build(deps): bump chainguard.dev/apko from 0.19.2 to 0.19.4

[dependabot[bot]]

Bumps chainguard.dev/apko from 0.19.2 to 0.19.4.

Release notes

Sourced from chainguard.dev/apko's releases.

Release v0.19.4

What's Changed

• fix data race in index cache by @​imjasonh in chainguard-dev/apko#1369
• fix concurrent annotation map update by @​imjasonh in chainguard-dev/apko#1370
• set downloadLocation to NOASSERTION when apk.URL is unset by @​imjasonh in chainguard-dev/apko#1372
• Make MergeInto threadsafe by @​jonjohnsonjr in chainguard-dev/apko#1374

Full Changelog: https://github.com/chainguard-dev/apko/compare/v0.19.3...v0.19.4

Release v0.19.3

What's Changed

• cg auth: fix sometimes by @​imjasonh in chainguard-dev/apko#1314
• set OCI created annotation by @​imjasonh in chainguard-dev/apko#1316
• Cache some more expensive operations by @​jonjohnsonjr in chainguard-dev/apko#1317
• build(deps): bump github/codeql-action from 3.26.8 to 3.26.9 by @​dependabot in chainguard-dev/apko#1318
• build(deps): bump github.com/klauspost/compress from 1.17.9 to 1.17.10 by @​dependabot in chainguard-dev/apko#1315
• build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @​dependabot in chainguard-dev/apko#1319
• Fail if APKINDEX has single-character lines by @​jonjohnsonjr in chainguard-dev/apko#1321
• fix(ci): mark GitHub releases as latest from prerelease by @​p5 in chainguard-dev/apko#1277
• build(deps): bump github/codeql-action from 3.26.9 to 3.26.10 by @​dependabot in chainguard-dev/apko#1323
• build(deps): bump google.golang.org/api from 0.198.0 to 0.199.0 by @​dependabot in chainguard-dev/apko#1320
• build(deps): bump go.step.sm/crypto from 0.52.0 to 0.53.0 by @​dependabot in chainguard-dev/apko#1322
• Drop a period from a command's help by @​murraybd in chainguard-dev/apko#1312
• use slog default logger for CG auth exchange by @​imjasonh in chainguard-dev/apko#1324
• cleanup: remove Lima documentation by @​luhring in chainguard-dev/apko#1325
• don't attempt to discover keys for file path repos by @​imjasonh in chainguard-dev/apko#1326
• Make etag checks optional by @​jonjohnsonjr in chainguard-dev/apko#1327
• build(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @​dependabot in chainguard-dev/apko#1333
• build(deps): bump github/codeql-action from 3.26.10 to 3.26.11 by @​dependabot in chainguard-dev/apko#1332
• build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @​dependabot in chainguard-dev/apko#1329
• build(deps): bump chainguard.dev/sdk from 0.1.25 to 0.1.26 by @​dependabot in chainguard-dev/apko#1328
• build(deps): bump github.com/sigstore/cosign/v2 from 2.4.0 to 2.4.1 by @​dependabot in chainguard-dev/apko#1331
• Update go to 1.23.2 and golangci-lint by @​cpanato in chainguard-dev/apko#1334
• build(deps): bump golang.org/x/time from 0.6.0 to 0.7.0 by @​dependabot in chainguard-dev/apko#1336
• build(deps): bump golang.org/x/sys from 0.25.0 to 0.26.0 by @​dependabot in chainguard-dev/apko#1335
• build(deps): bump go.step.sm/crypto from 0.53.0 to 0.54.0 by @​dependabot in chainguard-dev/apko#1338
• build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 by @​dependabot in chainguard-dev/apko#1339
• build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @​dependabot in chainguard-dev/apko#1340
• build(deps): bump google.golang.org/api from 0.199.0 to 0.201.0 by @​dependabot in chainguard-dev/apko#1348
• build(deps): bump chainguard.dev/sdk from 0.1.26 to 0.1.27 by @​dependabot in chainguard-dev/apko#1347
• build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 by @​dependabot in chainguard-dev/apko#1344
• build(deps): bump go.opentelemetry.io/otel from 1.30.0 to 1.31.0 by @​dependabot in chainguard-dev/apko#1346
• build(deps): bump github.com/klauspost/compress from 1.17.10 to 1.17.11 by @​dependabot in chainguard-dev/apko#1343
• build(deps): bump chainguard.dev/sdk from 0.1.27 to 0.1.28 by @​dependabot in chainguard-dev/apko#1351
• Preserve APK timestamps when using dirfs by @​jonjohnsonjr in chainguard-dev/apko#1352
• Work around sendfile bug by @​jonjohnsonjr in chainguard-dev/apko#1359
• don't attempt to discover chainguard keys for local file paths by @​imjasonh in chainguard-dev/apko#1360
• SBOM test cleanup by @​luhring in chainguard-dev/apko#1361
• allow key lookups for http by @​ajayk in chainguard-dev/apko#1365

... (truncated)

Commits

• dfd80b4 Make MergeInto threadsafe (#1374)
• 553db7a set downloadLocation to NOASSERTION when apk.URL is unset (#1372)
• 9f37db8 fix concurrent annotation map update (#1370)
• 86d9078 fix data race in index cache (#1369)
• f34db09 build(deps): bump k8s.io/apimachinery from 0.31.1 to 0.31.2 (#1363)
• eeea448 build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 (#1356)
• 480eadb build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#1355)
• c83b689 build(deps): bump google.golang.org/api from 0.201.0 to 0.203.0 (#1362)
• 46d530a Avoid race when mutating annotations (#1368)
• f60d40e Stop using real headers for side channels (#1367)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Looks like chainguard.dev/apko is up-to-date now, so this is no longer needed.