Skip to content

Bump k8s.io/release from 0.9.0 to 0.10.0 in /hack/tools #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Bump k8s.io/release from 0.9.0 to 0.10.0 in /hack/tools #46

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Aug 16, 2021

Bumps k8s.io/release from 0.9.0 to 0.10.0.

Release notes

Sourced from k8s.io/release's releases.

v0.10.0

Changes by Kind

Feature

  • Allows more options to be passed to the SPDX document builder
    • File analysis is now done in parallel speeding the kubernetes bom generation significally
    • When generating a SPDX package from a directory, file paths will now be relative to the dir root
    • Golang packages that have local replacements will be honored saving a considerable amount of downloads
    • Fixed a bug where we would erase the local golang package install
    • Fixed a bug where license data would be saved in the download cache directory, resulting in the license classifier having a lower accuracy
    • Golang packages will now include all license text in the SBOM as well as the SPDX license identifier
    • New function license.ReadTopLicense() will scan and return only the most significant license in a directory, potentially avoiding thousands of operations in the classifier code. (#2096, @​puerco) [SIG Release]
  • Apache-2.0 is now defined as the default and expressed license in packages
    • The SPDX package now supports ExternalDocRef making it possible to define external documents related to an SBOM
    • Added functions to the release package to get the produced artifacts (ListBuildImages, ListBuildTarballs, ListBuildBinaries)
    • Added release tarballs (client, server, node) to artifacts SBOM
    • Binaries are now listed with their correct relative paths in the artifacts SBOM
    • FIxed a bug where SPDX Ids would clash when two packages shared the same base image
    • The source code SBOM is now referenced by the artifacts sbom packages as GENERATED_FROM
    • Added tests to ensure SPDX Relationships render correctly (#2156, @​puerco) [SIG Release]
  • Changed archived Kubernetes release sources to be compressed as tarball (#2130, @​saschagrunert) [SIG Release]
  • Debian-base: Build buster-v1.8.0 image (#2135, @​jindijamie) [SIG Release]
  • Debian-base: Build buster-v1.9.0 image (#2189, @​justaugustus) [SIG Release]
  • Debian-iptables: Build buster-v1.6.5 image
  • Debian-iptables: Build buster-v1.6.6 image
  • Fixed a bug that was causing errors downloading go packages, except for a few specific deps, we now have licensing data for all packages.
    • Correct a bug where HTML entities were being introduced into the spdx licenses and output. The code was wrongly using html/template instead of text/template.
    • There is now a new Relationship type and a better way to relate objects among themselves via a new spdx.Object interface
    • New SPDX object interface. This is important as we will start having functions that can take either packages or files, hence we create the interface to address them both
    • Changes the way image references are treated when generating an SBOM from an image reference. Now, The spdx package will now fetch all images for all architectures found
    • New function to generates a valid SPDX ID string, optionally it can take strings as seeds to generate a more intuitive ID for packages and files.
    • Fixes a bug where month and day were in the wrong order in the SPDX document date. (#2147, @​puerco) [SIG Release]
  • K8s-ci-builder: Add 1.22 variant, drop 1.18 variant
    • k8s-ci-builder: Add 1.23 variant
    • k8s-ci-builder: Build go1.16.6 images
    • k8s-cloud-builder: Build v1.17.0-rc.1-1 image (#2168, @​justaugustus) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: Build image using go1.15.15 (#2200, @​cpanato) [SIG Release]
  • K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.7 (#2198, @​cpanato) [SIG Release]
  • K8s-cloud-builder: Build image using go1.16.6 (#2163, @​puerco) [SIG Release]
  • K8s-cloud-builder: Build v1.17.0-rc.2-1 image (#2190, @​justaugustus) [SIG Release]
  • Schedule-builder: add new field (#2173, @​cpanato) [SIG Release]
  • Stage now runs completely without setting the github token in the k/k clone remote configuration
    • krel now resets the git origin remote in the staged clone of kubernetes/kubernetes to pickup a new GITHUB_TOKEN if we change it.
    • before archiving the release, we now delete the git remote config (#2127, @​puerco) [SIG Release]
  • The binary.Binary object has a new method ContainsString() that allows for searching inside the binary for one or more strings.
    • The release process now has a new step during staging: VerifyArtifacts. Where during which we will perform checks of the artifacts we produce.
    • Binaries are now checked to ensure they are of the expected platform/arch

... (truncated)

Commits
  • 82b23b9 Merge pull request #2200 from cpanato/cloud-builder-go115
  • 0f37977 k8s-cloud-builder/k8s-ci-builder: Build image using go1.15.15
  • fd8145c Merge pull request #2198 from cpanato/cloud-builder
  • afff9ea k8s-cloud-builder/k8s-ci-builder: Build image using go1.16.7
  • 286b0c2 Merge pull request #2197 from cpanato/go116-go115
  • 2cc1dbc kubepkg/packages-deb: update base image to go1.16.7
  • c5ccab0 kube-cross: Build v1.16.7-1 and v1.15.15-1 images
  • ec89879 releng-ci: build image for go1.16.7 and go1.15.15
  • 43a3be2 go-runner: Build v2.3.1-go1.16.7-buster.0 and v2.3.1-go1.15.15-buster.0
  • 13685b2 [go] go1.16.7 and go1.15.15 updates
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump k8s.io/release from 0.9.0 to 0.10.0 in /hack/tools
e011823 
Bumps [k8s.io/release](https://github.com/kubernetes/release) from 0.9.0 to 0.10.0.
- [Release notes](https://github.com/kubernetes/release/releases)
- [Changelog](https://github.com/kubernetes/release/blob/master/docs/release-notes-maps.md)
- [Commits](kubernetes/release@v0.9.0...v0.10.0)

---
updated-dependencies:
- dependency-name: k8s.io/release
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Aug 16, 2021
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Sep 27, 2021

Superseded by #57.

@dependabot dependabot bot closed this Sep 27, 2021
@dependabot dependabot bot deleted the dependabot/go_modules/hack/tools/k8s.io/release-0.10.0 branch September 27, 2021 03:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant