- Alpine base image to v3.21.3
- Go image to latest commit
- ECR credential helper to latest commit
- docker/build-push-action to v6.14.0
- sigstore/cosign to v2.4.3
- sigstore/cosign-installer to v3.8.1
- github.com/klauspost/compress to v1.18.0
- github.com/spf13/cobra to v1.9.1
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- Support for Go 1.21 is dropped, leaving 1.22 the minimum release
- Go base image to 1.24.0
- ECR helper to latest commit
- gosec to v2.22.1
- dominikh/go-tools for staticcheck to v0.6.0
- olareg/olareg to v0.1.2
- Fixing staticcheck linter warnings
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- Go to v1.23.6
- ECR helper to latest commit
- sigstore/cosign to v2.4.2
- docker/setup-buildx-action to v3.9.0
- sigstore/cosign-installer to v3.8.0
- golang.org/x/sys to v0.30.0
- golang.org/x/term to v0.29.0
Security: the Go update fixes CVE-2025-22866
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- Go to 1.23.3
- ECR Helper to latest commit
- GCR helper to v2.1.26
- anchore/syft to v1.16.0
- anchore/sbom-action to v0.17.7
- davidanson/markdownlint-cli2 to v0.15.0
- golang.org/x/sys to v0.27.0
- golang.org/x/term to v0.26.0
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- actions checkout to v4.2.1
- actions/upload-artifact to v4.4.3
- anchore/sbom-action to v17.3
- anchore/syft to v1.14.0- ECR helper to latest commit
- klauspost/compress to v1.17.11
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- ECR Helper to latest commit
- Go to 1.23.2
- sigstore/cosign to v2.4.1
- actions/upload-artifact to v4.4.1
- docker/setup-buildx-action to v3.7.1
- sigstore/cosign-installer to v3.7.0
- google/osv-scanner to v1.9.0
- klauspost/compress to v1.17.0
- golang.org/x/sys to v0.26.0
- golang.org/x/term to v0.25.0
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- ECR Helper to latest commit
- GCloud Helper to v2.1.25
- securego/gosec to v2.21.1
- Alpine to 3.20.3
- Go to 1.23.1
- davidanson/markdonlint-cli2 to v0.14.0
- golang.org/x/sys to v0.25.0
- golang.org/x/term to v0.24.0
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- actions/upload-artifact to v4.3.6
- anchore/sbom-action to v0.17.1
- docker/build-push-action to v6.7.0
- github/codeql-action to v3.26.3
- sigstore/cosign-installer to v3.6.0
- ECR credential helper to latest commit
- dominikh/go-tools to v0.5.1
- google/osv-scanner to v1.8.3
- sigstore/cosign to v2.4.0
- anchore/syft to v1.11.1
- Go to 1.21 - 1.23 (dropping 1.20 support)
- Zot to v2.1.1
- olareg to v0.1.1
- golang.org/x/sys to v0.24.0
- golang.org/x/term to v0.23.0
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- Go to 1.22.5
- actions/upload-artifact to v4.3.4
- docker/build-push-action to v6.3.0
- docker/setup-buildx-action to v3.4.0
- github/codeql-action to v3.25.11
- ECR Helper to latest commit
- icholy/gomajor to v0.12.0
- anchore/syft to v1.8.0
- golang.org/x/sys to v0.22.0
- golang.org/x/term to v0.22.0
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- actions/checkout to v4.1.7
- docker/build-push-action to v6.1.0
- github/codeql-action to v3.25.10
- softprops/action-gh-release to v2.0.6
- ECR helper to latest commit
- google-osv-scanner to v1.8.1
- anchore-syft to v1.7.0
- Alpine to 3.20.1
- klauspost/compress to v1.17.9
- spf13/cobra to v1.8.1
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- github/codeql-action to v3.25.8
- ECR credential helper to latest commit
- govulncheck to v1.1.2
- Go to 1.22.4
- golang.org/x/sys to v0.21.0
- golang.org/x/term to v0.21.0
- Fixes CVE-2024-24790
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- docker/setup-buildx-action to v3.3.0
- github/codeql-action to v3.24.10
- sigstore/cosign-installer to v3.5.0
- ECR credential helper to latest commit
- sigstore/cosign to v2.2.4
- Go to v1.22.2
- anchore/syft to v1.1.1
- markdownlint to v0.13.0
- xz to v0.5.12
- golang.org/x/sys to v0.19.0
- golang.org/x/term to v0.19.0
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- docker/build-push-actions to v5.3.0
- docker/login-action to v3.1.0
- docker/setup-buildx-actions to v3.2.0
- github/cocdeql-actions to v3.24.8
- softprops/action-gh-release to v2.0.4
- awslabs/amazon-ecr-credential-helper to latest commit
- grafi-tt/lunajson to latest commit
- OSV Scanner to v1.7.1
- Zot to v2.0.2
- Go base image digest
- olareg to latest commit
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- anchore/sbom-action to v0.15.9
- docker/setup-buildx-action to v3.1.0
- github/codeql-action to v3.24.6
- OSV scanner to v1.7.0
- Syft to v1.0.1
- Golang base image to v1.22.1
- golang.org/x/sys to v0.18.0
- golang.org/x/term to v0.18.0
- olareg to latest commit
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- Adding pins for base image annotation
- codeql-action to v3.24.5
- staticcheck to v0.4.7
- olareg to latest commit
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- Go adding 1.22 and dropping 1.19 support
- govulncheck to v1.0.4
- anchore/syft to v0.104.0
- regclient/actions commit
- Go base image digest
- ECR Credential helper commit
- olareg commit
- golang.org/x/sys to v0.17.0
- golang.org/x/term to v0.17.0
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- anchore/sbom-action to v0.15.8
- github/codeql-action to v3.24.0
- sigstore/cosign-installer to v3.4.0
- google/osv-scanner to v1.6.2
- icholy/gomajor to v0.10.1
- sigstore/cosign to v2.2.3
- anchore/syft to v0.103.1
- olareg to latest commit
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- github/codeql-action to v3.23.2
- syft to v0.102.0
- Alpine base image to 3.19.1
- Golang base image digest
- olareg to latest commit
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- actions/upload-artifact to v4.3.0
- anchore/sbom-action to v0.15.5
- ECR credential helper to latest commit
- GCR credential helper to v2.1.22
- OSV scanner to v1.6.1
- govulncheck to v1.0.3
- Go base image digest
- Syft to v0.101.1
- uuid package to v1.6.0
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- olareg to latest commit
- golang.org/x/sys to v0.16.0
- golang.org/x/term to v0.16.0
- golang base image to v1.21.6
- anchore/sbom-actions to v0.15.3
- anchore/syft to v0.100.0
- github/codeql-action to v3.23.0
- ECR credential helper to latest commit
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- Alpine base image to v3.18.5
- Golang base image digest
- Syft to v0.98.0
- gopher-lua to v1.1.1
- golang.org/x to v0.15.0
Signed-off-by: Brandon Mitchell <git@bmitch.net>
- Go to 1.21.4
- golang.org/x/term to v0.14.0
- Cosign to v2.2.1
- Cosign installer to v3.2.0
- GCR Helper to v2.1.20
- Syft to v0.95.0
Signed-off-by: Brandon Mitchell <git@bmitch.net>
