chore(deps): update stable

[renovate]

This PR contains the following updates:

Package	Update	Change
anchore/grype	minor	0.74.7 -> 0.76.0
anchore/syft	minor	1.1.0 -> 1.2.0
awscli	patch	2.15.33 -> 2.15.38
checkov	patch	3.2.49 -> 3.2.70
dagger/dagger	minor	0.10.3 -> 0.11.1
defenseunicorns/uds-cli	patch	0.10.1 -> 0.10.4
defenseunicorns/zarf	minor	0.32.6 -> 0.33.0
golang	patch	1.22.1 -> 1.22.2
golangci-lint	patch	1.57.1 -> 1.57.2
helm	patch	3.14.3 -> 3.14.4
https://github.com/bridgecrewio/checkov.git	patch	3.2.49 -> 3.2.70
k3d-io/k3d	patch	5.6.0 -> 5.6.3
kubectl	patch	1.29.3 -> 1.29.4

---

Release Notes

anchore/grype (anchore/grype)

v0.76.0

Compare Source

Added Features

• Database download timeouts [#​1731 #​1777 @​willmurphyscode]

Bug Fixes

• Disable matching kernel vulnerabilities by default for indirect matches against the 'kernel-headers' packages [#​1762 #​1787 @​zhill]

Additional Changes

• Update Syft to v1.2.0 [#​1803], which fixes https://github.com/anchore/grype/issues/1792

(Full Changelog)

v0.75.0

Compare Source

Added Features

• update syft source providers [#​1727 @​kzantow]
• enable http timeout [#​1777 @​willmurphyscode]

Bug Fixes

• use "path/filepath" to build file path [#​1767 @​seiyab]
• Suppress warnings when matching go packages with devel version [#​1752 @​wagoodman]
• not showing poco CVEs from syft generated sbom [#​1737]

(Full Changelog)

anchore/syft (anchore/syft)

v1.2.0

Compare Source

Added Features

• Differentiate between JRE and JDK [#​2748 @​LaurentGoderre]
• Add support for dnf packages [#​2758]

Bug Fixes

• more robust go main version extraction [#​2767 @​kzantow]
• Regression in 1.1 cataloging openjdk: generates version containing a null byte [#​2750 #​2766 @​LaurentGoderre]

(Full Changelog)

v1.1.1

Compare Source

Bug Fixes

• update anchore/packageurl-go to use latest commits [#​2746 @​spiffcs]
• fix panic scanning binaries without symtab [#​2736 #​2739 @​kzantow]

(Full Changelog)

aws/aws-cli (awscli)

v2.15.38

Compare Source

v2.15.37

Compare Source

v2.15.36

Compare Source

v2.15.35

Compare Source

v2.15.34

Compare Source

bridgecrewio/checkov (checkov)

v3.2.70

Compare Source

v3.2.69

Compare Source

v3.2.68

Compare Source

Feature

• sast: adding extended code block - #​6178
• sca: using the new api license/get-licenses-violations instead of packages/get-licenses-violations (which is deprecated) - #​6174

Bug Fix

• sca: Revert "feat(sca): using the new api license/get-licenses-violations … - #​6176

v3.2.67

Compare Source

v3.2.66

Compare Source

v3.2.65

Compare Source

Bug Fix

• sast: save suppress_comment for sast inline suppressions - #​6171
• secrets: Azure Storage Key detector updates in bc-detect-secrets 1.5.7 - #​6168

v3.2.64

Compare Source

v3.2.63

Compare Source

Feature

• sast: CDK TS policies p2 - #​6165

v3.2.62

Compare Source

v3.2.61

Compare Source

v3.2.60

Compare Source

Feature

• sast: Add TS CDK policies 1 - #​6151
• sast: CDK TS policies p3 - #​6157

Bug Fix

• terraform: Fix conditional expression evaluation logic with compare - #​6160
• terraform: Fixed flaky test for CKV_AWS_356 - #​6162

v3.2.59

Compare Source

v3.2.58

Compare Source

v3.2.57

Compare Source

v3.2.56

Compare Source

v3.2.55

Compare Source

Feature

• sast: Adding typescript cdk part 6 paz - #​6149

Bug Fix

• sca: enabling suppression in the cli-output for IR-files and dockerfiles - #​6148

v3.2.54

Compare Source

v3.2.53

Compare Source

Feature

• terraform: support s3 bucket name for references in graph - #​6134

v3.2.52

Compare Source

Feature

• general: Update the releases' zip file names to be generic - #​6141

v3.2.51

Compare Source

Feature

• general: add policy metadata filter exception flag - #​6132

v3.2.50

Compare Source

Bug Fix

• general: remove limitation of resource and provider in tf.json file - #​6133

dagger/dagger (dagger/dagger)

v0.11.1

Compare Source

Added

• Add withAuthToken and withAuthHeader fields to GitRepository by @​jedevc in https://github.com/dagger/dagger/pull/6992

Fixed

• Restored plain progress output after removal in v0.11.0 by @​morlay in https://github.com/dagger/dagger/pull/7069
• Fixed various windows regressions by @​jedevc in https://github.com/dagger/dagger/pull/7003 https://github.com/dagger/dagger/pull/7050 https://github.com/dagger/dagger/pull/7095
• Git can now be used with dumb HTTP clones by @​jedevc in https://github.com/dagger/dagger/pull/6992

What to do next?

• Read the documentation
• Join our Discord server
• Follow us on Twitter

v0.11.0

Compare Source

🔥 Breaking Changes

• Old clients <=0.10.3 cannot connect to a new >=v0.11.0 engine
• Old progress interfaces removed by @​vito in https://github.com/dagger/dagger/pull/6835
• --focus CLI flag removed by @​vito in https://github.com/dagger/dagger/pull/6835

Added

• Add OTEL trace exports by @​vito in https://github.com/dagger/dagger/pull/6835
• Add Head field to GitRepository to get the default branch by @​jedevc in https://github.com/dagger/dagger/pull/6994

Fixed

• Fix DOCKER_HOST not working when DAGGER_CLOUD_TOKEN set by @​sipsma in https://github.com/dagger/dagger/pull/7006

What to do next?

• Read the documentation
• Join our Discord server
• Follow us on Twitter

defenseunicorns/uds-cli (defenseunicorns/uds-cli)

v0.10.4

Compare Source

What's Changed

• feat: uds dev deploy by @​decleaver in https://github.com/defenseunicorns/uds-cli/pull/536
• feat: add ability to uds create to local output path by @​TristanHoladay in https://github.com/defenseunicorns/uds-cli/pull/547
• chore: adds dup pkgs docs by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/545
• feat: uds dev deploy beta note, packages flag, skip sbom by @​decleaver in https://github.com/defenseunicorns/uds-cli/pull/557
• ci: pin k3s version in k3d action to sidestep containerd issue by @​ZachGallagher in https://github.com/defenseunicorns/uds-cli/pull/565
• chore(deps): update docker/setup-buildx-action action to v3.3.0 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/559
• chore(deps): update github/codeql-action action to v3.24.10 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/556
• fix(deps): update golang.org/x/exp digest to 93d18d7 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/555
• fix: typo in docs by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/561
• chore(deps): update zarf to v0.33.0 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/562
• fix(deps): update module helm.sh/helm/v3 to v3.14.4 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/566
• chore(deps): update pre-commit/action digest to f7acafa by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/564
• chore(deps): update podinfo to v6.6.2 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/563
• chore(deps): update sigstore/cosign-installer action to v3.5.0 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/568
• chore: refactor dev mode docs by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/567
• chore: swap release workflow to GH app by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/569

New Contributors

• @​ZachGallagher made their first contribution in https://github.com/defenseunicorns/uds-cli/pull/565

Full Changelog: defenseunicorns/uds-cli@v0.10.3...v0.10.4

v0.10.3

Compare Source

What's Changed

• fix: ensure we are pulling all components by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/543
• feat: allow dup pkgs in a bundle by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/533

Full Changelog: defenseunicorns/uds-cli@v0.10.2...v0.10.3

v0.10.2

Compare Source

What's Changed

• chore: adds TUI tests by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/530
• feat: adds retries flag by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/532
• chore(deps): update podinfo to v6.6.1 by @​renovate in https://github.com/defenseunicorns/uds-cli/pull/528
• fix: nil check pkg components in TUI by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/538
• fix: bumps retries to 3 by default to match Zarf by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/535
• chore: adds registry health check for tests by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/534
• feat: enables setting namespaces in bundled Helm charts by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/539
• fix: adds global GracefulPanic and checks to deploy TUI by @​UncleGedd in https://github.com/defenseunicorns/uds-cli/pull/542

Full Changelog: defenseunicorns/uds-cli@v0.10.1...v0.10.2

defenseunicorns/zarf (defenseunicorns/zarf)

v0.33.0

Compare Source

What's Changed

• fix: update deprecated syft packages command to syft scan by @​lucasrod16 in https://github.com/defenseunicorns/zarf/pull/2399
• chore: move helpers to defenseunicorns/pkg by @​AustinAbro321 in https://github.com/defenseunicorns/zarf/pull/2402
• fix(deps): update github.com/anchore/clio digest to fb5fc4c by @​renovate in https://github.com/defenseunicorns/zarf/pull/2366
• feat(tools): add yq by @​zachariahmiller in https://github.com/defenseunicorns/zarf/pull/2406
• chore: switch to use oci lib in defenseunicorns/pkg by @​AustinAbro321 in https://github.com/defenseunicorns/zarf/pull/2404
• fix(deps): update module github.com/defenseunicorns/pkg/helpers to v1 by @​renovate in https://github.com/defenseunicorns/zarf/pull/2411
• fix: use env var for PR title in commitlint workflow to prevent untrusted script injection by @​lucasrod16 in https://github.com/defenseunicorns/zarf/pull/2418
• fix: use default GITHUB_TOKEN for ossf/scorecard-action by @​bburky in https://github.com/defenseunicorns/zarf/pull/2416
• fix: remove duplicate logic for writing image layers to disk concurrently by @​lucasrod16 in https://github.com/defenseunicorns/zarf/pull/2409
• feat: add option to skip cosign lookup during find images by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/2427
• feat: allow chart deploy overrides ALPHA by @​naveensrinivasan in https://github.com/defenseunicorns/zarf/pull/2403
• chore: update pull_request_template.md by @​Noxsios in https://github.com/defenseunicorns/zarf/pull/2428
• ci: pin k3s image version in k3d github action by @​lucasrod16 in https://github.com/defenseunicorns/zarf/pull/2430
• feat(docs): port docs to starlight by @​Noxsios in https://github.com/defenseunicorns/zarf/pull/2315

New Contributors

• @​zachariahmiller made their first contribution in https://github.com/defenseunicorns/zarf/pull/2406
• @​bburky made their first contribution in https://github.com/defenseunicorns/zarf/pull/2416

Full Changelog: defenseunicorns/zarf@v0.32.6...v0.33.0

golang/go (golang)

v1.22.2

Compare Source

golangci/golangci-lint (golangci-lint)

v1.57.2

Compare Source

1. Updated linters
   • contextcheck: from 1.1.4 to 1.1.5
   • copyloopvar: from 1.0.8 to 1.0.10
   • ginkgolinter: from 0.16.1 to 0.16.2
   • goconst: from 1.7.0 to 1.7.1
   • gomoddirectives: from 0.2.3 to 0.2.4
   • intrange: from 0.1.0 to 0.1.1
2. Misc.
   • fix: display warnings on deprecated linter options
   • fix: missing colored-tab output format
   • fix: TeamCity inspectionType service message
3. Documentation
   • Remove invalid example about mixing files and directory
   • Improve linters page

helm/helm (helm)

v3.14.4: Helm v3.14.4

Compare Source

Helm v3.14.4 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.14.4. The common platform binaries are here:

• MacOS amd64 (checksum / 73434aeac36ad068ce2e5582b8851a286dc628eae16494a26e2ad0b24a7199f9)
• MacOS arm64 (checksum / 61e9c5455f06b2ad0a1280975bf65892e707adc19d766b0cf4e9006e3b7b4b6c)
• Linux amd64 (checksum / a5844ef2c38ef6ddf3b5a8f7d91e7e0e8ebc39a38bb3fc8013d629c1ef29c259)
• Linux arm (checksum / 962297c944c06e1f275111a6e3d80e37c9e9e8fed967d4abec8efcf7fc9fb260)
• Linux arm64 (checksum / 113ccc53b7c57c2aba0cd0aa560b5500841b18b5210d78641acfddc53dac8ab2)
• Linux i386 (checksum / 2cb3ff032be1c39b7199b324d58d0ae05bc4fe49b9be6aa2fcbeb3fc03f1f9e7)
• Linux ppc64le (checksum / d0d625b43f6650ad376428520b2238baa2400bfedb43b2e0f24ad7247f0f59b5)
• Linux s390x (checksum / a5750d0cb1ba34ce84ab3be6382a14617130661d15dd2aa1b36630b293437936)
• Linux riscv64 (checksum / 925782b159392d52df5ebab88e04e695217325894c6a32a9a779e865b7e32411)
• Windows amd64 (checksum / 0b951db3eadd92dfe336b5a9ddb0640e5cd70d39abdbd7d3125e9fb59b22b669)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.15.0 is the next feature release and will be on May 08, 2024.

Changelog

• refactor: create a helper for checking if a release is uninstalled 81c902a (Alex Petrov)
• fix: reinstall previously uninstalled chart with --keep-history 5a11c76 (Alex Petrov)
• chore: remove repetitive words fb3d880 (deterclosed)
• chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 01ac4a2 (dependabot[bot])
• chore(deps): bump github.com/docker/docker 138602d (dependabot[bot])
• bug: add proxy support for oci getter aa7d953 (Ricardo Maraschini)

k3d-io/k3d (k3d-io/k3d)

v5.6.3

Compare Source

Full Changelog: k3d-io/k3d@v5.6.2...v5.6.3

v5.6.2

Compare Source

Sponsors

💸 Thanks for the sponsorship @​ebauman 🎉

What's Changed

• Not using stdout directly for logging by @​moshe-kabala in https://github.com/k3d-io/k3d/pull/1339
• change: fix docs link by @​stratusjerry in https://github.com/k3d-io/k3d/pull/1343
• change: enable fixes by default and consolidate lookup logic by @​iwilltry42 in https://github.com/k3d-io/k3d/pull/1349
• [DOCS] Add scoop install option by @​mechanicalbot in https://github.com/k3d-io/k3d/pull/1390
• Consistent logging during cluster creation flow by @​danielgospodinow in https://github.com/k3d-io/k3d/pull/1398
• feat: support writing kubeconfig to a stream by @​LinuxSuRen in https://github.com/k3d-io/k3d/pull/1381

New Contributors

• @​moshe-kabala made their first contribution in https://github.com/k3d-io/k3d/pull/1339
• @​mechanicalbot made their first contribution in https://github.com/k3d-io/k3d/pull/1390
• @​danielgospodinow made their first contribution in https://github.com/k3d-io/k3d/pull/1398
• @​LinuxSuRen made their first contribution in https://github.com/k3d-io/k3d/pull/1381

Full Changelog: k3d-io/k3d@v5.6.0...v5.6.2

kubernetes/kubernetes (kubectl)

v1.29.4: Kubernetes v1.29.4

Compare Source

See kubernetes-announce@. Additional binary downloads are linked in the CHANGELOG.

See the CHANGELOG for more details.

---

Configuration

📅 Schedule: Branch creation - "after 9am and before 5pm every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.