Bump chainguard.dev/apko from 0.13.3 to 0.14.3

[dependabot[bot]]

Bumps chainguard.dev/apko from 0.13.3 to 0.14.3.

Release notes

Sourced from chainguard.dev/apko's releases.

Release v0.14.3

What's Changed

• backpopulate supplier & set filesAnalyzed=false by @​xnox in chainguard-dev/apko#1137

Full Changelog: https://github.com/chainguard-dev/apko/compare/v0.14.2...v0.14.3

Release v0.14.2

What's Changed

• build(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0 by @​dependabot in chainguard-dev/apko#1109
• build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @​dependabot in chainguard-dev/apko#1112
• build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by @​dependabot in chainguard-dev/apko#1114
• build(deps): bump golangci/golangci-lint-action from 5.1.0 to 6.0.1 by @​dependabot in chainguard-dev/apko#1115
• build(deps): bump sigs.k8s.io/release-utils from 0.8.1 to 0.8.2 by @​dependabot in chainguard-dev/apko#1113
• Bump go-apk by @​jonjohnsonjr in chainguard-dev/apko#1120
• Fix duplicates when overlaying the config with config with no contents by @​sfc-gh-mhazy in chainguard-dev/apko#1119
• Bump go-apk to pick up conflict fix by @​jonjohnsonjr in chainguard-dev/apko#1124
• Bump go-apk by @​jonjohnsonjr in chainguard-dev/apko#1125
• spdx: allow specifying custom license by @​xnox in chainguard-dev/apko#1127
• build(deps): bump github/codeql-action from 3.25.4 to 3.25.6 by @​dependabot in chainguard-dev/apko#1132
• build(deps): bump github.com/package-url/packageurl-go from 0.1.2 to 0.1.3 by @​dependabot in chainguard-dev/apko#1129
• build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 by @​dependabot in chainguard-dev/apko#1122
• build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @​dependabot in chainguard-dev/apko#1130
• build(deps): bump step-security/harden-runner from 2.7.1 to 2.8.0 by @​dependabot in chainguard-dev/apko#1135
• build(deps): bump go.opentelemetry.io/otel from 1.26.0 to 1.27.0 by @​dependabot in chainguard-dev/apko#1134
• sbom: fixup merging LicensingInfos during Image SBOM generation by @​xnox in chainguard-dev/apko#1133

New Contributors

• @​xnox made their first contribution in chainguard-dev/apko#1127

Full Changelog: https://github.com/chainguard-dev/apko/compare/v0.14.1...v0.14.2

Release v0.14.1

What's Changed

• Make apko dot show errors by @​jonjohnsonjr in chainguard-dev/apko#1024
• build(deps): bump actions/setup-go from 4.1.0 to 5.0.0 by @​dependabot in chainguard-dev/apko#978
• build(deps): bump github.com/sigstore/cosign/v2 from 2.2.1 to 2.2.3 by @​dependabot in chainguard-dev/apko#1026
• build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.4.0 by @​dependabot in chainguard-dev/apko#1025
• build(deps): bump github/codeql-action from 2.22.6 to 3.23.2 by @​dependabot in chainguard-dev/apko#1018
• build(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.19.0 by @​dependabot in chainguard-dev/apko#1021
• build(deps): bump github.com/chainguard-dev/clog from 1.2.3-0.20240116182827-04bee692f7a8 to 1.3.0 by @​dependabot in chainguard-dev/apko#1019
• use charm logger by @​imjasonh in chainguard-dev/apko#1028
• Plumb ctx through daemon package by @​jonjohnsonjr in chainguard-dev/apko#1029
• Cancel context on interrupt signal by @​jonjohnsonjr in chainguard-dev/apko#1030
• move some logs to debug, avoid duplicate work/logs by @​imjasonh in chainguard-dev/apko#1034
• Preserve APK hardlinks by @​jonjohnsonjr in chainguard-dev/apko#1038
• Make sure we clean up after ourselves by @​jonjohnsonjr in chainguard-dev/apko#1040
• Allow apko dot to be cancelled by @​jonjohnsonjr in chainguard-dev/apko#1031
• Drop creating group log by @​jonjohnsonjr in chainguard-dev/apko#1045
• Store checksum of apko-config in the lock-file to detect changes in origin. by @​sfc-gh-ptabor in chainguard-dev/apko#1012

... (truncated)

Commits

• 4800950 Merge pull request #1137 from xnox/backpopulate-supplier
• 4690135 spdx: fixup PackageVerificationCode setting
• 8231da0 spdx: fixup filesAnalyzed setting
• 7df43d4 spdx: backpopulate supplier & originator for packages
• d952ba1 spdx: Add test case of merging pkg SBOM without supplier
• 80a73b1 spdx: rename expected.spdx.json ahead of more tests
• 5c68fe8 Merge pull request #1133 from xnox/custom-license-image-sbom
• 995b848 Merge pull request #1134 from chainguard-dev/dependabot/go_modules/go.opentel...
• dbef81d Merge pull request #1135 from chainguard-dev/dependabot/github_actions/step-s...
• 3e6eeb2 spdx: Add test of SBOM of packages with custom licenses
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #2788.