renovate[bot]
commented
2 months ago ℹ Artifact update notice
File name: go.mod
In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):
- 4 additional dependencies were updated
| Details: | Package | Change |
|---|---|---|
carvel.dev/imgpkg |
v0.40.0 -> v0.42.2 |
|
github.com/cheggaaa/pb/v3 |
v3.1.4 -> v3.1.5 |
|
github.com/google/go-containerregistry |
v0.16.1 -> v0.19.1 |
|
github.com/mattn/go-runewidth |
v0.0.14 -> v0.0.15 |
This PR contains the following updates:
v0.40.1->v0.40.2Release Notes
carvel-dev/vendir (carvel.dev/vendir)
### [`v0.40.2`](https://togithub.com/carvel-dev/vendir/releases/tag/v0.40.2) [Compare Source](https://togithub.com/carvel-dev/vendir/compare/v0.40.1...v0.40.2)
##### Installation ##### By downloading binary from the release For instance, if you are using Linux on an AMD64 architecture: ```shell ### Download the binary curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/vendir-linux-amd64 ### Move the binary in to your PATH mv vendir-linux-amd64 /usr/local/bin/vendir ### Make the binary executable chmod +x /usr/local/bin/vendir ``` ##### Via Homebrew (macOS or Linux) ```shell $ brew tap carvel-dev/carvel $ brew install vendir $ vendir version ``` ##### Verify checksums file signature Install cosign on your system https://docs.sigstore.dev/system_config/installation/ The checksums file provided within the artifacts attached to this release is signed using [Cosign](https://docs.sigstore.dev/cosign/overview/) with GitHub OIDC. To validate the signature of this file, run the following commands: ```shell ### Download the checksums file, certificate and signature curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/checksums.txt curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/checksums.txt.pem curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.2/checksums.txt.sig ### Verify the checksums file cosign verify-blob checksums.txt \ --certificate checksums.txt.pem \ --signature checksums.txt.sig \ --certificate-identity-regexp=https://github.com/carvel-dev \ --certificate-oidc-issuer=https://token.actions.githubusercontent.com ``` ##### Verify binary integrity To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature. ```shell ### Verify the binary using the checksums file sha256sum -c checksums.txt --ignore-missing ```Installation and signature verification
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.