Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency carvel-dev/vendir to v0.41.1 #81

Merged
merged 1 commit into from
Sep 3, 2024
Merged

chore(deps): update dependency carvel-dev/vendir to v0.41.1 #81

merged 1 commit into from
Sep 3, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 3, 2024

This PR contains the following updates:

Package Update Change
carvel-dev/vendir patch v0.41.0 -> v0.41.1

Release Notes

carvel-dev/vendir (carvel-dev/vendir)

v0.41.1

Compare Source

Installation and signature verification
Installation
By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

##### Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/vendir-linux-amd64

##### Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir

##### Make the binary executable
chmod +x /usr/local/bin/vendir
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

##### Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/checksums.txt.sig

##### Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

##### Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
✨ What's new
  • Fixing CVE by @​rohitagg2020 in #​394

Full Changelog: carvel-dev/vendir@v0.41.0...v0.41.1

📂 Files Checksum
58facd06bae6ffc858b348da9dcc0b032d030a6a31767fea6f9166658d7a61e2  ./vendir-linux-arm64
67411476ecc322c4b32619b168bf5a7fafc86daa764251be1613bec22c1c1003  ./vendir-windows-amd64.exe
993ae33df2e722c327aff4807eeba0e08b0c9f3bd996e67caa89c503c6a8bcda  ./vendir-darwin-arm64
ad63b667c7756cac7804e080861b3e794fbfc83ba662f5461928c30fe890a828  ./vendir-darwin-amd64
f878f3e16b702c47e42b2215a670d65028bc0158643ed28a2dfaa6f37b1344ac  ./vendir-linux-amd64

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot merged commit bf5c747 into master Sep 3, 2024
@renovate renovate bot deleted the renovate/carvel-dev-vendir-0.x branch September 3, 2024 10:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
auto-merged cli-managed-by-jaxxstorm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants