kpack v0.11.6

What's Changed

• [v0.11.x] Backport additional labels for builder by @chenbh in #1508

sha256 checksum:

5e3bf393f19fdfcb6891ce8294d945227143c3ba18c2364845f418bd25bb3c94  release-0.11.6.yaml

Full Changelog: v0.11.5...v0.11.6

kpack v0.13.1

This is the first release in the v0.13 minor, v0.13.0 is tagged but unreleased due to a problem in the release pipeline.

What's Changed

• A few updates to the getting started docs by @natalieparellano in #1330
• chore: remove refs to deprecated io/ioutil by @testwill in #1331
• Add support for signing Builders and ClusterBuilders by @stormqueen1990 in #1208
• Add support for cloning git submodules by @tomkennedy513 in #1355
• Improve submodule support by @tomkennedy513 in #1361
• Bump lifecycle to 0.17.2 by @tomkennedy513 in #1375
• Move config options into dedicated struct by @chenbh in #1379
• Replace github.com/ghodss/yaml with sigs.k8s.io/yaml by @Juneezee in #1432
• Added timestamp boolean for TailBuildName to be used in kpcli by @pviraj59 in #1458
• Added timestamp to ImageLogTailer by @pviraj59 in #1461
• Bumps the lifecycle version for the lifecycleImage by @natalieparellano in #1484
• Add in the initial configuration to add the image labels by @alexbarbato in #1448
• SLSA attestations for the Build resource (aka app image attestations) by @chenbh in #1449

Bug Fixes

• Fix typo in unit tests by @tomkennedy513 in #1341
• Fix cloning with Azure DevOps Git by @tomkennedy513 in #1337
• Add Builder UpToDate Condition by @tomkennedy513 in #1370
• Fix a minor typo ClusterBuilderpack... by @usiegj00 in #1469

Bumped Dependencies

• Bump github.com/buildpacks/lifecycle from 0.17.0 to 0.17.1 by @dependabot in #1329
• Bump go.uber.org/zap from 1.25.0 to 1.26.0 by @dependabot in #1327
• Bump github.com/go-git/go-git/v5 from 5.8.1 to 5.9.0 by @dependabot in #1325
• Bump carvel-dev/setup-action from 1 to 2 by @dependabot in #1335
• Bump golang.org/x/sync from 0.3.0 to 0.4.0 by @dependabot in #1348
• Bump golang.org/x/net from 0.15.0 to 0.16.0 by @dependabot in #1346
• Bump golang.org/x/net from 0.16.0 to 0.17.0 by @dependabot in #1352
• Bump github.com/buildpacks/lifecycle from 0.17.1 to 0.17.2 by @dependabot in #1360
• Bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible by @dependabot in #1364
• Bump google.golang.org/grpc from 1.57.0 to 1.57.1 by @dependabot in #1362
• Bump github.com/sigstore/cosign/v2 from 2.2.0 to 2.2.1 by @dependabot in #1369
• Run go mod tidy by @tomkennedy513 in #1371
• Bump golang.org/x/net from 0.17.0 to 0.18.0 by @dependabot in #1373
• Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 by @dependabot in #1382
• Bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0 by @dependabot in #1363
• Bump golang.org/x/net from 0.18.0 to 0.19.0 by @dependabot in #1430
• Bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 by @dependabot in #1428
• Bump actions/setup-go from 4 to 5 by @dependabot in #1443
• Bump github.com/sigstore/cosign/v2 from 2.2.1 to 2.2.2 by @dependabot in #1445
• Bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 by @dependabot in #1444
• Bump golang.org/x/crypto from 0.16.0 to 0.17.0 by @dependabot in #1459
• Bump actions/download-artifact from 3 to 4 by @dependabot in #1453
• Bump actions/upload-artifact from 3 to 4 by @dependabot in #1452
• Bump github.com/cloudflare/circl from 1.3.5 to 1.3.7 by @dependabot in #1472
• Bump golang.org/x/crypto from 0.17.0 to 0.18.0 by @dependabot in #1478
• Bump k8s api dependencies to 0.29.0 by @danail-branekov in #1482

New Contributors

• @testwill made their first contribution in #1331
• @xtreme-shane-lattanzio made their first contribution in #1345
• @Juneezee made their first contribution in #1432
• @pviraj59 made their first contribution in #1458
• @usiegj00 made their first contribution in #1469
• @alexbarbato made their first contribution in #1448
• @danail-branekov made their first contribution in #1482

sha256 checksum:

9f229708f2372807efa877f62cd3df5d8a17b67ea47b99fad940abe8e3618f22  release-0.13.1.yaml

Full Changelog: v0.12.3...v0.13.1

kpack v0.11.5

This release bumps the lifecycle image to 0.17.2 to address CVEs in the go standard library

What's Changed

• [0.11.x] Bump lifecycle to 0.17.2 by @chenbh in #1435

Full Changelog: v0.11.4...v0.11.5

sha256 checksum:

ff6ba49af0b26955a8c3576305d61922ca11baa728bf19ae915fb3db3d4e06eb  release-0.11.5.yaml

kpack v0.10.5

This release bumps the lifecycle image to 0.17.2 to address CVEs in the go standard library

What's Changed

• [0.10.x] Bump lifecycle to 0.17.2 by @chenbh in #1434

Full Changelog: v0.10.4...v0.10.5

sha256 checksum:

e49bb0cf6e7d9ac27ce20de49acd04ca842ccd42fde3cd96a9a87b212ebc43a6  release-0.10.5.yaml

kpack v0.9.7

This release bumps the lifecycle image to 0.17.2 to address CVEs in the go standard library

What's Changed

• [0.9.x] Bump lifecycle image to 0.17.2 by @chenbh in #1433

Full Changelog: v0.9.6...v0.9.7

sha256 checksum:

4658aadba673379504a59f8e516ee2968c2a648bb39bb0b564d816a14ca547a2  release-0.9.7.yaml

kpack v0.11.4

This release bumps dependencies and upgrades to go1.21.4

What's Changed

• [0.11] Tag release images by @tomkennedy513 in #1386

Bumped Dependencies

• Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @dependabot in #1405
• Bump github.com/stretchr/testify from 1.8.2 to 1.8.4 by @dependabot in #1401
• Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 by @dependabot in #1403
• [0.11.x] Bump deps and go version for CVE fixes by @chenbh in #1411

Full Changelog: v0.11.3...v0.11.4

sha256 checksum:

38c4754abde81f5acdca5c481c5422fbc4baadaa346e13df6ce46b1fe26d5150  release-0.11.4.yaml

kpack v0.10.4

This release bumps dependencies and upgrades to go1.21.4

What's Changed

• [0.10] Tag release images by @tomkennedy513 in #1387

Bumped Dependencies

• Bump github.com/theupdateframework/notary from 0.6.2-0.20200804143915-84287fd8df4f to 0.7.0 by @dependabot in #1396
• Bump github.com/BurntSushi/toml from 1.1.0 to 1.3.2 by @dependabot in #1398
• Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @dependabot in #1399
• Bump github.com/stretchr/testify from 1.8.0 to 1.8.4 by @dependabot in #1392
• [0.10.x] Bump deps and go version for CVE fixes by @chenbh in #1412

Full Changelog: v0.10.3...v0.10.4

sha256 checksum:

82a00ae630c903dc1fc21190a08a76d5ede456af8be587282b58acfdc5bdde5b  release-0.10.4.yaml

kpack v0.9.6

This release bumps dependencies and upgrades to go1.21.4

What's Changed

• [0.9] Tag release images by @tomkennedy513 in #1388

Bumped Dependencies

• Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 by @dependabot in #1409
• Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @dependabot in #1406
• [0.9.x] Bump deps and go version for CVE fixes by @chenbh in #1413

Full Changelog: v0.9.5...v0.9.6

sha256 checksum:

3a36541943f573869480d72b0247ab1b009fa13b8646ef31795d5793563b3ea3  release-0.9.6.yaml

kpack v0.12.3

This release is bumping dependencies and upgrading to go1.21.4

Bumped Dependencies

• [0.12] Tag release images by @tomkennedy513 in #1384
• [0.12.x] Cherry-pick dependabot updates and bump go compiler by @chenbh in #1380
  • Bump go.uber.org/zap from 1.25.0 to 1.26.0
  • Bump github.com/buildpacks/lifecycle from 0.17.0 to 0.17.1
  • Bump github.com/go-git/go-git/v5 from 5.8.1 to 5.9.0
  • Bump carvel-dev/setup-action from 1 to 2
  • Bump golang.org/x/sync from 0.3.0 to 0.4.0
  • Bump golang.org/x/net from 0.15.0 to 0.16.0
  • Bump golang.org/x/net from 0.16.0 to 0.17.0
  • Bump github.com/buildpacks/lifecycle from 0.17.1 to 0.17.2
  • Bump google.golang.org/grpc from 1.57.0 to 1.57.1
  • Bump github.com/docker/docker
  • Bump github.com/sigstore/cosign/v2 from 2.2.0 to 2.2.1
  • Bump golang.org/x/net from 0.17.0 to 0.18.0

Full Changelog: v0.12.2...v0.12.3

sha256 checksum:

bb4a5f4f357e408fb9b74b3a134e3ceaadec13c23606dfa0fdadcbe160104339  release-0.12.3.yaml

kpack v0.11.3

What's Changed

• [0.11.x] Fix cloning with Azure DevOps Git by @tomkennedy513 in #1339

Full Changelog: v0.11.2...v0.11.3

sha256 checksum:

0c72f22ee309d26e95961616e696a74732f315610b7cd879a94cec0442314f51  release-0.11.3.yaml