Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update releases #93

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: update releases #93

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Oct 30, 2023
edited
Loading

Update Request | Renovate Bot

This PR contains the following updates:

Package Update Change
aws/aws-cli minor 2.19.1 -> 2.24.1
docker/buildx minor v0.18.0 -> v0.20.1
getsops/sops patch v3.9.1 -> v3.9.4
google/go-containerregistry patch v0.20.2 -> v0.20.3
mikefarah/yq minor v4.44.3 -> v4.45.1
moby/buildkit minor v0.17.0 -> v0.19.0

Release Notes

aws/aws-cli (aws/aws-cli)

v2.24.1

Compare Source

v2.24.0

Compare Source

v2.23.15

Compare Source

v2.23.14

Compare Source

v2.23.13

Compare Source

v2.23.12

Compare Source

v2.23.11

Compare Source

v2.23.10

Compare Source

v2.23.9

Compare Source

v2.23.8

Compare Source

v2.23.7

Compare Source

v2.23.6

Compare Source

v2.23.5

Compare Source

v2.23.4

Compare Source

v2.23.3

Compare Source

v2.23.2

Compare Source

v2.23.1

Compare Source

v2.23.0

Compare Source

v2.22.35

Compare Source

v2.22.34

Compare Source

v2.22.33

Compare Source

v2.22.32

Compare Source

v2.22.31

Compare Source

v2.22.30

Compare Source

v2.22.29

Compare Source

v2.22.28

Compare Source

v2.22.27

Compare Source

v2.22.26

Compare Source

v2.22.25

Compare Source

v2.22.24

Compare Source

v2.22.23

Compare Source

v2.22.22

Compare Source

v2.22.21

Compare Source

v2.22.20

Compare Source

v2.22.19

Compare Source

v2.22.18

Compare Source

v2.22.17

Compare Source

v2.22.16

Compare Source

v2.22.15

Compare Source

v2.22.14

Compare Source

v2.22.13

Compare Source

v2.22.12

Compare Source

v2.22.11

Compare Source

v2.22.10

Compare Source

v2.22.9

Compare Source

v2.22.8

Compare Source

v2.22.7

Compare Source

v2.22.6

Compare Source

v2.22.5

Compare Source

v2.22.4

Compare Source

v2.22.3

Compare Source

v2.22.2

Compare Source

v2.22.1

Compare Source

v2.22.0

Compare Source

v2.21.3

Compare Source

v2.21.2

Compare Source

v2.21.1

Compare Source

v2.21.0

Compare Source

v2.20.0

Compare Source

v2.19.5

Compare Source

v2.19.4

Compare Source

v2.19.3

Compare Source

v2.19.2

Compare Source

docker/buildx (docker/buildx)

v0.20.1

Compare Source

Welcome to the v0.20.1 release of buildx!

Please try out the release binaries and report any issues at
https://github.com/docker/buildx/issues.

Contributors
  • David Karlsson
  • Jonathan A. Sternberg
  • Tõnis Tiigi
  • CrazyMax
Notable Changes
  • Fix bake --print output missing some attributes for attestations #​2937
  • Fix allowing comma separated image reference strings for cache import and export values #​2944
Dependency Changes

This release has no dependency changes

Previous release can be found at v0.20.0

v0.20.0

Compare Source

Welcome to the v0.20.0 release of buildx!

Please try out the release binaries and report any issues at
https://github.com/docker/buildx/issues.

[!NOTE]
This version of buildx enables filesystem entitlement checks for buildx bake command by default. If your Bake definition needs to read or write files outside your current working directory, you need to allow access to these paths with --allow fs=<path|*>. On the terminal, you can also interactively approve these paths with the provided prompt. Optionally, you can disable these checks by setting BUILDX_BAKE_ENTITLEMENTS_FS=0. This validation produced a warning in buildx v0.19.0+, but starting from current release it produces an error. docs

Contributors
  • CrazyMax
  • Tõnis Tiigi
  • Sebastiaan van Stijn
  • Guillaume Lours
  • Jonathan A. Sternberg
  • Arran Walker
  • David Karlsson
  • Nicolas De Loof
Notable Changes
  • New buildx history command has been added that allows working with build records of completed and running builds. You can use these commands to list, inspect, remove your builds, replay the logs of already completed builds, and quickly open your builds in Docker Desktop Build UI for further debugging. This is an early version of this command and we expect to add more features in the future releases. #​2891 #​2925
  • Bake: Definition now supports new object notation for the fields that previously required CSV strings as inputs (attest, output, cache-from, cache-to, secret, ssh) #​2758 #​2848 #​2871 #​2814
  • Bake: Make FS entitlements error by default. To disable it, you can set BUILDX_BAKE_ENTITLEMENTS_FS=0 #​2875
  • Bake: Infer git auth token from remote files to build request #​2905
  • Bake: Add support for --list flag to list targets and variables #​2900 #​2907
  • Bake: Update lookup order for default definition files to load the files with "override" suffix later #​2886
  • Bake: Fix entitlements check for default SSH socket #​2898
  • Bake: Fix named context from target platform matching #​2877
  • Bake: Fix missing default target in group's default targets #​2863
  • Validate BuildKit configuration before creating a builder #​2864
  • Compose compatibility has been updated to v2.4.7 #​2893 #​2857 #​2829
  • Fix missing last progress from loading layers #​2876
  • Fix missing documentation for quiet progress mode #​2899
Dependency Changes
  • github.com/AdaLogics/go-fuzz-headers ced1acd -> e8a1dd7
  • github.com/aws/aws-sdk-go-v2 v1.24.1 -> v1.30.3
  • github.com/aws/aws-sdk-go-v2/config v1.26.6 -> v1.27.27
  • github.com/aws/aws-sdk-go-v2/credentials v1.16.16 -> v1.17.27
  • github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 -> v1.16.11
  • github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 -> v1.3.15
  • github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 -> v2.6.15
  • github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 -> v1.8.0
  • github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 -> v1.11.3
  • github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 -> v1.11.17
  • github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 -> v1.22.4
  • github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 -> v1.26.4
  • github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 -> v1.30.3
  • github.com/aws/smithy-go v1.19.0 -> v1.20.3
  • github.com/compose-spec/compose-go/v2 v2.4.4 -> v2.4.7
  • github.com/containerd/containerd/api v1.7.19 -> v1.8.0
  • github.com/containerd/containerd/v2 v2.0.2 new
  • github.com/containerd/errdefs v0.3.0 -> v1.0.0
  • github.com/containerd/errdefs/pkg v0.3.0 new
  • github.com/containerd/platforms v0.2.1 -> v1.0.0-rc.1
  • github.com/containerd/ttrpc v1.2.5 -> v1.2.7
  • github.com/cpuguy83/go-md2man/v2 v2.0.5 -> v2.0.6
  • github.com/creack/pty v1.1.21 -> v1.1.24
  • github.com/docker/cli v27.4.0-rc.2 -> v27.5.0
  • github.com/docker/cli-docs-tool v0.8.0 -> v0.9.0
  • github.com/docker/docker v27.4.0-rc.2 -> v27.5.0
  • github.com/fxamacker/cbor/v2 v2.7.0 new
  • github.com/go-openapi/swag v0.22.3 -> v0.22.4
  • github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 -> v2.22.0
  • github.com/hashicorp/go-cty-funcs a090f58 -> c51673e
  • github.com/hashicorp/hcl/v2 v2.20.1 -> v2.23.0
  • github.com/moby/buildkit v0.18.0 -> v0.19.0
  • github.com/moby/spdystream v0.2.0 -> v0.4.0
  • github.com/pkg/browser 5ac0b6a new
  • github.com/prometheus/client_golang v1.20.2 -> v1.20.5
  • github.com/stretchr/testify v1.9.0 -> v1.10.0
  • github.com/tonistiigi/fsutil 31cf1f4 -> b14e27f
  • github.com/x448/float16 v0.8.4 new
  • github.com/zclconf/go-cty v1.14.4 -> v1.16.0
  • go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 -> v0.56.0
  • go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.46.1 -> v0.56.0
  • go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 -> v0.56.0
  • go.opentelemetry.io/otel v1.28.0 -> v1.31.0
  • go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 -> v1.31.0
  • go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 -> v1.31.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 -> v1.31.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 -> v1.31.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0 -> v1.31.0
  • go.opentelemetry.io/otel/metric v1.28.0 -> v1.31.0
  • go.opentelemetry.io/otel/sdk v1.28.0 -> v1.31.0
  • go.opentelemetry.io/otel/sdk/metric v1.28.0 -> v1.31.0
  • go.opentelemetry.io/otel/trace v1.28.0 -> v1.31.0
  • golang.org/x/crypto v0.27.0 -> v0.31.0
  • golang.org/x/net v0.29.0 -> v0.33.0
  • golang.org/x/oauth2 v0.21.0 -> v0.23.0
  • golang.org/x/sync v0.8.0 -> v0.10.0
  • golang.org/x/sys v0.26.0 -> v0.28.0
  • golang.org/x/term v0.24.0 -> v0.27.0
  • golang.org/x/text v0.18.0 -> v0.21.0
  • google.golang.org/genproto/googleapis/api f6361c8 -> 5fefd90
  • google.golang.org/genproto/googleapis/rpc f6361c8 -> 324edc3
  • google.golang.org/grpc v1.66.3 -> v1.68.1
  • google.golang.org/protobuf v1.35.1 -> v1.35.2
  • k8s.io/api v0.29.2 -> v0.31.2
  • k8s.io/apimachinery v0.29.2 -> v0.31.2
  • k8s.io/client-go v0.29.2 -> v0.31.2
  • k8s.io/klog/v2 v2.110.1 -> v2.130.1
  • k8s.io/kube-openapi 2dd684a -> 70dd376
  • k8s.io/utils 3b25d92 -> 18e509b
  • sigs.k8s.io/yaml v1.3.0 -> v1.4.0

Previous release can be found at v0.19.3

v0.19.3

Compare Source

Welcome to the v0.19.3 release of buildx!

Please try out the release binaries and report any issues at
https://github.com/docker/buildx/issues.

Contributors
  • Tõnis Tiigi
  • CrazyMax
Notable changes
  • Bake: change evaluation of entitlement paths to allow non-existing paths #​2860
  • Bake: ignore empty values set by --set #​2861
Dependency Changes

This release has no dependency changes

Previous release can be found at v0.19.2

v0.19.2

Compare Source

Welcome to the v0.19.2 release of buildx!

Please try out the release binaries and report any issues at
https://github.com/docker/buildx/issues.

Notable changes
  • Bake: fix issue where entitlement requests may have been not detected when Bake target writes output outside of the current working directory #​2834
  • Bake: automatically add filesystem entitlements to the paths defined with --set flag to avoid the need to allow the same path multiple times #​2834
Dependency Changes

This release has no dependency changes

Previous release can be found at v0.19.1

v0.19.1

Compare Source

buildx 0.19.1

Welcome to the v0.19.1 release of buildx!

Please try out the release binaries and report any issues at
https://github.com/docker/buildx/issues.

Notable Changes
  • Unfortunately, we had to revert the change that added new object notation for the fields that previously required CSV strings in Bake definition because of backwards incompatibility issues were discovered in some edge cases. This feature has now been postponed for future v0.20.0 release #​2824
Dependency Changes

This release has no dependency changes

Previous release can be found at v0.19.0

v0.19.0

Compare Source

buildx 0.19.0

Welcome to the v0.19.0 release of buildx!

Please try out the release binaries and report any issues at
https://github.com/docker/buildx/issues.

Contributors
  • Tõnis Tiigi
  • CrazyMax
  • David Karlsson
  • Jonathan A. Sternberg
  • Akihiro Suda
  • Guillaume Lours
  • Laurent Goderre
  • Sebastiaan van Stijn
Notable Changes
  • Bake command now requires passing filesystem entitlements with --allow when your build needs to read or write files outside of your current working directory. This feature currently only reports a warning when using local Bake definition, but will start to produce an error starting from the v0.20 release. If you wish to enable the error in the current release, you can set BUILDX_BAKE_ENTITLEMENTS_FS=1 #​2796 #​2812
  • Bake definition now supports new object notation for the fields that previously required CSV strings as inputs (output, cache-from, cache-to, secret, ssh) #​2758
  • Bake definition now allows defining validation conditions to variables #​2794
  • Compose support has been updated to v2.4.4 #​2806 #​2780
  • Metadata file values can now contain JSON array values #​2777
  • Improve error messages when using an incorrect format for labels #​2778
  • FreeBSD and OpenBSD artifacts are now included in release #​2774 #​2775 #​2781
  • Fix printing bake definition with empty Compose networks #​2790
Dependency Changes
  • github.com/cenkalti/backoff/v4 v4.2.1 -> v4.3.0
  • github.com/compose-spec/compose-go/v2 v2.4.1 -> v2.4.4
  • github.com/containerd/containerd v1.7.22 -> v1.7.24
  • github.com/containerd/continuity v0.4.4 -> v0.4.5
  • github.com/containerd/errdefs v0.1.0 -> v0.3.0
  • github.com/containerd/typeurl/v2 v2.2.0 -> v2.2.3
  • github.com/docker/cli v27.3.1 -> v27.4.0-rc.2
  • github.com/docker/docker v27.3.1 -> v27.4.0-rc.2
  • github.com/go-logr/logr v1.4.1 -> v1.4.2
  • github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 -> v2.20.0
  • github.com/moby/buildkit v0.17.0 -> v0.18.0
  • github.com/prometheus/client_golang v1.17.0 -> v1.20.2
  • github.com/prometheus/client_model v0.5.0 -> v0.6.1
  • github.com/prometheus/common v0.44.0 -> v0.55.0
  • github.com/tonistiigi/fsutil 397af53 -> 31cf1f4
  • go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 -> v0.53.0
  • go.opentelemetry.io/otel v1.21.0 -> v1.28.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 -> v1.28.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 -> v1.28.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 -> v1.28.0
  • go.opentelemetry.io/otel/metric v1.21.0 -> v1.28.0
  • go.opentelemetry.io/otel/sdk v1.21.0 -> v1.28.0
  • go.opentelemetry.io/otel/sdk/metric v1.21.0 -> v1.28.0
  • go.opentelemetry.io/otel/trace v1.21.0 -> v1.28.0
  • go.opentelemetry.io/proto/otlp v1.0.0 -> v1.3.1
  • google.golang.org/genproto/googleapis/api ef581f9 -> f6361c8
  • google.golang.org/genproto/googleapis/rpc ef581f9 -> f6361c8
  • google.golang.org/grpc v1.66.2 -> v1.66.3

Previous release can be found at v0.18.0

getsops/sops (getsops/sops)

v3.9.4

Compare Source

Installation

To install sops, download one of the pre-built binaries provided for your platform from the artifacts attached to this release.

For instance, if you are using Linux on an AMD64 architecture:

### Download the binary
curl -LO https://github.com/getsops/sops/releases/download/v3.9.4/sops-v3.9.4.linux.amd64

### Move the binary in to your PATH
mv sops-v3.9.4.linux.amd64 /usr/local/bin/sops

### Make the binary executable
chmod +x /usr/local/bin/sops
Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

### Download the checksums file, certificate and signature
curl -LO https://github.com/getsops/sops/releases/download/v3.9.4/sops-v3.9.4.checksums.txt
curl -LO https://github.com/getsops/sops/releases/download/v3.9.4/sops-v3.9.4.checksums.pem
curl -LO https://github.com/getsops/sops/releases/download/v3.9.4/sops-v3.9.4.checksums.sig

### Verify the checksums file
cosign verify-blob sops-v3.9.4.checksums.txt \
  --certificate sops-v3.9.4.checksums.pem \
  --signature sops-v3.9.4.checksums.sig \
  --certificate-identity-regexp=https://github.com/getsops \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature:

### Verify the binary using the checksums file
sha256sum -c sops-v3.9.4.checksums.txt --ignore-missing
Verify artifact provenance

The SLSA provenance of the binaries, packages, and SBOMs can be found within the artifacts associated with this release. It is presented through an in-toto link metadata file named sops-v3.9.4.intoto.jsonl. To verify the provenance of an artifact, you can utilize the slsa-verifier tool:

### Download the metadata file
curl -LO  https://github.com/getsops/sops/releases/download/v3.9.4/sops-v3.9.4.intoto.jsonl

### Verify the provenance of the artifact
slsa-verifier verify-artifact <artifact> \
  --provenance-path sops-v3.9.4.intoto.jsonl \
  --source-uri github.com/getsops/sops \
  --source-tag v3.9.4

Container Images

The sops binaries are also available as container images, based on Debian (slim) and Alpine Linux. The Debian-based container images include any dependencies which may be required to make use of certain key services, such as GnuPG, AWS KMS, Azure Key Vault, and Google Cloud KMS. The Alpine-based container images are smaller in size, but do not include these dependencies.

These container images are available for the following architectures: linux/amd64 and linux/arm64.

GitHub Container Registry
  • ghcr.io/getsops/sops:v3.9.4
  • ghcr.io/getsops/sops:v3.9.4-alpine
Quay.io
  • quay.io/getsops/sops:v3.9.4
  • quay.io/getsops/sops:v3.9.4-alpine
Verify container image signature

The container images are signed using Cosign with GitHub OIDC. To validate the signature of an image, run the following command:

cosign verify ghcr.io/getsops/sops:v3.9.4 \
  --certificate-identity-regexp=https://github.com/getsops \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
  -o text
Verify container image provenance

The container images include SLSA provenance attestations. For more information around the verification of this, please refer to the slsa-verifier documentation.

Software Bill of Materials

The Software Bill of Materials (SBOM) for each binary is accessible within the artifacts enclosed with this release. It is presented as an SPDX JSON file, formatted as <binary>.spdx.sbom.json.

What's Changed

Full Changelog: getsops/sops@v3.9.3...v3.9.4

v3.9.3

Compare Source

Installation

To install sops, download one of the pre-built binaries provided for your platform from the artifacts attached to this release.

For instance, if you are using Linux on an AMD64 architecture:

### Download the binary
curl -LO https://github.com/getsops/sops/releases/download/v3.9.3/sops-v3.9.3.linux.amd64

### Move the binary in to your PATH
mv sops-v3.9.3.linux.amd64 /usr/local/bin/sops

### Make the binary executable
chmod +x /usr/local/bin/sops
Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

### Download the checksums file, certificate and signature
curl -LO https://github.com/getsops/sops/releases/download/v3.9.3/sops-v3.9.3.checksums.txt
curl -LO https://github.com/getsops/sops/releases/download/v3.9.3/sops-v3.9.3.checksums.pem
curl -LO https://github.com/getsops/sops/releases/download/v3.9.3/sops-v3.9.3.checksums.sig

### Verify the checksums file
cosign verify-blob sops-v3.9.3.checksums.txt \
  --certificate sops-v3.9.3.checksums.pem \
  --signature sops-v3.9.3.checksums.sig \
  --certificate-identity-regexp=https://github.com/getsops \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature:

### Verify the binary using the checksums file
sha256sum -c sops-v3.9.3.checksums.txt --ignore-missing
Verify artifact provenance

The SLSA provenance of the binaries, packages, and SBOMs can be found within the artifacts associated with this release. It is presented through an in-toto link metadata file named sops-v3.9.3.intoto.jsonl. To verify the provenance of an artifact, you can utilize the slsa-verifier tool:

### Download the metadata file
curl -LO  https://github.com/getsops/sops/releases/download/v3.9.3/sops-v3.9.3.intoto.jsonl

### Verify the provenance of the artifact
slsa-verifier verify-artifact <artifact> \
  --provenance-path sops-v3.9.3.intoto.jsonl \
  --source-uri github.com/getsops/sops \
  --source-tag v3.9.3

Container Images

The sops binaries are also available as container images, based on Debian (slim) and Alpine Linux. The Debian-based container images include any dependencies which may be required to make use of certain key services, such as GnuPG, AWS KMS, Azure Key Vault, and Google Cloud KMS. The Alpine-based container images are smaller in size, but do not include these dependencies.

These container images are available for the following architectures: linux/amd64 and linux/arm64.

GitHub Container Registry
  • ghcr.io/getsops/sops:v3.9.3
  • ghcr.io/getsops/sops:v3.9.3-alpine
Quay.io
  • quay.io/getsops/sops:v3.9.3
  • quay.io/getsops/sops:v3.9.3-alpine
Verify container image signature

The container images are signed using Cosign with GitHub OIDC. To validate the signature of an image, run the following command:

cosign verify ghcr.io/getsops/sops:v3.9.3 \
  --certificate-identity-regexp=https://github.com/getsops \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
  -o text
Verify container image provenance

The container images include SLSA provenance attestations. For more information around the verification of this, please refer to the slsa-verifier documentation.

Software Bill of Materials

The Software Bill of Materials (SBOM) for each binary is accessible within the artifacts enclosed with this release. It is presented as an SPDX JSON file, formatted as <binary>.spdx.sbom.json.

What's Changed

Full Changelog: getsops/sops@v3.9.2...v3.9.3

v3.9.2

Compare Source

Installation

To install sops, download one of the pre-built binaries provided for your platform from the artifacts attached to this release.

For instance, if you are using Linux on an AMD64 architecture:

### Download the binary
curl -LO https://github.com/getsops/sops/releases/download/v3.9.2/sops-v3.9.2.linux.amd64

### Move the binary in to your PATH
mv sops-v3.9.2.linux.amd64 /usr/local/bin/sops

### Make the binary executable
chmod +x /usr/local/bin/sops
Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

### Download the checksums file, certificate and signature
curl -LO https://github.com/getsops/sops/releases/download/v3.9.2/sops-v3.9.2.checksums.txt
curl -LO https://github.com/getsops/sops/releases/download/v3.9.2/sops-v3.9.2.checksums.pem
curl -LO https://github.com/getsops/sops/releases/download/v3.9.2/sops-v3.9.2.checksums.sig

### Verify the checksums file
cosign verify-blob sops-v3.9.2.checksums.txt \
  --certificate sops-v3.9.2.checksums.pem \
  --signature sops-v3.9.2.checksums.sig \
  --certificate-identity-regexp=https://github.com/getsops \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature:

### Verify the binary using the checksums file
sha256sum -c sops-v3.9.2.checksums.txt --ignore-missing
Verify artifact provenance

The SLSA provenance of the binaries, packages, and SBOMs can be found within the artifacts associated with this release. It is presented through an in-toto link metadata file named sops-v3.9.2.intoto.jsonl. To verify the provenance of an artifact, you can utilize the slsa-verifier tool:

### Download the metadata file
curl -LO  https://github.com/getsops/sops/releases/download/v3.9.2/sops-v3.9.2.intoto.jsonl

### Verify the provenance of the artifact
slsa-verifier verify-artifact <artifact> \
  --provenance-path sops-v3.9.2.intoto.jsonl \
  --source-uri github.com/getsops/sops \
  --source-tag v3.9.2

Container Images

The sops binaries are also available as container images, based on Debian (slim) and Alpine Linux. The Debian-based container images include any dependencies which may be required to make use of certain key services, such as GnuPG, AWS KMS, Azure Key Vault, and Google Cloud KMS. The Alpine-based container images are smaller in size, but do not include these dependencies.

These container images are available for the following architectures: linux/amd64 and linux/arm64.

GitHub Container Registry
  • ghcr.io/getsops/sops:v3.9.2
  • ghcr.io/getsops/sops:v3.9.2-alpine
Quay.io
  • quay.io/getsops/sops:v3.9.2
  • quay.io/getsops/sops:v3.9.2-alpine
Verify container image signature

The container images are signed using Cosign with GitHub OIDC. To validate the signature of an image, run the following command:

cosign verify ghcr.io/getsops/sops:v3.9.2 \
  --certificate-identity-regexp=https://github.com/getsops \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
  -o text
Verify container image provenance

The container images include SLSA provenance attestations. For more information around the verification of this, please refer to the slsa-verifier documentation.

Software Bill of Materials

The Software Bill of Materials (SBOM) for each binary is accessible within the artifacts enclosed with this release. It is presented as an SPDX JSON file, formatted as <binary>.spdx.sbom.json.

What's Changed

New Contributors

Full Changelog: getsops/sops@v3.9.1...v3.9.2

google/go-containerregistry (google/go-containerregistry)

v0.20.3

Compare Source

What's Changed

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/releases branch from a7cb672 to 3c3f31d Compare November 13, 2023 10:08
@renovate renovate bot changed the title chore: update dependency moby/buildkit to v0.12.3 chore: update dependency moby/buildkit to v0.12.3 - autoclosed Nov 13, 2023
@renovate renovate bot closed this Nov 13, 2023
@renovate renovate bot deleted the renovate/releases branch November 13, 2023 13:09
@renovate renovate bot changed the title chore: update dependency moby/buildkit to v0.12.3 - autoclosed chore: update dependency moby/buildkit to v0.12.3 Nov 17, 2023
@renovate renovate bot reopened this Nov 17, 2023
@renovate renovate bot restored the renovate/releases branch November 17, 2023 02:41
@renovate renovate bot changed the title chore: update dependency moby/buildkit to v0.12.3 chore: update dependency docker/buildx to v0.12.0 Nov 19, 2023
@renovate renovate bot force-pushed the renovate/releases branch from 3c3f31d to b2a3ac9 Compare November 19, 2023 11:15
@renovate renovate bot changed the title chore: update dependency docker/buildx to v0.12.0 chore: update dependency docker/buildx to v0.12.0 - autoclosed Nov 23, 2023
@renovate renovate bot closed this Nov 23, 2023
@renovate renovate bot deleted the renovate/releases branch November 23, 2023 12:51
@renovate renovate bot changed the title chore: update dependency docker/buildx to v0.12.0 - autoclosed chore: update dependency docker/buildx to v0.12.0 Nov 30, 2023
@renovate renovate bot reopened this Nov 30, 2023
@renovate renovate bot restored the renovate/releases branch November 30, 2023 05:45
@renovate renovate bot changed the title chore: update dependency docker/buildx to v0.12.0 chore: update dependency google/go-containerregistry to v0.17.0 Dec 1, 2023
@renovate renovate bot force-pushed the renovate/releases branch from b2a3ac9 to eccd36e Compare December 1, 2023 05:56
@renovate renovate bot changed the title chore: update dependency google/go-containerregistry to v0.17.0 chore: update releases Dec 2, 2023
@renovate renovate bot force-pushed the renovate/releases branch from eccd36e to e80dfec Compare December 2, 2023 17:53
@renovate renovate bot force-pushed the renovate/releases branch from e80dfec to 3008755 Compare December 26, 2023 09:17
@renovate renovate bot force-pushed the renovate/releases branch 2 times, most recently from 122f3c6 to 7a03aca Compare January 17, 2024 23:34
@renovate renovate bot force-pushed the renovate/releases branch 2 times, most recently from c03565d to 77d0804 Compare February 1, 2024 02:59
@renovate renovate bot changed the title chore: update releases chore: update releases - autoclosed Feb 2, 2024
@renovate renovate bot closed this Feb 2, 2024
@renovate renovate bot deleted the renovate/releases branch February 2, 2024 10:56
@renovate renovate bot restored the renovate/releases branch February 9, 2024 04:59
@renovate renovate bot changed the title chore: update releases - autoclosed chore: update releases Feb 9, 2024
@renovate renovate bot reopened this Feb 9, 2024
@renovate renovate bot force-pushed the renovate/releases branch 5 times, most recently from d3be955 to 9b71427 Compare December 12, 2024 02:15
@renovate renovate bot force-pushed the renovate/releases branch from 9b71427 to 9e698a3 Compare December 14, 2024 02:20
@renovate renovate bot force-pushed the renovate/releases branch 4 times, most recently from 23943f8 to 246614c Compare December 28, 2024 05:41
@renovate renovate bot force-pushed the renovate/releases branch 3 times, most recently from 5d8fb57 to f77cc4a Compare January 7, 2025 03:00
@renovate renovate bot force-pushed the renovate/releases branch 4 times, most recently from a8474a6 to 5eae75b Compare January 16, 2025 00:07
@renovate renovate bot force-pushed the renovate/releases branch 3 times, most recently from efcf6c5 to 36ae388 Compare January 23, 2025 03:57
@renovate renovate bot force-pushed the renovate/releases branch 5 times, most recently from c545ca9 to 1dbe9d0 Compare February 1, 2025 03:33
@renovate renovate bot force-pushed the renovate/releases branch 3 times, most recently from 16d4f2a to 970d497 Compare February 8, 2025 11:02
@renovate
chore: update releases
bd5375b 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/releases branch from 970d497 to bd5375b Compare February 11, 2025 03:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants