v0.0.15

What's Changed

• build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @dependabot[bot] in #300
• build(deps): bump alpine from 3.20.3 to 3.21.0 by @dependabot[bot] in #304
• build(deps): bump library/golang from 1.23.3-alpine to 1.23.4-alpine by @dependabot[bot] in #301
• build(deps): bump golang from 1.23.3 to 1.23.4 by @dependabot[bot] in #302
• build(deps): bump golang.org/x/sync from 0.9.0 to 0.10.0 by @dependabot[bot] in #303
• build(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by @dependabot[bot] in #305
• build(deps): bump golang.org/x/crypto from 0.23.0 to 0.31.0 by @dependabot[bot] in #306
• build(deps): bump alpine from 3.21.0 to 3.21.2 by @dependabot[bot] in #308
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.41.1 to 2.41.2 by @dependabot[bot] in #309
• build(deps): bump golang from 1.23.4 to 1.23.5 by @dependabot[bot] in #311
• build(deps): bump library/golang from 1.23.4-alpine to 1.23.5-alpine by @dependabot[bot] in #310
• build(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by @dependabot[bot] in #313
• build(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 by @dependabot[bot] in #312
• build(deps): bump library/golang from 1.23.5-alpine to 1.23.6-alpine by @dependabot[bot] in #319
• build(deps): bump golang from 1.23.5 to 1.23.6 by @dependabot[bot] in #320
• build(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0 by @dependabot[bot] in #314
• build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 by @dependabot[bot] in #318
• build(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.0 by @dependabot[bot] in #315
• build(deps): bump golangci/golangci-lint-action from 6.3.0 to 6.3.1 by @dependabot[bot] in #321
• build(deps): bump goreleaser/goreleaser-action from 6.1.0 to 6.2.1 by @dependabot[bot] in #323
• build(deps): bump golangci/golangci-lint-action from 6.3.1 to 6.3.2 by @dependabot[bot] in #322
• build(deps): bump golang from 1.23.6 to 1.24.0 by @dependabot[bot] in #324
• build(deps): bump golangci/golangci-lint-action from 6.3.2 to 6.4.0 by @dependabot[bot] in #326
• build(deps): bump library/golang from 1.23.6-alpine to 1.24.0-alpine by @dependabot[bot] in #325
• build(deps): bump alpine from 3.21.2 to 3.21.3 by @dependabot[bot] in #327
• build(deps): bump golangci/golangci-lint-action from 6.4.0 to 6.5.0 by @dependabot[bot] in #328
• build(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 by @dependabot[bot] in #329
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.41.2 to 2.41.3 by @dependabot[bot] in #330
• build(deps): bump library/golang from 1.24.0-alpine to 1.24.1-alpine by @dependabot[bot] in #331
• build(deps): bump golang from 1.24.0 to 1.24.1 by @dependabot[bot] in #332
• build(deps): bump github.com/urfave/cli/v2 from 2.27.5 to 2.27.6 by @dependabot[bot] in #334
• build(deps): bump golang.org/x/sync from 0.11.0 to 0.12.0 by @dependabot[bot] in #333
• release: prefer actions/attest-build-provenance to cosign by @thepwagner in #335
• build(deps): bump actions/attest-build-provenance from 2.2.2 to 2.2.3 by @dependabot[bot] in #336
• build(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 by @dependabot[bot] in #338
• build(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 by @dependabot[bot] in #337
• build(deps): bump docker/login-action from 3.3.0 to 3.4.0 by @dependabot[bot] in #339
• build(deps): bump golangci/golangci-lint-action from 6.5.1 to 6.5.2 by @dependabot[bot] in #340
• build(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by @dependabot[bot] in #341
• build(deps): bump golangci/golangci-lint-action from 6.5.2 to 7.0.0 by @dependabot[bot] in #342
• build(deps): bump goreleaser/goreleaser-action from 6.2.1 to 6.3.0 by @dependabot[bot] in #344
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.41.3 to 2.42.0 by @dependabot[bot] in #343
• build(deps): bump golang from 1.24.1 to 1.24.2 by @dependabot[bot] in #346
• build(deps): bump library/golang from 1.24.1-alpine to 1.24.2-alpine by @dependabot[bot] in #345
• build(deps): bump golang.org/x/sync from 0.12.0 to 0.13.0 by @dependabot[bot] in #347
• build(deps): bump actions/attest-build-provenance from 2.2.3 to 2.3.0 by @dependabot[bot] in #348
• build(deps): bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 by @dependabot[bot] in #349
• Update cla.yml by @thepwagner in #350
• build(deps): bump golang from 1.24.2 to 1.24.3 by @dependabot[bot] in #353
• build(deps): bump library/golang from 1.24.2-alpine to 1.24.3-alpine by @dependabot[bot] in #354
• build(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 by @dependabot[bot] in #352
• the reviewers field in the dependabot.yml file will be removed soon. by @thepwagner in #355
• build(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot[bot] in #356
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.42.0 to 2.42.1 by @dependabot[bot] in #357
• build(deps): bump alpine from 3.21.3 to 3.22.0 by @dependabot[bot] in #358
• build(deps): bump library/golang from 1.24.3-alpine to 1.24.4-alpine by @dependabot[bot] in #361
• build(deps): bump golang from 1.24.3 to 1.24.4 by @dependabot[bot] in #360
• build(deps): bump golang.org/x/sync from 0.14.0 to 0.15.0 by @dependabot[bot] in #359
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.42.1 to 2.43.0 by @dependabot[bot] in #362
• urfave-cli v3 by @thepwagner in #366
• build(deps): bump github.com/cloudflare/circl from 1.6.0 to 1.6.1 by @dependabot[bot] in #363
• build(deps): bump golang from 1.24.4 to 1.24.5 by @dependabot[bot] in #368
• build(deps): bump library/golang from 1.24.4-alpine to 1.24.5-alpine by @dependabot[bot] in #367
• build(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 by @dependabot[bot] in #364
• build(deps): bump golang.org/x/sync from 0.15.0 to 0.16.0 by @dependabot[bot] in #369
• build(deps): bump alpine from 3.22.0 to 3.22.1 by @dependabot[bot] in #370
• build(deps): bump docker/login-action from 3.4.0 to 3.5.0 by @dependabot[bot] in #371
• build(deps): bump library/golang from 1.24.5-alpine to 1.24.6-alpine by @dependabot[bot] in #373
• build(deps): bump golang from 1.24.5 to 1.24.6 by @dependabot[bot] in #372
• build(deps): bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 by @dependabot[bot] in #379
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #374
• build(deps): bump golang from 1.24.6 to 1.25.0 by @dependabot[bot] in #378
• build(deps): bump library/golang from 1.24.6-alpine to 1.25.0-alpine by @dependabot[bot] in #377
• build(deps): bump github.com/urfave/cli/v3 from 3.3.8 to 3.4.1 by @dependabot[bot] in #376
• build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by @dependabot[bot] in #380
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.43.0 to 2.43.1 by @dependabot[bot] in #384
• build(deps): bump actions/attest-build-provenance from 2.4.0 to 3.0.0 by @dependabot[bot] in #383
• build(deps): bump golang.org/x/sync from 0.16.0 to 0.17.0 by @dep...

v0.0.14

What's Changed

• goreleaser: apk+deb too by @thepwagner in #260
• build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #259
• build(deps): bump alpine from 3.20.0 to 3.20.1 by @dependabot in #261
• build(deps): bump library/golang from 1.22.4-alpine to 1.22.5-alpine by @dependabot in #265
• build(deps): bump golang from 1.22.4 to 1.22.5 by @dependabot in #264
• build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 by @dependabot in #267
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.37.1 to 2.38.0 by @dependabot in #266
• build(deps): bump alpine from 3.20.1 to 3.20.2 by @dependabot in #269
• build(deps): bump docker/login-action from 3.2.0 to 3.3.0 by @dependabot in #268
• build(deps): bump github.com/urfave/cli/v2 from 2.27.2 to 2.27.3 by @dependabot in #270
• build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by @dependabot in #271
• build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 by @dependabot in #272
• build(deps): bump golang from 1.22.5 to 1.22.6 by @dependabot in #273
• build(deps): bump library/golang from 1.22.5-alpine to 1.22.6-alpine by @dependabot in #274
• build(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @dependabot in #275
• build(deps): bump github.com/urfave/cli/v2 from 2.27.3 to 2.27.4 by @dependabot in #276
• build(deps): bump library/golang from 1.22.6-alpine to 1.23.0-alpine by @dependabot in #278
• build(deps): bump golang from 1.22.6 to 1.23.0 by @dependabot in #277
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.38.0 to 2.39.0 by @dependabot in #279
• build(deps): bump library/golang from 1.23.0-alpine to 1.23.1-alpine by @dependabot in #282
• build(deps): bump alpine from 3.20.2 to 3.20.3 by @dependabot in #280
• build(deps): bump golang from 1.23.0 to 1.23.1 by @dependabot in #281
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.39.0 to 2.40.0 by @dependabot in #283
• build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in #284
• build(deps): bump golang from 1.23.1 to 1.23.2 by @dependabot in #285
• build(deps): bump library/golang from 1.23.1-alpine to 1.23.2-alpine by @dependabot in #286
• build(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @dependabot in #288
• build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @dependabot in #287
• build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in #289
• build(deps): bump github.com/urfave/cli/v2 from 2.27.4 to 2.27.5 by @dependabot in #290
• build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by @dependabot in #292
• build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in #291
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.40.0 to 2.41.0 by @dependabot in #293
• build(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 by @dependabot in #297
• build(deps): bump library/golang from 1.23.2-alpine to 1.23.3-alpine by @dependabot in #296
• build(deps): bump golang from 1.23.2 to 1.23.3 by @dependabot in #295
• build(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 by @dependabot in #294
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.41.0 to 2.41.1 by @dependabot in #299
• build(deps): bump alpine from beefdbd to 1e42bbe by @dependabot in #298

Full Changelog: v0.0.13...v0.0.14

v0.0.13

What's Changed

• build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #238
• build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in #239
• build(deps): bump github.com/urfave/cli/v2 from 2.27.1 to 2.27.2 by @dependabot in #240
• build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.1.0 by @dependabot in #241
• build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #242
• build(deps): bump golangci/golangci-lint-action from 5.1.0 to 5.3.0 by @dependabot in #243
• build(deps): bump library/golang from 1.22.2-alpine to 1.22.3-alpine by @dependabot in #247
• build(deps): bump golang from 1.22.2 to 1.22.3 by @dependabot in #246
• build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in #245
• build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @dependabot in #248
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.36.1 to 2.37.0 by @dependabot in #249
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.37.0 to 2.37.1 by @dependabot in #250
• build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 by @dependabot in #251
• shopify-suggested edits by @thepwagner in #252
• build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in #253
• build(deps): bump alpine from 3.19.1 to 3.20.0 by @dependabot in #254
• build(deps): bump docker/login-action from 3.1.0 to 3.2.0 by @dependabot in #255
• build(deps): bump library/golang from 1.22.3-alpine to 1.22.4-alpine by @dependabot in #257
• build(deps): bump golang from 1.22.3 to 1.22.4 by @dependabot in #256
• build(deps): bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by @dependabot in #258

The goreleaser bump is why I'm shipping this now: I want to verify those changes.

Full Changelog: v0.0.12...v0.0.13

v0.0.12

Clears CVE-2023-45288 from your scanner.

What's Changed

• build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #229
• build(deps): bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #230
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.35.3 to 2.36.1 by @dependabot in #231
• build(deps): bump golang from 1.22.1 to 1.22.2 by @dependabot in #233
• build(deps): bump library/golang from 1.22.1-alpine to 1.22.2-alpine by @dependabot in #232
• build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 by @dependabot in #234
• build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #235
• build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #237
• build(deps): bump golang.org/x/net from 0.19.0 to 0.23.0 by @dependabot in #236

Full Changelog: v0.0.11...v0.0.12

v0.0.11

What's Changed

• build(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 by @dependabot in #148
• build(deps): bump alpine from 3.18.0 to 3.18.2 by @dependabot in #147
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.30.1 to 2.31.0 by @dependabot in #151
• build(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.1 by @dependabot in #152
• build(deps): bump github.com/urfave/cli/v2 from 2.25.6 to 2.25.7 by @dependabot in #149
• build(deps): bump library/golang from 1.20.5-alpine to 1.20.6-alpine by @dependabot in #154
• build(deps): bump golang from 1.20.5 to 1.20.6 by @dependabot in #153
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.31.0 to 2.32.0 by @dependabot in #155
• scorecard workflow by @thepwagner in #156
• cla: via shared workflow by @thepwagner in #157
• release: shift permissions to job by @thepwagner in #161
• README: add scorecard badge by @thepwagner in #160
• Create CODEOWNERS by @thepwagner in #159
• build(deps): bump github.com/rs/zerolog from 1.29.1 to 1.30.0 by @dependabot in #162
• build(deps): bump library/golang from 1.20.6-alpine to 1.20.7-alpine by @dependabot in #164
• build(deps): bump golang from 1.20.6 to 1.20.7 by @dependabot in #163
• build(deps): bump alpine from 3.18.2 to 3.18.3 by @dependabot in #165
• build(deps): bump library/golang from 1.20.7-alpine to 1.21.0-alpine by @dependabot in #168
• build(deps): bump golang from 1.20.7 to 1.21.0 by @dependabot in #167
• build(deps): bump actions/setup-go from 4.0.1 to 4.1.0 by @dependabot in #166
• build(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 by @dependabot in #169
• build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @dependabot in #170
• build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in #171
• build(deps): bump sigstore/cosign-installer from 3.1.1 to 3.1.2 by @dependabot in #172
• build(deps): bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in #173
• build(deps): bump golang from 1.21.0 to 1.21.1 by @dependabot in #176
• build(deps): bump library/golang from 1.21.0-alpine to 1.21.1-alpine by @dependabot in #175
• build(deps): bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 by @dependabot in #174
• build(deps): bump docker/login-action from 2.2.0 to 3.0.0 by @dependabot in #178
• build(deps): bump goreleaser/goreleaser-action from 4.6.0 to 5.0.0 by @dependabot in #177
• build(deps): bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in #181
• build(deps): bump github.com/rs/zerolog from 1.30.0 to 1.31.0 by @dependabot in #182
• build(deps): bump alpine from 3.18.3 to 3.18.4 by @dependabot in #183
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.32.0 to 2.33.1 by @dependabot in #180
• build(deps): bump library/golang from 1.21.1-alpine to 1.21.3-alpine by @dependabot in #188
• build(deps): bump golang from 1.21.1 to 1.21.3 by @dependabot in #187
• build(deps): bump golang.org/x/sync from 0.3.0 to 0.4.0 by @dependabot in #186
• build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 by @dependabot in #189
• build(deps): bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in #191
• build(deps): bump github.com/go-logr/logr from 1.2.4 to 1.3.0 by @dependabot in #193
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.33.1 to 2.34.0 by @dependabot in #192
• build(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 by @dependabot in #194
• build(deps): bump library/golang from 1.21.3-alpine to 1.21.4-alpine by @dependabot in #197
• build(deps): bump golang from 1.21.3 to 1.21.4 by @dependabot in #196
• build(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 by @dependabot in #195
• golang1.21 + slog by @thepwagner in #198
• build(deps): bump alpine from 3.18.4 to 3.18.5 by @dependabot in #200
• build(deps): bump Shopify/github-workflows from 0.0.6 to 0.1.0 by @dependabot in #199
• Remove scorecard workflow by @thepwagner in #190
• build(deps): bump github.com/urfave/cli/v2 from 2.25.7 to 2.26.0 by @dependabot in #201
• build(deps): bump Shopify/github-workflows from 0.1.0 to 0.2.0 by @dependabot in #204
• build(deps): bump golang from 1.21.4 to 1.21.5 by @dependabot in #203
• build(deps): bump library/golang from 1.21.4-alpine to 1.21.5-alpine by @dependabot in #202
• build(deps): bump alpine from 3.18.5 to 3.19.0 by @dependabot in #206
• build(deps): bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #205
• build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 by @dependabot in #207
• build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #208
• build(deps): bump github.com/urfave/cli/v2 from 2.26.0 to 2.27.1 by @dependabot in #213
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.34.0 to 2.35.1 by @dependabot in #211
• build(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.11.0 by @dependabot in #212
• build(deps): bump golang.org/x/sync from 0.5.0 to 0.6.0 by @dependabot in #215
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.35.1 to 2.35.2 by @dependabot in #214
• build(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 by @dependabot in #216
• build(deps): bump library/golang from 1.21.5-alpine to 1.21.6-alpine by @dependabot in #218
• build(deps): bump golang from 1.21.5 to 1.21.6 by @dependabot in #217
• ci: Use GITHUB_OUTPUT envvar instead of set-output command by @arunsathiya in #219
• build(deps): bump alpine from 3.19.0 to 3.19.1 by @dependabot in #220
• build(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #221
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.35.2 to 2.35.3 by @dependabot in #222
• build(deps): bump library/golang from 1.21.6-alpine to 1.22.0-alpine by @dependabot in #224
• build(deps): bump golang from 1.21.6 to 1.22.0 by @dependabot in #223
• build(deps): bump golangci/golangci-lint-action from 3.7.0 to 3.7.1 by @dependabot in #225
• build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #226
• build(deps): bump golang from 1.22.0 to 1.22.1 by @dependabot in #228
• build(deps): bump library/golang from 1.22.0-alpine to 1.22.1-alpine by @dependabot in #227

New Contributors

• @arunsathiya made their first contribution in #219

Full Changelog: v0.0.10...v0.0.11

v0.0.10

The previous build hits for GHSA-w7jw-q4fg-qc4c .
This isn't a practical concern, but since our goal is to decorate SBOMs - we should strive to not produce additional noise.

What's Changed

• build(deps): bump golang from 1.20.1 to 1.20.2 by @dependabot in #106
• build(deps): bump library/golang from 1.20.1-alpine to 1.20.2-alpine by @dependabot in #105
• build(deps): bump actions/checkout from 3.3.0 to 3.4.0 by @dependabot in #108
• build(deps): bump actions/setup-go from 3.5.0 to 4.0.0 by @dependabot in #109
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.26.0 to 2.27.1 by @dependabot in #110
• build(deps): bump actions/checkout from 3.4.0 to 3.5.0 by @dependabot in #111
• build(deps): bump github.com/urfave/cli/v2 from 2.25.0 to 2.25.1 by @dependabot in #112
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.27.1 to 2.28.0 by @dependabot in #117
• build(deps): bump golang from 1.20.2 to 1.20.3 by @dependabot in #116
• build(deps): bump library/golang from 1.20.2-alpine to 1.20.3-alpine by @dependabot in #115
• build(deps): bump alpine from 3.17.2 to 3.17.3 by @dependabot in #113
• build(deps): bump github.com/go-logr/logr from 1.2.3 to 1.2.4 by @dependabot in #114
• build(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.2 by @dependabot in #118
• build(deps): bump actions/checkout from 3.5.0 to 3.5.1 by @dependabot in #119
• build(deps): bump actions/checkout from 3.5.1 to 3.5.2 by @dependabot in #121
• build(deps): bump github.com/rs/zerolog from 1.29.0 to 1.29.1 by @dependabot in #120
• build(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.3 by @dependabot in #122
• build(deps): bump github.com/urfave/cli/v2 from 2.25.1 to 2.25.2 by @dependabot in #123
• build(deps): bump library/golang from 1.20.3-alpine to 1.20.4-alpine by @dependabot in #126
• build(deps): bump golang from 1.20.3 to 1.20.4 by @dependabot in #125
• build(deps): bump github.com/urfave/cli/v2 from 2.25.2 to 2.25.3 by @dependabot in #124
• build(deps): bump alpine from 3.17.3 to 3.18.0 by @dependabot in #128
• build(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0 by @dependabot in #127
• build(deps): bump actions/setup-go from 4.0.0 to 4.0.1 by @dependabot in #129
• build(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 by @dependabot in #130
• build(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 by @dependabot in #131
• build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by @dependabot in #132
• build(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by @dependabot in #136
• build(deps): bump library/golang from 1.20.4-alpine to 1.20.5-alpine by @dependabot in #140
• build(deps): bump golang from 1.20.4 to 1.20.5 by @dependabot in #139
• build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 by @dependabot in #137
• build(deps): bump github.com/goreleaser/nfpm/v2 from 2.28.0 to 2.30.1 by @dependabot in #141
• build(deps): bump github.com/urfave/cli/v2 from 2.25.3 to 2.25.5 by @dependabot in #135
• build(deps): bump docker/login-action from 2.1.0 to 2.2.0 by @dependabot in #142
• build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 by @dependabot in #146
• build(deps): bump github.com/urfave/cli/v2 from 2.25.5 to 2.25.6 by @dependabot in #144
• build(deps): bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #143
• build(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 by @dependabot in #145

Full Changelog: v0.0.9...v0.0.10

v0.0.9

What's Changed

• dependabot: github-actions too by @thepwagner in #74
• Bump golangci/golangci-lint-action from 3.2.0 to 3.3.1 by @dependabot in #75
• Bump actions/checkout from 3.0.2 to 3.3.0 by @dependabot in #78
• Bump docker/login-action from 2.0.0 to 2.1.0 by @dependabot in #76
• Bump goreleaser/goreleaser-action from 2.9.1 to 4.1.0 by @dependabot in #79
• Bump github.com/urfave/cli/v2 from 2.23.7 to 2.24.1 by @dependabot in #80
• Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 by @dependabot in #82
• Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1 by @dependabot in #85
• Bump github.com/rs/zerolog from 1.28.0 to 1.29.0 by @dependabot in #83
• Bump github.com/urfave/cli/v2 from 2.24.1 to 2.24.2 by @dependabot in #84
• Bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0 by @dependabot in #86
• Bump golang from 1.19.5 to 1.20.0 by @dependabot in #88
• Bump github.com/go-logr/zerologr from 1.2.2 to 1.2.3 by @dependabot in #87
• Bump github.com/urfave/cli/v2 from 2.24.2 to 2.24.3 by @dependabot in #91
• Bump alpine from 3.17.1 to 3.17.2 by @dependabot in #93
• Bump actions/setup-go from 3.0.0 to 3.5.0 by @dependabot in #77
• Bump library/golang from 1.19.5-alpine to 1.20.0-alpine by @dependabot in #90
• Bump github.com/goreleaser/nfpm/v2 from 2.23.0 to 2.26.0 by @dependabot in #94
• build(deps): bump library/golang from 1.20.0-alpine to 1.20.1-alpine by @dependabot in #96
• build(deps): bump golang from 1.20.0 to 1.20.1 by @dependabot in #95
• build(deps): bump github.com/urfave/cli/v2 from 2.24.3 to 2.24.4 by @dependabot in #97
• build(deps): bump golang.org/x/net from 0.4.0 to 0.7.0 by @dependabot in #98
• build(deps): bump golang.org/x/sync from 0.0.0-20210220032951-036812b2e83c to 0.1.0 by @dependabot in #99
• build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 by @dependabot in #100
• build(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 by @dependabot in #101
• build(deps): bump github.com/urfave/cli/v2 from 2.24.4 to 2.25.0 by @dependabot in #102
• sign-blob -y by @thepwagner in #103
• cosign sign -y by @thepwagner in #104

Full Changelog: v0.0.8...v0.0.9

v0.0.8

What's Changed

• Bump github.com/goreleaser/nfpm/v2 from 2.22.0 to 2.22.1 by @dependabot in #63
• Bump alpine from 3.16.3 to 3.17.0 by @dependabot in #64
• Bump github.com/goreleaser/nfpm/v2 from 2.22.1 to 2.22.2 by @dependabot in #65
• Bump library/golang from 1.19.3-alpine to 1.19.4-alpine by @dependabot in #68
• Bump golang from 1.19.3 to 1.19.4 by @dependabot in #67
• Bump github.com/urfave/cli/v2 from 2.23.5 to 2.23.6 by @dependabot in #66
• Bump github.com/urfave/cli/v2 from 2.23.6 to 2.23.7 by @dependabot in #69
• Bump github.com/goreleaser/nfpm/v2 from 2.22.2 to 2.23.0 by @dependabot in #70
• Bump alpine from 3.17.0 to 3.17.1 by @dependabot in #71
• Bump library/golang from 1.19.4-alpine to 1.19.5-alpine by @dependabot in #73
• Bump golang from 1.19.4 to 1.19.5 by @dependabot in #72

Full Changelog: v0.0.7...v0.0.8

v0.0.7

What's Changed

• Bump github.com/urfave/cli/v2 from 2.11.2 to 2.14.1 by @dependabot in #39
• Bump library/golang from 1.19.0-alpine to 1.19.1-alpine by @dependabot in #41
• Bump golang from 1.19.0 to 1.19.1 by @dependabot in #40
• Bump github.com/urfave/cli/v2 from 2.14.1 to 2.16.2 by @dependabot in #42
• Bump github.com/urfave/cli/v2 from 2.16.2 to 2.16.3 by @dependabot in #43
• Bump github.com/goreleaser/nfpm/v2 from 2.18.1 to 2.19.1 by @dependabot in #44
• Bump github.com/urfave/cli/v2 from 2.16.3 to 2.17.1 by @dependabot in #45
• Bump github.com/goreleaser/nfpm/v2 from 2.19.1 to 2.19.2 by @dependabot in #46
• Bump library/golang from 1.19.1-alpine to 1.19.2-alpine by @dependabot in #48
• Bump golang from 1.19.1 to 1.19.2 by @dependabot in #47
• Bump github.com/urfave/cli/v2 from 2.17.1 to 2.19.2 by @dependabot in #49
• Bump github.com/goreleaser/nfpm/v2 from 2.19.2 to 2.20.0 by @dependabot in #51
• Bump github.com/urfave/cli/v2 from 2.19.2 to 2.20.2 by @dependabot in #50
• Bump github.com/urfave/cli/v2 from 2.20.2 to 2.20.3 by @dependabot in #53
• Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 by @dependabot in #52
• Bump github.com/urfave/cli/v2 from 2.20.3 to 2.23.0 by @dependabot in #54
• Bump golang from 1.19.2 to 1.19.3 by @dependabot in #56
• Bump library/golang from 1.19.2-alpine to 1.19.3-alpine by @dependabot in #55
• Bump github.com/goreleaser/nfpm/v2 from 2.20.0 to 2.21.0 by @dependabot in #57
• Bump github.com/urfave/cli/v2 from 2.23.0 to 2.23.2 by @dependabot in #58
• Bump github.com/urfave/cli/v2 from 2.23.2 to 2.23.5 by @dependabot in #59
• Bump github.com/goreleaser/nfpm/v2 from 2.21.0 to 2.22.0 by @dependabot in #62
• Bump alpine from 3.16.2 to 3.16.3 by @dependabot in #61

Thanks Dependabot! 🤩

Full Changelog: v0.0.6...v0.0.7

v0.0.6

What's Changed

• Migrate off probot-CLA to new GitHub Action by @cursedcoder in #26
• Bump github.com/urfave/cli/v2 from 2.11.0 to 2.11.1 by @dependabot in #28
• Bump github.com/goreleaser/nfpm/v2 from 2.16.0 to 2.17.0 by @dependabot in #29
• Bump golang from 1.18.4 to 1.18.5 by @dependabot in #30
• Bump library/golang from 1.18.5-alpine to 1.19.0-alpine by @dependabot in #32
• Bump golang from 1.18.5 to 1.19.0 by @dependabot in #31
• Bump alpine from 3.16.1 to 3.16.2 by @dependabot in #33
• Bump github.com/urfave/cli/v2 from 2.11.1 to 2.11.2 by @dependabot in #34
• Bump github.com/goreleaser/nfpm/v2 from 2.17.0 to 2.18.0 by @dependabot in #35
• Bump github.com/goreleaser/nfpm/v2 from 2.18.0 to 2.18.1 by @dependabot in #36
• Bump github.com/rs/zerolog from 1.27.0 to 1.28.0 by @dependabot in #37

New Contributors

• @cursedcoder made their first contribution in #26

Full Changelog: v0.0.5...v0.0.6

The v0.0.5 image is getting noisy:

Pre: v0.0.5

ghcr.io/shopify/hansel:0.0.5 (alpine 3.16.1)

Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1)

┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Installed Version │ Fixed Version │                           Title                           │
├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────────┤
│ zlib    │ CVE-2022-37434 │ CRITICAL │ 1.2.12-r1         │ 1.2.12-r2     │ zlib: a heap-based buffer over-read or buffer overflow in │
│         │                │          │                   │               │ inflate in inflate.c...                                   │
│         │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-37434                │
└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────────┘

usr/bin/hansel (gobinary)

Total: 4 (UNKNOWN: 1, LOW: 0, MEDIUM: 1, HIGH: 2, CRITICAL: 0)

┌─────────────────────┬─────────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬────────────────────────────────────────────────────────────┐
│       Library       │    Vulnerability    │ Severity │         Installed Version          │           Fixed Version           │                           Title                            │
├─────────────────────┼─────────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/crypto │ CVE-2022-27191      │ HIGH     │ v0.0.0-20211215165025-cf75a172585e │ 0.0.0-20220314234659-1baeb1ce4c0b │ golang: crash in a golang.org/x/crypto/ssh server          │
│                     │                     │          │                                    │                                   │ https://avd.aquasec.com/nvd/cve-2022-27191                 │
│                     ├─────────────────────┼──────────┤                                    │                                   ├────────────────────────────────────────────────────────────┤
│                     │ GHSA-8c26-wmh5-6g9v │ UNKNOWN  │                                    │                                   │ Attackers can cause a crash in SSH servers when the server │
│                     │                     │          │                                    │                                   │ has...                                                     │
│                     │                     │          │                                    │                                   │ https://github.com/advisories/GHSA-8c26-wmh5-6g9v          │
├─────────────────────┼─────────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/net    │ CVE-2021-44716      │ HIGH     │ v0.0.0-20211007125505-59d4e928ea9d │ 0.0.0-20211209124913-491a49abca63 │ golang: net/http: limit growth of header canonicalization  │
│                     │                     │          │                                    │                                   │ cache                                                      │
│                     │                     │          │                                    │                                   │ https://avd.aquasec.com/nvd/cve-2021-44716                 │
├─────────────────────┼─────────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/sys    │ CVE-2022-29526      │ MEDIUM   │ v0.0.0-20211205182925-97ca703d548d │ 0.0.0-20220412211240-33da011f77ad │ golang: syscall: faccessat checks wrong group              │
│                     │                     │          │                                    │                                   │ https://avd.aquasec.com/nvd/cve-2022-29526                 │
└─────────────────────┴─────────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴────────────────────────────────────────────────────────────┘

Post: v0.0.6-rc

ghcr.io/shopify/hansel:0.0.5-SNAPSHOT-30c48cb-amd64 (alpine 3.16.2)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)