operator version: 1.13.0 - epoch: 2 + epoch: 3 description: Postgres operator creates and manages PostgreSQL clusters running in Kubernetes copyright: - license: MIT @@ -21,6 +21,11 @@ pipeline: repository: https://github.com/zalando/postgres-operator.git tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + modroot: . + - uses: go/build with: modroot: . diff --git a/prometheus-adapter.yaml b/prometheus-adapter.yaml index 9a18c11f4f2..d74500c6e42 100644 --- a/prometheus-adapter.yaml +++ b/prometheus-adapter.yaml @@ -1,7 +1,7 @@ package: name: prometheus-adapter version: 0.12.0 - epoch: 3 + epoch: 4 description: Prometheus Adapter for Kubernetes Metrics APIs copyright: - license: Apache-2.0 @@ -20,6 +20,10 @@ pipeline: expected-commit: 17cef511b1854441490bceeca7a710a04ce091ad tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make prometheus-adapter diff --git a/prometheus-bind-exporter.yaml b/prometheus-bind-exporter.yaml index 4a678348de7..314ddda0564 100644 --- a/prometheus-bind-exporter.yaml +++ b/prometheus-bind-exporter.yaml @@ -1,7 +1,7 @@ package: name: prometheus-bind-exporter version: 0.8.0 - epoch: 0 + epoch: 1 description: Prometheus exporter for BIND copyright: - license: Apache-2.0 @@ -23,6 +23,10 @@ pipeline: tag: v${{package.version}} expected-commit: 5cc1b62b9c866184193007a0f7ec3b2eb31460bf + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make common-build mkdir -p ${{targets.destdir}}/usr/bin diff --git a/prometheus-blackbox-exporter.yaml b/prometheus-blackbox-exporter.yaml index 25a54ea8cc2..e6479f654ba 100644 --- a/prometheus-blackbox-exporter.yaml +++ b/prometheus-blackbox-exporter.yaml @@ -1,7 +1,7 @@ package: name: prometheus-blackbox-exporter version: 0.25.0 - epoch: 7 + epoch: 8 description: Blackbox prober exporter copyright: - license: Apache-2.0 @@ -21,6 +21,10 @@ pipeline: tag: v${{package.version}} expected-commit: ef3ff4fef195333fb8ee0039fb487b2f5007908f + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make common-build diff --git a/prometheus-elasticsearch-exporter.yaml b/prometheus-elasticsearch-exporter.yaml index 0282a1f964f..d2d3a6896bb 100644 --- a/prometheus-elasticsearch-exporter.yaml +++ b/prometheus-elasticsearch-exporter.yaml @@ -1,7 +1,7 @@ package: name: prometheus-elasticsearch-exporter version: 1.8.0 - epoch: 0 + epoch: 1 description: Elasticsearch stats exporter for Prometheus copyright: - license: Apache-2.0 @@ -23,6 +23,10 @@ pipeline: tag: v${{package.version}} expected-commit: fd25030ff57e9eedc397616e6b8b620d396e4736 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make common-build diff --git a/prometheus-mongodb-exporter.yaml b/prometheus-mongodb-exporter.yaml index afb8aa587b5..49e5627ebdd 100644 --- a/prometheus-mongodb-exporter.yaml +++ b/prometheus-mongodb-exporter.yaml @@ -1,6 +1,6 @@ package: name: prometheus-mongodb-exporter - version: 0.43.0 + version: 0.43.1 epoch: 0 description: A Prometheus exporter for MongoDB including sharding, replication and storage engines copyright: @@ -17,9 +17,13 @@ pipeline: - uses: git-checkout with: repository: https://github.com/percona/mongodb_exporter - expected-commit: 1e9026b6a8f2a6c86cfc63f460b16d2194523797 + expected-commit: 2b2cccca21104c2a00cb53bd0d785b3d656fe803 tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make build mkdir -p ${{targets.destdir}}/usr/bin diff --git a/prometheus-mysqld-exporter.yaml b/prometheus-mysqld-exporter.yaml index f5728e60faa..05cc9d6bd69 100644 --- a/prometheus-mysqld-exporter.yaml +++ b/prometheus-mysqld-exporter.yaml @@ -2,7 +2,7 @@ package: name: prometheus-mysqld-exporter # When bumping this version you can remove the `go get` line in the build script version: 0.16.0 - epoch: 0 + epoch: 1 description: Prometheus Exporter for MySQL server metrics copyright: - license: Apache-2.0 @@ -16,6 +16,10 @@ pipeline: tag: v${{package.version}} expected-commit: c366424252a3140838a344a6cb0d40d44f1be91d + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: . diff --git a/prometheus-podman-exporter.yaml b/prometheus-podman-exporter.yaml index aa36ff726e9..7347e15a3ff 100644 --- a/prometheus-podman-exporter.yaml +++ b/prometheus-podman-exporter.yaml @@ -1,7 +1,7 @@ package: name: prometheus-podman-exporter version: 1.13.3 - epoch: 0 + epoch: 1 description: Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information. copyright: - license: Apache-2.0 @@ -23,7 +23,7 @@ pipeline: - uses: go/bump with: - deps: github.com/opencontainers/runc@v1.1.14 + deps: github.com/opencontainers/runc@v1.1.14 golang.org/x/crypto@v0.31.0 - uses: go/build with: diff --git a/prometheus-postgres-exporter.yaml b/prometheus-postgres-exporter.yaml index 87f9244c522..c3b61e700da 100644 --- a/prometheus-postgres-exporter.yaml +++ b/prometheus-postgres-exporter.yaml @@ -1,7 +1,7 @@ package: name: prometheus-postgres-exporter version: 0.16.0 - epoch: 0 + epoch: 1 description: Prometheus Exporter for Postgres server metrics copyright: - license: Apache-2.0 @@ -23,6 +23,10 @@ pipeline: tag: v${{package.version}} expected-commit: a324fe37bca5193a293118b940b3df7ab3a8505c + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make build diff --git a/prometheus-pushgateway.yaml b/prometheus-pushgateway.yaml index 8294bc0f715..742fb9c93ab 100644 --- a/prometheus-pushgateway.yaml +++ b/prometheus-pushgateway.yaml @@ -1,7 +1,7 @@ package: name: prometheus-pushgateway version: 1.10.0 - epoch: 0 + epoch: 1 description: Push acceptor for ephemeral and batch jobs. copyright: - license: Apache-2.0 @@ -23,6 +23,10 @@ pipeline: tag: v${{package.version}} expected-commit: 17dd0704c6595396b8ca2550884bd9f0d66990bb + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make build diff --git a/prometheus-stackdriver-exporter.yaml b/prometheus-stackdriver-exporter.yaml index 46ec3ae5c73..745ce0e863a 100644 --- a/prometheus-stackdriver-exporter.yaml +++ b/prometheus-stackdriver-exporter.yaml @@ -1,7 +1,7 @@ package: name: prometheus-stackdriver-exporter version: 0.17.0 - epoch: 0 + epoch: 1 description: Google Stackdriver Prometheus exporter copyright: - license: Apache-2.0 @@ -23,6 +23,10 @@ pipeline: tag: v${{package.version}} expected-commit: 15981bb0a405aaada894c7805ed8365fbd8b43ea + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make common-build diff --git a/prometheus-statsd-exporter.yaml b/prometheus-statsd-exporter.yaml index 4987842c71c..9b7aafe64f1 100644 --- a/prometheus-statsd-exporter.yaml +++ b/prometheus-statsd-exporter.yaml @@ -1,7 +1,7 @@ package: name: prometheus-statsd-exporter version: 0.28.0 - epoch: 0 + epoch: 1 description: StatsD exporter for Prometheus copyright: - license: Apache-2.0 @@ -21,6 +21,10 @@ pipeline: expected-commit: c0a390a2c43f77863278615b47d46e886bdca726 tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make common-build diff --git a/promxy.yaml b/promxy.yaml index d47c0b346a4..ca57a964c52 100644 --- a/promxy.yaml +++ b/promxy.yaml @@ -1,7 +1,7 @@ package: name: promxy version: 0.0.91 - epoch: 1 + epoch: 2 description: An aggregating proxy to enable HA prometheus. copyright: - license: MIT @@ -18,7 +18,7 @@ pipeline: - uses: go/bump with: - deps: github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 - uses: go/build with: diff --git a/pulumi-language-dotnet.yaml b/pulumi-language-dotnet.yaml index 8c10291656e..c04246e0896 100644 --- a/pulumi-language-dotnet.yaml +++ b/pulumi-language-dotnet.yaml @@ -1,7 +1,7 @@ package: name: pulumi-language-dotnet version: 3.71.0 - epoch: 0 + epoch: 1 description: Pulumi Language SDK for Dotnet copyright: - license: Apache-2.0 @@ -21,6 +21,11 @@ pipeline: repository: https://github.com/pulumi/pulumi-dotnet.git tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + modroot: pulumi-language-dotnet + - uses: go/build with: ldflags: -s -w -X github.com/pulumi/pulumi-language-dotnet/pkg/version.Version=v${{package.version}} diff --git a/pulumi-language-yaml.yaml b/pulumi-language-yaml.yaml index a1698446fe5..266981635e1 100644 --- a/pulumi-language-yaml.yaml +++ b/pulumi-language-yaml.yaml @@ -1,7 +1,7 @@ package: name: pulumi-language-yaml version: 1.12.0 - epoch: 0 + epoch: 1 description: Pulumi Language SDK for YAML copyright: - license: Apache-2.0 @@ -22,6 +22,11 @@ pipeline: repository: https://github.com/pulumi/pulumi-yaml.git tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + modroot: pulumi-language-yaml + - pipeline: - runs: | set -x diff --git a/py3-cassandra-medusa.yaml b/py3-cassandra-medusa.yaml index 0643b03646f..d0a15fd1197 100644 --- a/py3-cassandra-medusa.yaml +++ b/py3-cassandra-medusa.yaml @@ -2,7 +2,7 @@ package: name: py3-cassandra-medusa version: 0.22.3 - epoch: 0 + epoch: 1 description: Apache Cassandra backup and restore tool copyright: - license: Apache-2.0 @@ -37,7 +37,7 @@ pipeline: runs: | pip install wheel pip install poetry - poetry add "aiohttp==3.9.4" + poetry add "aiohttp==3.10.11" poetry add "certifi==2024.7.4" poetry add "dnspython==2.6.1" poetry add "idna==3.7" diff --git a/py3-debugpy.yaml b/py3-debugpy.yaml index 436b5f42804..c7aa65f5c7f 100644 --- a/py3-debugpy.yaml +++ b/py3-debugpy.yaml @@ -1,6 +1,6 @@ package: name: py3-debugpy - version: 1.8.9 + version: 1.8.11 epoch: 0 description: An implementation of the Debug Adapter Protocol for Python copyright: @@ -28,7 +28,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: f4ba976121ce38ee1c7c1f3174fcc520bccc7e19 + expected-commit: 34cc53b2ac31b9de89a5445bbcfb0daddf33146e repository: https://github.com/microsoft/debugpy tag: v${{package.version}} diff --git a/py3-google-cloud-language.yaml b/py3-google-cloud-language.yaml index 58736099d96..5c7fc538e69 100644 --- a/py3-google-cloud-language.yaml +++ b/py3-google-cloud-language.yaml @@ -1,6 +1,6 @@ package: name: py3-google-cloud-language - version: 2.15.1 + version: 2.16.0 epoch: 0 description: Google Cloud Language API client library copyright: @@ -27,7 +27,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 5a281bedcf84b5292018a1f030464b4511e1324f + expected-commit: 20b8aaf927b4d3e1bf7261218e690c43005e471f repository: https://github.com/googleapis/google-cloud-python tag: google-cloud-language-v${{package.version}} diff --git a/py3-google-cloud-recommendations-ai.yaml b/py3-google-cloud-recommendations-ai.yaml index 0b82ddd6e25..cd20f49f640 100644 --- a/py3-google-cloud-recommendations-ai.yaml +++ b/py3-google-cloud-recommendations-ai.yaml @@ -1,6 +1,6 @@ package: name: py3-google-cloud-recommendations-ai - version: 0.10.14 + version: 0.10.15 epoch: 0 description: Google Cloud Recommendations Ai API client library copyright: @@ -27,7 +27,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 5a281bedcf84b5292018a1f030464b4511e1324f + expected-commit: 20b8aaf927b4d3e1bf7261218e690c43005e471f repository: https://github.com/googleapis/google-cloud-python tag: google-cloud-recommendations-ai-v${{package.version}} diff --git a/py3-jupyter-server.yaml b/py3-jupyter-server.yaml index de30491c0c0..273ee65977e 100644 --- a/py3-jupyter-server.yaml +++ b/py3-jupyter-server.yaml @@ -20,7 +20,6 @@ package: - py3-overrides - py3-packaging - py3-prometheus-client - - py3-pywinpty - py3-pyzmq - py3-send2trash - py3-terminado diff --git a/py3-openai.yaml b/py3-openai.yaml index 0dd7a046452..1be25569b26 100644 --- a/py3-openai.yaml +++ b/py3-openai.yaml @@ -1,8 +1,8 @@ # Generated from https://pypi.org/project/openai/ package: name: py3-openai - version: 1.57.3 - epoch: 1 + version: 1.57.4 + epoch: 0 description: Python client library for the OpenAI API copyright: - license: MIT @@ -39,7 +39,7 @@ pipeline: with: repository: https://github.com/openai/openai-python.git tag: v${{package.version}} - expected-commit: 0ae6f6b0ce55b6a9dd7e5caa684dfae2780c0088 + expected-commit: e94d98e9bf97a5d2d02d79d58f2abdbab26ff2bd subpackages: - range: py-versions diff --git a/py3-pycurl.yaml b/py3-pycurl.yaml index 55547ae62f7..c1aa9afa7b5 100644 --- a/py3-pycurl.yaml +++ b/py3-pycurl.yaml @@ -1,7 +1,7 @@ package: name: py3-pycurl - version: 7.45.3 - epoch: 2 + version: 7.45.4 + epoch: 0 description: PycURL -- A Python Interface To The cURL library copyright: - license: LGPL-2.1-or-later AND MIT @@ -30,7 +30,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 64bcc052698407ff82451d73317cf69b944a100e + expected-commit: 0e6abd49e1d6e9c2504218eb84e79fb3b72d821e repository: https://github.com/pycurl/pycurl tag: REL_${{vars.mangled-package-version}} diff --git a/py3-pywinpty.yaml b/py3-pywinpty.yaml deleted file mode 100644 index a9664ac1cbf..00000000000 --- a/py3-pywinpty.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# Generated from https://pypi.org/project/pywinpty/ -package: - name: py3-pywinpty - version: 2.0.13 - epoch: 4 - description: Pseudo terminal support for Windows from Python. - copyright: - - license: MIT - dependencies: - provider-priority: 0 - -vars: - pypi-package: pywinpty - -data: - - name: py-versions - items: - 3.10: '310' - 3.11: '311' - 3.12: '312' - 3.13: '313' - -environment: - contents: - packages: - - build-base - - busybox - - ca-certificates-bundle - - maturin - - openssf-compiler-options - - py3-supported-maturin - - py3-supported-pip - - wolfi-base - -pipeline: - - uses: fetch - with: - expected-sha256: c34e32351a3313ddd0d7da23d27f835c860d32fe4ac814d372a3ea9594f41dde - uri: https://files.pythonhosted.org/packages/source/p/pywinpty/pywinpty-${{package.version}}.tar.gz - -subpackages: - - range: py-versions - name: py${{range.key}}-${{vars.pypi-package}} - description: python${{range.key}} version of ${{vars.pypi-package}} - dependencies: - provider-priority: ${{range.value}} - provides: - - py3-${{vars.pypi-package}} - runtime: - - py${{range.key}}-numpy - - py${{range.key}}-pytz - pipeline: - - uses: py/pip-build-install - with: - python: python${{range.key}} - test: - pipeline: - - uses: python/import - with: - python: python${{range.key}} - import: winpty - - - name: py3-supported-${{vars.pypi-package}} - description: meta package providing ${{vars.pypi-package}} for supported python versions. - dependencies: - runtime: - - py3.10-${{vars.pypi-package}} - - py3.11-${{vars.pypi-package}} - - py3.12-${{vars.pypi-package}} - - py3.13-${{vars.pypi-package}} - test: - pipeline: - - uses: python/import - with: - python: python3.10 - import: winpty - -update: - enabled: true - release-monitor: - identifier: 48985 diff --git a/python-3.13.yaml b/python-3.13.yaml index cccbf26a45c..ae62741fbfc 100644 --- a/python-3.13.yaml +++ b/python-3.13.yaml @@ -1,7 +1,7 @@ package: name: python-3.13 version: 3.13.1 - epoch: 3 + epoch: 4 description: "the Python programming language" copyright: - license: PSF-2.0 @@ -10,8 +10,8 @@ package: memory: 8Gi dependencies: provides: - - python3=0 - - python-3=0 + - python3=${{package.full-version}} + - python-3=${{package.full-version}} runtime: - ${{package.name}}-base=${{package.full-version}} @@ -45,7 +45,7 @@ var-transforms: replace: '' to: python - from: ${{package.version}} - match: (\d).(\d+).(\d+).* + match: (\d).(\d+).(\d+) replace: '$1.$2' to: pyversion @@ -230,8 +230,8 @@ subpackages: description: "python3 development headers" dependencies: provides: - - python3-dev=0 - - python-3-dev=0 + - python3-dev=${{package.full-version}} + - python-3-dev=${{package.full-version}} runtime: - ${{package.name}}=${{package.full-version}} - ${{package.name}}-base-dev=${{package.full-version}} @@ -268,6 +268,12 @@ test: # main package should provide 'python' and 'python3'. python version-check.py ${{package.version}} python3 version-check.py ${{package.version}} + pydoc3 --version + pydoc3 --help + python --version + python --help + python3 --version + python3 --help - name: Verify working python3 -m venv runs: | d=$(mktemp -d) diff --git a/q.yaml b/q.yaml index 80fab45e53a..f1003847d6e 100644 --- a/q.yaml +++ b/q.yaml @@ -1,7 +1,7 @@ package: name: q version: 0.19.2 - epoch: 8 + epoch: 9 description: A tiny command line DNS client with support for UDP, TCP, DoT, DoH, DoQ and ODoH. copyright: - license: GPL-3.0-only @@ -23,7 +23,7 @@ pipeline: - uses: go/bump with: - deps: golang.org/x/crypto@v0.17.0 github.com/cloudflare/circl@v1.3.7 github.com/quic-go/quic-go@v0.42.0 golang.org/x/net@v0.23.0 + deps: github.com/cloudflare/circl@v1.3.7 github.com/quic-go/quic-go@v0.42.0 golang.org/x/net@v0.23.0 golang.org/x/crypto@v0.31.0 - name: Configure and build runs: | diff --git a/rabbitmq-messaging-topology-operator.yaml b/rabbitmq-messaging-topology-operator.yaml index e740ce8e13f..b1a3bd19409 100644 --- a/rabbitmq-messaging-topology-operator.yaml +++ b/rabbitmq-messaging-topology-operator.yaml @@ -1,7 +1,7 @@ package: name: rabbitmq-messaging-topology-operator version: 1.15.0 - epoch: 0 + epoch: 1 description: Open source RabbitMQ cluster operator. Kubernetes operator to deploy and manage RabbitMQ clusters. copyright: - license: MPL-2.0 @@ -24,6 +24,10 @@ pipeline: repository: https://github.com/rabbitmq/messaging-topology-operator tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: output: manager diff --git a/rancher-charts-2.10.yaml b/rancher-charts-2.10.yaml index d6aa7f20bf7..d94b539b499 100644 --- a/rancher-charts-2.10.yaml +++ b/rancher-charts-2.10.yaml @@ -1,7 +1,7 @@ #nolint:git-checkout-must-use-github-updates,valid-pipeline-git-checkout-tag package: name: rancher-charts-2.10 - version: 0_git20241212 + version: 0_git20241213 epoch: 0 description: Complete container management platform - charts copyright: diff --git a/rancher-fleet.yaml b/rancher-fleet.yaml index d71e6b98bbf..50343074bbd 100644 --- a/rancher-fleet.yaml +++ b/rancher-fleet.yaml @@ -1,7 +1,7 @@ package: name: rancher-fleet version: 0.11.2 - epoch: 0 + epoch: 1 description: Deploy workloads from Git to large fleets of Kubernetes clusters copyright: - license: Apache-2.0 @@ -22,6 +22,10 @@ pipeline: repository: https://github.com/rancher/fleet tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + subpackages: - name: ${{package.name}}-agent pipeline: diff --git a/rancher-helm3-charts.yaml b/rancher-helm3-charts.yaml index f99291f5198..9c2546ceb31 100644 --- a/rancher-helm3-charts.yaml +++ b/rancher-helm3-charts.yaml @@ -1,7 +1,7 @@ #nolint:git-checkout-must-use-github-updates,valid-pipeline-git-checkout-tag package: name: rancher-helm3-charts - version: 0_git20241212 + version: 0_git20241213 epoch: 0 description: Complete container management platform - helm3 charts copyright: diff --git a/rancher-partner-charts.yaml b/rancher-partner-charts.yaml index 58b00f41ec8..84a8242a73a 100644 --- a/rancher-partner-charts.yaml +++ b/rancher-partner-charts.yaml @@ -1,7 +1,7 @@ #nolint:git-checkout-must-use-github-updates,valid-pipeline-git-checkout-tag package: name: rancher-partner-charts - version: 0_git20241212 + version: 0_git20241213 epoch: 0 description: Complete container management platform - partner charts copyright: @@ -19,7 +19,7 @@ pipeline: repository: https://github.com/rancher/partner-charts branch: main destination: ./charts - expected-commit: 062e6b615817d8c901144458114b2b0d52a72dd0 + expected-commit: 87a612f5a0e0bb383ae1fb3fc8b302c44c3319cc - working-directory: ./charts runs: | diff --git a/rancher-rke2-charts.yaml b/rancher-rke2-charts.yaml index ee3debef537..c35916c5359 100644 --- a/rancher-rke2-charts.yaml +++ b/rancher-rke2-charts.yaml @@ -1,7 +1,7 @@ #nolint:git-checkout-must-use-github-updates,valid-pipeline-git-checkout-tag package: name: rancher-rke2-charts - version: 0_git20241212 + version: 0_git20241213 epoch: 0 description: Complete container management platform - rke2 charts copyright: diff --git a/rancher-system-charts-2.10.yaml b/rancher-system-charts-2.10.yaml index 68fcadfbff5..5f1034e00d0 100644 --- a/rancher-system-charts-2.10.yaml +++ b/rancher-system-charts-2.10.yaml @@ -1,7 +1,7 @@ #nolint:git-checkout-must-use-github-updates,valid-pipeline-git-checkout-tag package: name: rancher-system-charts-2.10 - version: 0_git20241212 + version: 0_git20241213 epoch: 0 description: Complete container management platform - system charts copyright: diff --git a/rancher-webhook-0.5.yaml b/rancher-webhook-0.5.yaml index ad8698faa18..03e90f9b85e 100644 --- a/rancher-webhook-0.5.yaml +++ b/rancher-webhook-0.5.yaml @@ -1,7 +1,7 @@ package: name: rancher-webhook-0.5 version: 0.5.4 - epoch: 0 + epoch: 1 description: Rancher webhook for Kubernetes copyright: - license: Apache-2.0 @@ -27,7 +27,7 @@ pipeline: - uses: go/bump with: - deps: k8s.io/kubernetes@v1.30.3 k8s.io/apiserver@v0.30.3 + deps: k8s.io/kubernetes@v1.30.3 k8s.io/apiserver@v0.30.3 golang.org/x/crypto@v0.31.0 modroot: . - uses: go/build diff --git a/rook.yaml b/rook.yaml index 60b319e3d46..41e5695eeab 100644 --- a/rook.yaml +++ b/rook.yaml @@ -1,7 +1,7 @@ package: name: rook version: 1.15.6 - epoch: 0 + epoch: 1 description: Storage Orchestration for Kubernetes copyright: - license: Apache-2.0 @@ -22,6 +22,10 @@ pipeline: expected-commit: af0bd9f4e1cd176ace49baec7074cf49e8080db2 tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | mkdir -p ${{targets.destdir}}/usr/bin/ go build \ diff --git a/rqlite.yaml b/rqlite.yaml index 7c15931e54c..a9de841bd05 100644 --- a/rqlite.yaml +++ b/rqlite.yaml @@ -1,7 +1,7 @@ package: name: rqlite - version: 8.35.0 - epoch: 0 + version: 8.36.0 + epoch: 1 description: The lightweight, distributed relational database built on SQLite copyright: - license: MIT @@ -19,7 +19,11 @@ pipeline: with: repository: https://github.com/rqlite/rqlite tag: v${{package.version}} - expected-commit: 4d375257bc800fee36f889b1ab9192d3aa58197a + expected-commit: 72a2858148ca055442321676d28c7fbc187a9b94 + + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 - runs: | # docker-entrypoint.sh: update hardcoded docker entrypoint diff --git a/rtmpdump.yaml b/rtmpdump.yaml index 73fe96d75b9..b41bea95947 100644 --- a/rtmpdump.yaml +++ b/rtmpdump.yaml @@ -1,7 +1,7 @@ #nolint:valid-pipeline-git-checkout-tag package: name: rtmpdump - version: 2.6_git20241212 + version: 2.6_git20241213 epoch: 0 description: rtmpdump is a toolkit for RTMP streams copyright: @@ -79,8 +79,9 @@ test: pipeline: - name: Smoke test for rtmpdump binary runs: rtmpdump --help - - name: "Check shared library" - runs: ldd /usr/lib/librtmp.so.1 + - uses: test/ldd-check + with: + files: /usr/lib/librtmp.so.1 - name: Compile and link a simple C program runs: | cat < test_rtmp.c diff --git a/ruby3.2-logger.yaml b/ruby3.2-logger.yaml index e9a57726b09..ea62184d192 100644 --- a/ruby3.2-logger.yaml +++ b/ruby3.2-logger.yaml @@ -1,7 +1,7 @@ # Generated from https://github.com/ruby/logger package: name: ruby3.2-logger - version: 1.6.2 + version: 1.6.3 epoch: 0 description: Provides a simple logging utility for outputting messages. copyright: @@ -26,7 +26,7 @@ pipeline: with: repository: https://github.com/ruby/logger tag: v${{package.version}} - expected-commit: 2d07f086f8aa0bd5923a072ce7bd15e5dd301f16 + expected-commit: 97bce95f49fa7856a696bd8b55c5545dc6a977e6 - uses: ruby/build with: diff --git a/ruby3.3-logger.yaml b/ruby3.3-logger.yaml index ea20f535eeb..7749488429f 100644 --- a/ruby3.3-logger.yaml +++ b/ruby3.3-logger.yaml @@ -1,7 +1,7 @@ # Generated from https://github.com/ruby/logger package: name: ruby3.3-logger - version: 1.6.2 + version: 1.6.3 epoch: 0 description: Provides a simple logging utility for outputting messages. copyright: @@ -26,7 +26,7 @@ pipeline: with: repository: https://github.com/ruby/logger tag: v${{package.version}} - expected-commit: 2d07f086f8aa0bd5923a072ce7bd15e5dd301f16 + expected-commit: 97bce95f49fa7856a696bd8b55c5545dc6a977e6 - uses: ruby/build with: diff --git a/ruby3.3-logstash-core-plugin-api.yaml b/ruby3.3-logstash-core-plugin-api.yaml index 02f798f59ac..b50e67c1c40 100644 --- a/ruby3.3-logstash-core-plugin-api.yaml +++ b/ruby3.3-logstash-core-plugin-api.yaml @@ -1,7 +1,7 @@ # Generated from http://www.elastic.co/guide/en/logstash/current/index.html package: name: ruby3.3-logstash-core-plugin-api - version: 8.16.1 + version: 8.17.0 epoch: 0 description: Logstash plugin API copyright: @@ -34,7 +34,7 @@ pipeline: with: repository: https://github.com/elastic/logstash tag: v${{package.version}} - expected-commit: a769327be81a655ed66a0539cee42380de220c27 + expected-commit: 6f8fd5a4ebc5b3c9a3ca44637d6c16f99e2629c1 - working-directory: logstash-core-plugin-api pipeline: diff --git a/ruby3.4-charlock_holmes.yaml b/ruby3.4-charlock_holmes.yaml index b8c60ae8abb..41bbdf38bd8 100644 --- a/ruby3.4-charlock_holmes.yaml +++ b/ruby3.4-charlock_holmes.yaml @@ -2,7 +2,7 @@ package: name: ruby3.4-charlock_holmes version: 0.7.9 - epoch: 0 + epoch: 1 description: charlock_holmes provides binary and text detection as well as text transcoding using libicu copyright: - license: MIT diff --git a/ruby3.4-elasticsearch-api.yaml b/ruby3.4-elasticsearch-api.yaml index 92ddd24d7c2..4a45a6b00cb 100644 --- a/ruby3.4-elasticsearch-api.yaml +++ b/ruby3.4-elasticsearch-api.yaml @@ -1,6 +1,6 @@ package: name: ruby3.4-elasticsearch-api - version: 8.16.0 + version: 8.17.0 epoch: 0 description: | Ruby API for Elasticsearch. See the `elasticsearch` gem for full integration. @@ -28,7 +28,7 @@ pipeline: with: repository: https://github.com/elastic/elasticsearch-ruby.git tag: v${{package.version}} - expected-commit: 2acbce702ecdc3c7f8e8116e81a76a836f75c6f0 + expected-commit: f0652e2b669aa466efa2e220967b1d94cec9220b - working-directory: ${{vars.gem}} pipeline: diff --git a/ruby3.4-logger.yaml b/ruby3.4-logger.yaml index 1358af4a917..69b8a341431 100644 --- a/ruby3.4-logger.yaml +++ b/ruby3.4-logger.yaml @@ -1,7 +1,7 @@ # Generated from https://github.com/ruby/logger package: name: ruby3.4-logger - version: 1.6.2 + version: 1.6.3 epoch: 0 description: Provides a simple logging utility for outputting messages. copyright: @@ -26,7 +26,7 @@ pipeline: with: repository: https://github.com/ruby/logger tag: v${{package.version}} - expected-commit: 2d07f086f8aa0bd5923a072ce7bd15e5dd301f16 + expected-commit: 97bce95f49fa7856a696bd8b55c5545dc6a977e6 - uses: ruby/build with: diff --git a/ruby3.4-redis-client.yaml b/ruby3.4-redis-client.yaml index 313148199a6..d5299cc3f65 100644 --- a/ruby3.4-redis-client.yaml +++ b/ruby3.4-redis-client.yaml @@ -1,7 +1,7 @@ # Generated from https://github.com/redis-rb/redis-client package: name: ruby3.4-redis-client - version: 0.22.2 + version: 0.23.0 epoch: 0 description: Simple low-level client for Redis 6+ copyright: @@ -23,7 +23,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 6d55f61cac62af91aebbd5a1d00eae7a8d940b9e + expected-commit: 7a3e3627802060af38b98ca045032cd46e1313cf repository: https://github.com/redis-rb/redis-client tag: v${{package.version}} diff --git a/s2n-tls.yaml b/s2n-tls.yaml index e2e276a5aca..04df12d2e7a 100644 --- a/s2n-tls.yaml +++ b/s2n-tls.yaml @@ -64,9 +64,9 @@ test: packages: - posix-libc-utils pipeline: - - name: "Verify shared library dependencies" - runs: | - ldd /usr/lib/libs2n.so.1.0.0 + - uses: test/ldd-check + with: + files: /usr/lib/libs2n.so.1.0.0 update: enabled: true diff --git a/scorecard.yaml b/scorecard.yaml index 20db99cda7a..356aea286a1 100644 --- a/scorecard.yaml +++ b/scorecard.yaml @@ -1,7 +1,7 @@ package: name: scorecard version: 5.0.0 - epoch: 2 + epoch: 3 description: OpenSSF Scorecard - Security health metrics for Open Source copyright: - license: Apache-2.0 @@ -27,7 +27,7 @@ pipeline: - uses: go/bump with: - deps: github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 - runs: | make build-scorecard diff --git a/seaweedfs.yaml b/seaweedfs.yaml index f78f637b3dd..e7fd56b300a 100644 --- a/seaweedfs.yaml +++ b/seaweedfs.yaml @@ -1,7 +1,7 @@ package: name: seaweedfs version: "3.80" - epoch: 0 + epoch: 1 description: SeaweedFS is a fast distributed storage system for blobs, objects, files. copyright: - license: Apache-2.0 @@ -18,6 +18,10 @@ pipeline: tag: ${{package.version}} expected-commit: 7b3c0e937f83d3b49799b5d5dcb98b0043461c25 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./weed diff --git a/secrets-store-csi-driver-provider-azure.yaml b/secrets-store-csi-driver-provider-azure.yaml index 819de4cf208..27bb50cd557 100644 --- a/secrets-store-csi-driver-provider-azure.yaml +++ b/secrets-store-csi-driver-provider-azure.yaml @@ -1,7 +1,7 @@ package: name: secrets-store-csi-driver-provider-azure version: 1.6.0 - epoch: 1 + epoch: 2 description: Azure Key Vault provider for Secret Store CSI driver copyright: - license: MIT @@ -24,7 +24,7 @@ pipeline: - uses: go/bump with: - deps: github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 - runs: | unset LDFLAGS diff --git a/sftpgo-plugin-eventsearch.yaml b/sftpgo-plugin-eventsearch.yaml index 37b2cc6235e..4b330f4f903 100644 --- a/sftpgo-plugin-eventsearch.yaml +++ b/sftpgo-plugin-eventsearch.yaml @@ -1,7 +1,7 @@ package: name: sftpgo-plugin-eventsearch version: 1.0.19 - epoch: 0 + epoch: 1 description: "Search SFTPGo events stored in supported database engines" copyright: - license: AGPL-3.0-only @@ -13,6 +13,10 @@ pipeline: tag: v${{package.version}} expected-commit: f57e8340076a544615d6e42a3bfd1d44b9012316 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: . diff --git a/sftpgo-plugin-eventstore.yaml b/sftpgo-plugin-eventstore.yaml index 3a03abf7880..d34fbcf479c 100644 --- a/sftpgo-plugin-eventstore.yaml +++ b/sftpgo-plugin-eventstore.yaml @@ -1,7 +1,7 @@ package: name: sftpgo-plugin-eventstore version: 1.0.19 - epoch: 0 + epoch: 1 description: "Stores SFTPGo events in supported database engines" copyright: - license: AGPL-3.0-only @@ -13,6 +13,10 @@ pipeline: tag: v${{package.version}} expected-commit: f53f642bc1ee72de88d0ec4878b53efd9519be8e + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: . diff --git a/sftpgo-plugin-kms.yaml b/sftpgo-plugin-kms.yaml index e2b803398eb..82e54e6267b 100644 --- a/sftpgo-plugin-kms.yaml +++ b/sftpgo-plugin-kms.yaml @@ -1,7 +1,7 @@ package: name: sftpgo-plugin-kms version: 1.0.14 - epoch: 0 + epoch: 1 description: "Additional KMS secret providers for SFTPGo" copyright: - license: AGPL-3.0-only @@ -13,6 +13,10 @@ pipeline: tag: v${{package.version}} expected-commit: 80fef54ef2a087cc8d515a2a330db6ba62350301 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: . diff --git a/skaffold.yaml b/skaffold.yaml index 4347b12ae5b..06d43e90ed3 100644 --- a/skaffold.yaml +++ b/skaffold.yaml @@ -1,7 +1,7 @@ package: name: skaffold version: 2.13.2 - epoch: 2 + epoch: 3 description: Easy and Repeatable Kubernetes Development copyright: - license: Apache-2.0 @@ -24,7 +24,7 @@ pipeline: - uses: go/bump with: - deps: github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 - runs: | make diff --git a/skopeo.yaml b/skopeo.yaml index 89ef6ef05e0..0f0a9084fb3 100644 --- a/skopeo.yaml +++ b/skopeo.yaml @@ -1,7 +1,7 @@ package: name: skopeo version: 1.17.0 - epoch: 0 + epoch: 1 description: Work with remote images registries - retrieving information, images, signing content copyright: - license: Apache-2.0 @@ -23,6 +23,10 @@ pipeline: repository: https://github.com/containers/skopeo tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./cmd/skopeo diff --git a/spark-operator.yaml b/spark-operator.yaml index a17527e8174..bd88bc1673f 100644 --- a/spark-operator.yaml +++ b/spark-operator.yaml @@ -1,7 +1,7 @@ package: name: spark-operator - version: 2.0.2 - epoch: 2 + version: 2.1.0 + epoch: 0 description: Kubernetes operator for managing the lifecycle of Apache Spark applications on Kubernetes. copyright: - license: Apache-2.0 @@ -25,7 +25,7 @@ pipeline: with: repository: https://github.com/kubeflow/spark-operator tag: v${{package.version}} - expected-commit: ef9a2a134b80f8c5368db53615d9aa766c67ad0a + expected-commit: 664b9d01c42a04a5327e582cc23215c34e9a5020 - uses: go/bump with: @@ -33,7 +33,7 @@ pipeline: - uses: go/build with: - packages: ./cmd/ + packages: ./cmd/operator output: spark-operator - uses: strip @@ -43,7 +43,7 @@ subpackages: pipeline: - uses: go/build with: - packages: ./sparkctl + packages: ./cmd/sparkctl output: sparkctl - uses: strip test: diff --git a/spiffe-helper.yaml b/spiffe-helper.yaml index d60550e443a..49d4f157739 100644 --- a/spiffe-helper.yaml +++ b/spiffe-helper.yaml @@ -1,7 +1,7 @@ package: name: spiffe-helper version: 0.9.0 - epoch: 0 + epoch: 1 description: A helper utility for SPIFFE (Secure Production Identity Framework For Everyone) operations. copyright: - license: Apache-2.0 @@ -13,6 +13,10 @@ pipeline: expected-commit: 71c089743733add8c6d36a3a15c12f1b16b9b21a tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: "./cmd/spiffe-helper" diff --git a/spqr.yaml b/spqr.yaml index 682f540a186..734fbc8c638 100644 --- a/spqr.yaml +++ b/spqr.yaml @@ -1,7 +1,7 @@ package: name: spqr version: 2.1.0 - epoch: 0 + epoch: 1 description: Stateless Postgres Query Router copyright: - license: BSD-2-Clause @@ -25,6 +25,10 @@ pipeline: expected-commit: 51c4c60a701ed9e42fd0570d22a5176fef8f8a5d tag: ${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make build mkdir -p ${{targets.destdir}}/usr/bin diff --git a/sql_exporter.yaml b/sql_exporter.yaml index 66775006f7d..dd9c1dc6c5c 100644 --- a/sql_exporter.yaml +++ b/sql_exporter.yaml @@ -1,7 +1,7 @@ package: name: sql_exporter version: 0.16.0 - epoch: 0 + epoch: 1 description: Database-agnostic SQL Exporter for Prometheus copyright: - license: Apache-2.0 @@ -13,6 +13,10 @@ pipeline: tag: ${{package.version}} expected-commit: a1726ff66775980c1de3ad44bfffb169525b2dd1 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./cmd/sql_exporter diff --git a/src.yaml b/src.yaml index 76e24db61d4..550373df129 100644 --- a/src.yaml +++ b/src.yaml @@ -1,7 +1,7 @@ package: name: src version: 5.10.0 - epoch: 0 + epoch: 1 description: Sourcegraph CLI copyright: - license: Apache-2.0 @@ -29,7 +29,7 @@ pipeline: with: # The replacement must run before the initial tidy, otherwise the repo resolution fails and so does the build. The build will run tidy. skip-initial-tidy: true - deps: github.com/golang/protobuf@v1.5.4 k8s.io/api@v0.27.13 k8s.io/apimachinery@v0.27.13 k8s.io/client-go@v0.27.13 k8s.io/metrics@v0.27.13 + deps: github.com/golang/protobuf@v1.5.4 k8s.io/api@v0.27.13 k8s.io/apimachinery@v0.27.13 k8s.io/client-go@v0.27.13 k8s.io/metrics@v0.27.13 golang.org/x/crypto@v0.31.0 replaces: github.com/sourcegraph/sourcegraph/lib=github.com/sourcegraph/sourcegraph-public-snapshot/lib@v0.0.0-20240709083501-1af563b61442 - uses: go/build diff --git a/step-issuer.yaml b/step-issuer.yaml index 0f33ef5af04..e3109cf0b2f 100644 --- a/step-issuer.yaml +++ b/step-issuer.yaml @@ -1,7 +1,7 @@ package: name: step-issuer version: 0.9.6 - epoch: 0 + epoch: 1 description: A certificate issuer for cert-manager using step certificates CA copyright: - license: Apache-2.0 @@ -17,6 +17,10 @@ pipeline: tag: v${{package.version}} expected-commit: 8eab66b96ec11e0f4dfd742c55cafa5e0a4890ac + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./ diff --git a/swagger.yaml b/swagger.yaml index 62d312bf739..e697d7e5f8d 100644 --- a/swagger.yaml +++ b/swagger.yaml @@ -1,7 +1,7 @@ package: name: swagger version: 0.31.0 - epoch: 3 + epoch: 4 description: Swagger 2.0 implementation for go copyright: - license: Apache-2.0 @@ -17,6 +17,10 @@ pipeline: tag: v${{package.version}} expected-commit: 77f973a51c1dd3a8b95466b1c08cd9e529a69cfa + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./cmd/swagger diff --git a/syft.yaml b/syft.yaml index 364732c184e..63cec52ae15 100644 --- a/syft.yaml +++ b/syft.yaml @@ -1,7 +1,7 @@ package: name: syft version: 1.18.0 - epoch: 0 + epoch: 1 description: CLI tool and library for generating a Software Bill of Materials from container images and filesystems copyright: - license: Apache-2.0 @@ -17,6 +17,10 @@ pipeline: tag: v${{package.version}} expected-commit: d38efb0b7fb7106909bc532a4efc68b78a917a34 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: ldflags: -X main.version=${{package.version}} diff --git a/tailscale.yaml b/tailscale.yaml index 8d52de3ec3c..15850415711 100644 --- a/tailscale.yaml +++ b/tailscale.yaml @@ -1,7 +1,7 @@ package: name: tailscale version: 1.78.1 - epoch: 0 + epoch: 1 description: The easiest, most secure way to use WireGuard and 2FA. copyright: - license: BSD-3-Clause @@ -23,6 +23,10 @@ pipeline: repository: https://github.com/tailscale/tailscale tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | ./build_dist.sh tailscale.com/cmd/tailscale ./build_dist.sh tailscale.com/cmd/tailscaled diff --git a/task.yaml b/task.yaml index fd01bc4e6c2..863a3d0724d 100644 --- a/task.yaml +++ b/task.yaml @@ -1,7 +1,7 @@ package: name: task version: 3.40.1 - epoch: 0 + epoch: 1 description: A task runner / simpler Make alternative written in Go copyright: - license: MIT @@ -15,6 +15,11 @@ pipeline: tag: v${{package.version}} expected-commit: 32fa3a01561b16aee9c87ecf0b49be5b733bb3d1 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + modroot: . + - uses: go/build with: packages: ./cmd/task diff --git a/tekton-chains.yaml b/tekton-chains.yaml index fb381ab7ab9..bad15d3f80c 100644 --- a/tekton-chains.yaml +++ b/tekton-chains.yaml @@ -1,7 +1,7 @@ package: name: tekton-chains version: 0.23.0 - epoch: 0 + epoch: 1 description: Supply Chain Security in Tekton Pipelines copyright: - license: Apache-2.0 @@ -19,7 +19,7 @@ pipeline: - uses: go/bump with: - deps: github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 - uses: go/build with: diff --git a/tempo.yaml b/tempo.yaml index de32b72179f..f07ec1d0f2b 100644 --- a/tempo.yaml +++ b/tempo.yaml @@ -1,7 +1,7 @@ package: name: tempo version: 2.6.1 - epoch: 1 + epoch: 2 description: Grafana Tempo is a high volume, minimal dependency distributed tracing backend. copyright: - license: AGPL-3.0-or-later @@ -21,6 +21,10 @@ pipeline: repository: https://github.com/grafana/tempo tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | go mod vendor make ${{package.name}} diff --git a/temporal-server.yaml b/temporal-server.yaml index 17fcf24d262..f99c790d92c 100644 --- a/temporal-server.yaml +++ b/temporal-server.yaml @@ -1,7 +1,7 @@ package: name: temporal-server version: 1.25.2 - epoch: 0 + epoch: 1 description: Temporal server executes units of application logic, Workflows, in a resilient manner that automatically handles intermittent failures, and retries failed operations copyright: - license: MIT @@ -30,7 +30,7 @@ pipeline: - uses: go/bump with: - deps: github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 - runs: | make bins diff --git a/tensorflow-core.yaml b/tensorflow-core.yaml index 60691dc3f37..bd73f3fd76b 100644 --- a/tensorflow-core.yaml +++ b/tensorflow-core.yaml @@ -2,7 +2,7 @@ package: name: tensorflow-core description: Framework for data-graph oriented computing (core libraries, oneDNN build) version: 2.18.0 - epoch: 2 + epoch: 3 copyright: - license: Apache-2.0 resources: @@ -100,7 +100,10 @@ pipeline: expected-commit: 6550e4bd80223cdb8be6c3afd1f81e86a4d433c3 tag: v${{package.version}} - - runs: | + - environment: + # It otherwise defaults to the latest while the upstream does not provide lockfiles for > 3.12. + HERMETIC_PYTHON_VERSION: "3.12" + runs: | ./configure bazel ${{vars.bazel-common-opts}} //tensorflow:libtensorflow.so //tensorflow:libtensorflow_cc.so //tensorflow:install_headers //tensorflow:libtensorflow_framework.so diff --git a/terraform-provider-aws.yaml b/terraform-provider-aws.yaml index 27f81baa0d5..26db7bdaedc 100644 --- a/terraform-provider-aws.yaml +++ b/terraform-provider-aws.yaml @@ -1,7 +1,7 @@ package: name: terraform-provider-aws - version: 5.80.0 - epoch: 1 + version: 5.81.0 + epoch: 0 description: Terraform AWS provider copyright: - license: MPL-2.0 @@ -19,14 +19,7 @@ pipeline: with: repository: https://github.com/hashicorp/terraform-provider-aws tag: v${{package.version}} - expected-commit: 9273b07bad89e6aa730482f3a8fc7840b38b9d68 - - # At the time of writing (12/24), we can't use go/bump on this project, due - # to 'godebug' directive being defined in the go.mod. We'll need updates to - # go/bump to handle this - internal DYDX ticket filed. - - uses: patch - with: - patches: GHSA-v778-237x-gjrc.patch + expected-commit: c38d7c284d0684653d53452eb1f9dd3e65b905fd - runs: go mod tidy diff --git a/terraform-provider-aws/GHSA-v778-237x-gjrc.patch b/terraform-provider-aws/GHSA-v778-237x-gjrc.patch deleted file mode 100644 index bb9fbb53384..00000000000 --- a/terraform-provider-aws/GHSA-v778-237x-gjrc.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/go.mod b/go.mod -index 31209aa041..68f75297f4 100644 ---- a/go.mod -+++ b/go.mod -@@ -299,7 +299,7 @@ require ( - github.com/mitchellh/mapstructure v1.5.0 - github.com/pquerna/otp v1.4.0 - github.com/shopspring/decimal v1.4.0 -- golang.org/x/crypto v0.29.0 -+ golang.org/x/crypto v0.31.0 - golang.org/x/mod v0.22.0 - golang.org/x/text v0.20.0 - golang.org/x/tools v0.27.0 diff --git a/terraform-provider-azurerm.yaml b/terraform-provider-azurerm.yaml index 0fb8553f975..12e60cb40c5 100644 --- a/terraform-provider-azurerm.yaml +++ b/terraform-provider-azurerm.yaml @@ -1,6 +1,6 @@ package: name: terraform-provider-azurerm - version: 4.13.0 + version: 4.14.0 epoch: 0 description: Terraform provider for Azure Resource Manager copyright: @@ -14,10 +14,14 @@ package: pipeline: - uses: git-checkout with: - expected-commit: f80cef460500b7c344bcb180112840fc373e295c + expected-commit: 36996bc68a4a4b80f65338f2066070426abf8551 repository: https://github.com/hashicorp/terraform-provider-azurerm tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: output: terraform-provider-azurerm diff --git a/terraform-provider-google.yaml b/terraform-provider-google.yaml index 448aac906ba..d3b9ae3c30d 100644 --- a/terraform-provider-google.yaml +++ b/terraform-provider-google.yaml @@ -1,7 +1,7 @@ package: name: terraform-provider-google version: 6.13.0 - epoch: 0 + epoch: 1 description: Terraform GCP provider copyright: - license: MPL-2.0 @@ -18,6 +18,10 @@ pipeline: tag: v${{package.version}} expected-commit: 7904c930926c4f1d9a4eea40876294e451379dcf + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: . diff --git a/terraform.yaml b/terraform.yaml index f21755809d8..c4194c4dcc5 100644 --- a/terraform.yaml +++ b/terraform.yaml @@ -1,7 +1,7 @@ package: name: terraform version: 1.5.7 - epoch: 17 + epoch: 18 copyright: - license: MPL-2.0 @@ -14,7 +14,7 @@ pipeline: - uses: go/bump with: - deps: google.golang.org/grpc@v1.56.3 golang.org/x/crypto@v0.17.0 google.golang.org/protobuf@v1.33.0 golang.org/x/net@v0.23.0 github.com/hashicorp/go-retryablehttp@v0.7.7 github.com/hashicorp/go-getter@v1.7.5 github.com/golang-jwt/jwt/v4@v4.5.1 + deps: google.golang.org/grpc@v1.56.3 google.golang.org/protobuf@v1.33.0 golang.org/x/net@v0.23.0 github.com/hashicorp/go-retryablehttp@v0.7.7 github.com/hashicorp/go-getter@v1.7.5 github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 - uses: go/build with: diff --git a/terragrunt.yaml b/terragrunt.yaml index f8520e35108..c746bd65ffe 100644 --- a/terragrunt.yaml +++ b/terragrunt.yaml @@ -1,6 +1,6 @@ package: name: terragrunt - version: 0.69.12 + version: 0.69.13 epoch: 0 description: Thin wrapper for Terraform providing extra tools copyright: @@ -21,7 +21,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 521d95fbc561d35ed0d847e56d16f1021128f005 + expected-commit: 38ceae28c17dd78e83181a6e3655032744730c56 repository: https://github.com/gruntwork-io/terragrunt tag: v${{package.version}} diff --git a/terser.yaml b/terser.yaml new file mode 100644 index 00000000000..1b354367649 --- /dev/null +++ b/terser.yaml @@ -0,0 +1,52 @@ +package: + name: terser + version: 5.37.0 + epoch: 0 + description: A JavaScript mangler/compressor toolkit for ES6+. + copyright: + - license: MIT + +environment: + contents: + packages: + - npm + +vars: + prefix: /usr/local + +pipeline: + - name: npm install + uses: npm/install + with: + package: terser + prefix: ${{targets.contextdir}}/${{vars.prefix}} + version: ${{package.version}} + + - uses: strip + +test: + environment: + contents: + packages: + - bash + - nodejs + - npm + pipeline: + - name: Verify Terser version + runs: | + terser --version | grep "${{package.version}}" || (echo "Version mismatch!" && exit 1) + - name: Compress JS file using terser + runs: | + echo "function add(a, b) { return a + b; }" > test.js + terser test.js --compress ecma=2015,computed_props=false -o test.min.js + - name: Check the minified JS script size + runs: | + { test -s test.min.js && \ + test $(stat -c%s test.min.js) -lt $(stat -c%s test.js); } || \ + exit 1 + +update: + enabled: true + github: + identifier: terser/terser + use-tag: true diff --git a/tflint.yaml b/tflint.yaml index 0aa13b53fc5..aabcda0bd7c 100644 --- a/tflint.yaml +++ b/tflint.yaml @@ -1,7 +1,7 @@ package: name: tflint version: 0.54.0 - epoch: 0 + epoch: 1 description: A Pluggable Terraform Linter copyright: - license: MPL-2.0 @@ -23,6 +23,10 @@ pipeline: repository: https://github.com/terraform-linters/tflint tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make build mkdir -p ${{targets.destdir}}/usr/bin diff --git a/tfsec.yaml b/tfsec.yaml index a059188b17d..a7cea6c5a2f 100644 --- a/tfsec.yaml +++ b/tfsec.yaml @@ -1,7 +1,7 @@ package: name: tfsec version: 1.28.11 - epoch: 0 + epoch: 1 description: Security scanner for your Terraform code copyright: - license: MIT @@ -22,6 +22,10 @@ pipeline: repository: https://github.com/aquasecurity/tfsec tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./cmd/tfsec diff --git a/tigera-operator-1.36.yaml b/tigera-operator-1.36.yaml index 1fa43e5e67b..6c987213647 100644 --- a/tigera-operator-1.36.yaml +++ b/tigera-operator-1.36.yaml @@ -1,7 +1,7 @@ package: name: tigera-operator-1.36 version: 1.36.3 - epoch: 0 + epoch: 1 description: Kubernetes operator for installing Calico and Calico Enterprise copyright: - license: Apache-2.0 @@ -25,6 +25,10 @@ pipeline: tag: v${{package.version}} expected-commit: 4564fea4e90f0c6a7ac5b8ad1feb3222e580fb42 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | PACKAGE_NAME=github.com/tigera/operator ARCH=$(go env GOARCH) diff --git a/tkn.yaml b/tkn.yaml index c4d0e82ded5..36d73386b58 100644 --- a/tkn.yaml +++ b/tkn.yaml @@ -1,7 +1,7 @@ package: name: tkn version: 0.39.0 - epoch: 0 + epoch: 1 description: A CLI for interacting with Tekton! copyright: - license: Apache-2.0 @@ -22,6 +22,10 @@ pipeline: tag: v${{package.version}} expected-commit: cb2f6797bf2c48dc60d5b4e23f015e35f5f42d78 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make bin/tkn install -Dm755 ./bin/tkn ${{targets.destdir}}/usr/bin/tkn diff --git a/trino.yaml b/trino.yaml index 841fbfa11eb..f808b7ef2e8 100644 --- a/trino.yaml +++ b/trino.yaml @@ -1,7 +1,7 @@ package: name: trino - version: "464" - epoch: 3 + version: "467" + epoch: 0 description: The distributed SQL query engine for big data, formerly known as PrestoSQL copyright: - license: Apache-2.0 @@ -33,7 +33,7 @@ pipeline: with: repository: https://github.com/trinodb/trino.git tag: ${{package.version}} - expected-commit: 299842e3cddde87b2f4b2589edbe53c41743f71a + expected-commit: 019b299ae716e44c659a47402e8349d4b87c9cae - uses: maven/pombump diff --git a/trivy.yaml b/trivy.yaml index 860aff5b6a2..2d6315eb295 100644 --- a/trivy.yaml +++ b/trivy.yaml @@ -1,7 +1,7 @@ package: name: trivy version: 0.58.0 - epoch: 0 + epoch: 1 description: Simple and comprehensive vulnerability scanner for containers copyright: - license: Apache-2.0 @@ -13,6 +13,10 @@ pipeline: repository: https://github.com/aquasecurity/trivy tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./cmd/trivy diff --git a/undock.yaml b/undock.yaml index a439ab5cf4e..f96d4d5c0b2 100644 --- a/undock.yaml +++ b/undock.yaml @@ -1,7 +1,7 @@ package: name: undock version: 0.8.0 - epoch: 1 + epoch: 2 description: Extract contents of a container image in a local folder copyright: - license: MIT @@ -27,7 +27,7 @@ pipeline: - uses: go/bump with: - deps: github.com/docker/cli@v26.1.4 github.com/docker/docker@v26.1.5 + deps: github.com/docker/cli@v26.1.4 github.com/docker/docker@v26.1.5 golang.org/x/crypto@v0.31.0 - uses: go/build with: diff --git a/userspace-rcu.yaml b/userspace-rcu.yaml index 798b4eccf31..b7b3143fb5b 100644 --- a/userspace-rcu.yaml +++ b/userspace-rcu.yaml @@ -86,8 +86,3 @@ test: grep "RCU read lock acquired" output.log grep "RCU read lock released" output.log grep "RCU thread unregistered successfully" output.log - - name: "Check pkg-config information" - runs: | - pkg-config --exists liburcu - pkg-config --modversion liburcu | grep ${{package.version}} - pkg-config --libs liburcu | grep -- -lurcu diff --git a/vault-benchmark.yaml b/vault-benchmark.yaml index 88950ec1e22..a9560eb826c 100644 --- a/vault-benchmark.yaml +++ b/vault-benchmark.yaml @@ -1,7 +1,7 @@ package: name: vault-benchmark version: 0.3.0 - epoch: 0 + epoch: 1 description: A tool for benchmarking usage of Vault copyright: - license: MPL-2.0 @@ -15,7 +15,7 @@ pipeline: - uses: go/bump with: - deps: github.com/hashicorp/go-retryablehttp@v0.7.7 + deps: github.com/hashicorp/go-retryablehttp@v0.7.7 golang.org/x/crypto@v0.31.0 - uses: go/build with: diff --git a/velero-plugin-for-microsoft-azure.yaml b/velero-plugin-for-microsoft-azure.yaml index 88c8002853f..7b18eef5e1c 100644 --- a/velero-plugin-for-microsoft-azure.yaml +++ b/velero-plugin-for-microsoft-azure.yaml @@ -1,7 +1,7 @@ package: name: velero-plugin-for-microsoft-azure version: 1.11.0 - epoch: 0 + epoch: 1 description: Plugins to support Velero on microsoft-azure copyright: - license: Apache-2.0 @@ -13,6 +13,10 @@ pipeline: expected-commit: 3b08906e50a1a152e4a86161794774364e005b5b repository: https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./velero-plugin-for-microsoft-azure diff --git a/velero.yaml b/velero.yaml index bf9e73c787f..4293de51e45 100644 --- a/velero.yaml +++ b/velero.yaml @@ -1,7 +1,7 @@ package: name: velero version: 1.15.0 - epoch: 0 + epoch: 1 description: Backup and migrate Kubernetes applications and their persistent volumes copyright: - license: Apache-2.0 @@ -16,6 +16,10 @@ pipeline: expected-commit: 1d4f1475975b5107ec35f4d19ff17f7d1fcb3edf repository: https://github.com/vmware-tanzu/velero + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./cmd/velero diff --git a/vexctl.yaml b/vexctl.yaml index 02812a907f5..d9d48eb43bc 100644 --- a/vexctl.yaml +++ b/vexctl.yaml @@ -1,7 +1,7 @@ package: name: vexctl version: 0.3.0 - epoch: 1 + epoch: 2 description: A tool to create, transform and attest VEX metadata copyright: - license: Apache-2.0 @@ -15,7 +15,7 @@ pipeline: - uses: go/bump with: - deps: github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 modroot: . - uses: go/build diff --git a/vim.yaml b/vim.yaml index f6bfd7fadd2..1b065225ab1 100644 --- a/vim.yaml +++ b/vim.yaml @@ -1,6 +1,6 @@ package: name: vim - version: 9.1.0918 + version: 9.1.0923 epoch: 0 description: "Improved vi-style text editor" copyright: @@ -23,7 +23,7 @@ pipeline: with: repository: https://github.com/vim/vim tag: v${{package.version}} - expected-commit: dff3c9c1a789351a741b6a430862c8b2a0eff383 + expected-commit: e29c8bafa78847414419522baecd008e287389db - runs: | # vim seems to manually set FORTIFY_SOURCE=1, and setting both breaks the build diff --git a/wayland-protocols.yaml b/wayland-protocols.yaml index 236795285fc..d04721b8402 100644 --- a/wayland-protocols.yaml +++ b/wayland-protocols.yaml @@ -49,10 +49,6 @@ test: runs: | test -d /usr/share/wayland-protocols test -d /usr/share/pkgconfig - - name: "Check pkg-config registration" - runs: | - pkg-config --exists wayland-protocols - pkg-config --variable=pkgdatadir wayland-protocols - name: "Verify presence of core protocol files" runs: | for proto in \ diff --git a/wgcf.yaml b/wgcf.yaml index 43b61954725..3b01097ab98 100644 --- a/wgcf.yaml +++ b/wgcf.yaml @@ -1,7 +1,7 @@ package: name: wgcf version: 2.2.23 - epoch: 0 + epoch: 1 description: Cross-platform, unofficial CLI for Cloudflare Warp copyright: - license: MIT @@ -21,6 +21,10 @@ pipeline: repository: https://github.com/ViRb3/wgcf tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: ldflags: -s -w diff --git a/withdrawn-packages.txt b/withdrawn-packages.txt index 32db34df8b6..8e3fcfd0f2d 100644 --- a/withdrawn-packages.txt +++ b/withdrawn-packages.txt @@ -11,3 +11,8 @@ repmgr-5.5.0-r2.apk repmgr-dev-5.5.0-r3.apk repmgr-5.5.0-r3.apk repmgr-bitnami-compat-5.5.0-r3.apk +py3-pywinpty-2.0.13-r3.apk +icu-76.1-r0.apk +icu-data-full-76.1-r0.apk +icu-dev-76.1-r0.apk +icu-libs-76.1-r0.apk diff --git a/x509-certificate-exporter.yaml b/x509-certificate-exporter.yaml index acd962a18d9..b5ab69d381c 100644 --- a/x509-certificate-exporter.yaml +++ b/x509-certificate-exporter.yaml @@ -1,7 +1,7 @@ package: name: x509-certificate-exporter version: 3.17.0 - epoch: 1 + epoch: 2 description: A Prometheus exporter to monitor x509 certificates expiration in Kubernetes clusters or standalone. copyright: - license: MIT @@ -13,6 +13,10 @@ pipeline: tag: v${{package.version}} expected-commit: 8f97b98c862f83d0c25c2994942b1ea90c6459da + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./cmd/x509-certificate-exporter