Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package melange for openSUSE:Factory checked
in at 2025-03-17 22:17:40
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/melange (Old)
and /work/SRC/openSUSE:Factory/.melange.new.19136 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "melange"
Mon Mar 17 22:17:40 2025 rev:70 rq:1253597 version:0.23.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/melange/melange.changes 2025-03-10
19:07:21.286677145 +0100
+++ /work/SRC/openSUSE:Factory/.melange.new.19136/melange.changes
2025-03-17 22:21:39.032648106 +0100
@@ -1,0 +2,18 @@
+Mon Mar 17 06:01:03 UTC 2025 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 0.23.0:
+ * fix(sca): Don't generate dependency on luajit (#1854)
+ * Persist workspace filesystem throughout package builds (#1836)
+ * build(deps): bump cloud.google.com/go/storage from 1.50.0 to
+ 1.51.0 (#1855)
+ * build(deps): bump mvdan.cc/sh/v3 from 3.10.0 to 3.11.0 (#1847)
+ * build(deps): bump google.golang.org/api from 0.223.0 to 0.225.0
+ (#1853)
+ * build(deps): bump the gomod group with 8 updates (#1851)
+ * build(deps): bump
+ go.opentelemetry.io/otel/exporters/stdout/stdouttrace (#1846)
+ * linter: update usrmerge and make it required (#1839)
+ * feat: store --namespace as APK maintainer field (#1751)
+ * Expand the sample yaml in README (#1838)
+
+-------------------------------------------------------------------
Old:
----
melange-0.22.2.obscpio
New:
----
melange-0.23.0.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ melange.spec ++++++
--- /var/tmp/diff_new_pack.SXFKG6/_old 2025-03-17 22:21:39.672674841 +0100
+++ /var/tmp/diff_new_pack.SXFKG6/_new 2025-03-17 22:21:39.672674841 +0100
@@ -17,7 +17,7 @@
Name: melange
-Version: 0.22.2
+Version: 0.23.0
Release: 0
Summary: Build APKs from source code
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.SXFKG6/_old 2025-03-17 22:21:39.704676177 +0100
+++ /var/tmp/diff_new_pack.SXFKG6/_new 2025-03-17 22:21:39.708676344 +0100
@@ -3,7 +3,7 @@
<param name="url">https://github.com/chainguard-dev/melange</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.22.2</param>
+ <param name="revision">v0.23.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.SXFKG6/_old 2025-03-17 22:21:39.728677179 +0100
+++ /var/tmp/diff_new_pack.SXFKG6/_new 2025-03-17 22:21:39.732677347 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/chainguard-dev/melange</param>
- <param
name="changesrevision">3e035809d17ac5761e3c3be0cd8b8916c748c299</param></service></servicedata>
+ <param
name="changesrevision">2c649a99da753b84563ce8e4c3f4c5ae868d5f3f</param></service></servicedata>
(No newline at EOF)
++++++ melange-0.22.2.obscpio -> melange-0.23.0.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/melange-0.22.2/.github/workflows/wolfi-presubmit.yaml
new/melange-0.23.0/.github/workflows/wolfi-presubmit.yaml
--- old/melange-0.22.2/.github/workflows/wolfi-presubmit.yaml 2025-03-06
21:10:51.000000000 +0100
+++ new/melange-0.23.0/.github/workflows/wolfi-presubmit.yaml 2025-03-14
16:07:29.000000000 +0100
@@ -70,6 +70,7 @@
- s3cmd
- perl-yaml-syck
- ncurses
+ - fping
# TODO: https://github.com/wolfi-dev/os/issues/26442
#- xmlto
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/README.md new/melange-0.23.0/README.md
--- old/melange-0.22.2/README.md 2025-03-06 21:10:51.000000000 +0100
+++ new/melange-0.23.0/README.md 2025-03-14 16:07:29.000000000 +0100
@@ -94,6 +94,28 @@
- uses: autoconf/make
- uses: autoconf/make-install
- uses: strip
+
+subpackages:
+ - name: "hello-doc"
+ description: "Documentation for hello"
+ dependencies:
+ runtime:
+ - foo
+ pipeline:
+ - uses: split/manpages
+ test:
+ pipeline:
+ - uses: test/docs
+
+test:
+ environment:
+ contents:
+ packages:
+ - bar
+ pipeline:
+ - runs: |
+ hello
+ hello --version
```
We can build this with:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/docs/md/melange_build.md
new/melange-0.23.0/docs/md/melange_build.md
--- old/melange-0.22.2/docs/md/melange_build.md 2025-03-06 21:10:51.000000000
+0100
+++ new/melange-0.23.0/docs/md/melange_build.md 2025-03-14 16:07:29.000000000
+0100
@@ -53,8 +53,8 @@
-i, --interactive when enabled,
attaches stdin with a tty to the pod on failure
-k, --keyring-append strings path to extra
keys to include in the build environment keyring
--license string license to use
for the build config file itself (default "NOASSERTION")
- --lint-require strings linters that
must pass (default [dev,infodir,tempdir,varempty])
- --lint-warn strings linters that
will generate warnings (default
[lddcheck,object,opt,pkgconf,python/docs,python/multiple,python/test,setuidgid,srv,strip,usrlocal,usrmerge,worldwrite])
+ --lint-require strings linters that
must pass (default [dev,infodir,tempdir,usrmerge,varempty])
+ --lint-warn strings linters that
will generate warnings (default
[lddcheck,object,opt,pkgconf,python/docs,python/multiple,python/test,setuidgid,srv,strip,usrlocal,worldwrite])
--memory string default memory
resources to use for builds
--namespace string namespace to
use in package URLs in SBOM (eg wolfi, alpine) (default "unknown")
--out-dir string directory
where packages will be output (default "./packages/")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/docs/md/melange_lint.md
new/melange-0.23.0/docs/md/melange_lint.md
--- old/melange-0.22.2/docs/md/melange_lint.md 2025-03-06 21:10:51.000000000
+0100
+++ new/melange-0.23.0/docs/md/melange_lint.md 2025-03-14 16:07:29.000000000
+0100
@@ -29,8 +29,8 @@
```
-h, --help help for lint
- --lint-require strings linters that must pass (default
[dev,infodir,tempdir,varempty])
- --lint-warn strings linters that will generate warnings (default
[lddcheck,object,opt,pkgconf,python/docs,python/multiple,python/test,setuidgid,srv,strip,usrlocal,usrmerge,worldwrite])
+ --lint-require strings linters that must pass (default
[dev,infodir,tempdir,usrmerge,varempty])
+ --lint-warn strings linters that will generate warnings (default
[lddcheck,object,opt,pkgconf,python/docs,python/multiple,python/test,setuidgid,srv,strip,usrlocal,worldwrite])
```
### Options inherited from parent commands
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/e2e-tests/ipset-build-test.yaml
new/melange-0.23.0/e2e-tests/ipset-build-test.yaml
--- old/melange-0.22.2/e2e-tests/ipset-build-test.yaml 1970-01-01
01:00:00.000000000 +0100
+++ new/melange-0.23.0/e2e-tests/ipset-build-test.yaml 2025-03-14
16:07:29.000000000 +0100
@@ -0,0 +1,90 @@
+package:
+ name: ipset
+ version: "7.22"
+ epoch: 3
+ description: Manage Linux IP sets
+ copyright:
+ - license: GPL-2.0-only
+
+environment:
+ contents:
+ packages:
+ - autoconf
+ - automake
+ - build-base
+ - busybox
+ - ca-certificates-bundle
+ - libmnl-dev
+ - libtool
+ - linux-headers
+ - pkgconf-dev
+
+pipeline:
+ - uses: git-checkout
+ with:
+ repository: https://git.netfilter.org/ipset
+ tag: v${{package.version}}
+ expected-commit: a50abde9c959be364782c01c61429a951454f5ef
+ depth: "-1"
+
+ - runs: |
+ ./autogen.sh
+
+ - uses: autoconf/configure
+ with:
+ opts: |
+ --build=${{host.triplet.gnu}} \
+ --host=${{host.triplet.gnu}} \
+ --with-kmod=no \
+ --prefix=/usr
+
+ - uses: autoconf/make
+
+ - uses: autoconf/make-install
+
+ - uses: strip
+
+subpackages:
+ - name: ipset-dev
+ pipeline:
+ - uses: split/dev
+ dependencies:
+ runtime:
+ - ipset
+ description: ipset dev
+ test:
+ environment:
+ contents:
+ packages:
+ - busybox
+ pipeline:
+ - runs: |
+ test -e /usr/include/libipset/ipset.h
+ test -s /usr/include/libipset/ipset.h
+ - name: ipset-doc
+ pipeline:
+ - uses: split/manpages
+ description: ipset manpages
+ test:
+ environment:
+ contents:
+ packages:
+ - busybox
+ pipeline:
+ - runs: |
+ man ipset | head -n 10
+
+update:
+ enabled: true
+ release-monitor:
+ identifier: 1393
+
+test:
+ environment:
+ contents:
+ packages:
+ - busybox
+ pipeline:
+ - runs: |
+ ipset --help
+ ipset-translate --help
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/go.mod new/melange-0.23.0/go.mod
--- old/melange-0.22.2/go.mod 2025-03-06 21:10:51.000000000 +0100
+++ new/melange-0.23.0/go.mod 2025-03-14 16:07:29.000000000 +0100
@@ -3,13 +3,13 @@
go 1.23.4
require (
- chainguard.dev/apko v0.25.2-0.20250225192758-581904a29f4a
- cloud.google.com/go/storage v1.50.0
- dagger.io/dagger v0.16.2
- github.com/chainguard-dev/clog v1.6.1
+ chainguard.dev/apko v0.25.4
+ cloud.google.com/go/storage v1.51.0
+ dagger.io/dagger v0.16.3
+ github.com/chainguard-dev/clog v1.7.0
github.com/chainguard-dev/go-pkgconfig
v0.0.0-20240404163941-6351b37b2a10
github.com/chainguard-dev/yam v0.2.10
- github.com/charmbracelet/log v0.4.0
+ github.com/charmbracelet/log v0.4.1
github.com/docker/cli v28.0.1+incompatible
github.com/docker/docker v28.0.1+incompatible
github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936
@@ -36,20 +36,19 @@
github.com/yookoala/realpath v1.0.0
github.com/zealic/xignore v0.3.3
gitlab.alpinelinux.org/alpine/go v0.10.1
- go.opentelemetry.io/otel v1.34.0
- go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.34.0
- go.opentelemetry.io/otel/sdk v1.34.0
- golang.org/x/crypto v0.35.0
+ go.opentelemetry.io/otel v1.35.0
+ go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.35.0
+ go.opentelemetry.io/otel/sdk v1.35.0
+ golang.org/x/crypto v0.36.0
golang.org/x/exp v0.0.0-20250218142911-aa4b98e5adaa
- golang.org/x/sync v0.11.0
- golang.org/x/sys v0.30.0
- golang.org/x/text v0.22.0
- golang.org/x/time v0.10.0
- google.golang.org/api v0.223.0
+ golang.org/x/sync v0.12.0
+ golang.org/x/text v0.23.0
+ golang.org/x/time v0.11.0
+ google.golang.org/api v0.225.0
gopkg.in/ini.v1 v1.67.0
gopkg.in/yaml.v3 v3.0.1
k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f
- mvdan.cc/sh/v3 v3.10.0
+ mvdan.cc/sh/v3 v3.11.0
sigs.k8s.io/release-utils v0.11.0
sigs.k8s.io/yaml v1.4.0
)
@@ -60,21 +59,21 @@
)
require (
- cel.dev/expr v0.19.0 // indirect
+ cel.dev/expr v0.19.2 // indirect
chainguard.dev/go-grpc-kit v0.17.7 // indirect
chainguard.dev/sdk v0.1.31 // indirect
- cloud.google.com/go v0.116.0 // indirect
+ cloud.google.com/go v0.118.3 // indirect
cloud.google.com/go/auth v0.15.0 // indirect
cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
cloud.google.com/go/compute/metadata v0.6.0 // indirect
- cloud.google.com/go/iam v1.2.2 // indirect
- cloud.google.com/go/monitoring v1.21.2 // indirect
+ cloud.google.com/go/iam v1.4.1 // indirect
+ cloud.google.com/go/monitoring v1.24.0 // indirect
filippo.io/edwards25519 v1.1.0 // indirect
github.com/99designs/gqlgen v0.17.66 // indirect
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c //
indirect
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp
v1.25.0 // indirect
-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric
v0.48.1 // indirect
-
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping
v0.48.1 // indirect
+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric
v0.51.0 // indirect
+
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping
v0.51.0 // indirect
github.com/Khan/genqlient v0.8.0 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/ProtonMail/go-crypto v1.1.5 // indirect
@@ -86,13 +85,12 @@
github.com/blang/semver v3.5.1+incompatible // indirect
github.com/buger/jsonparser v1.1.1 // indirect
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
- github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/chainguard-dev/git-urls v1.0.2 // indirect
github.com/charmbracelet/lipgloss v1.0.0 // indirect
github.com/charmbracelet/x/ansi v0.8.0 // indirect
github.com/cloudflare/circl v1.6.0 // indirect
- github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect
+ github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42 // indirect
github.com/common-nighthawk/go-figure
v0.0.0-20210622060536-734e95fb86be // indirect
github.com/containerd/containerd/v2 v2.0.2 // indirect
github.com/containerd/log v0.1.0 // indirect
@@ -107,8 +105,8 @@
github.com/docker/go-connections v0.5.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/emirpasic/gods v1.18.1 // indirect
- github.com/envoyproxy/go-control-plane v0.13.1 // indirect
- github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
+ github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect
+ github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-chi/chi v4.1.2+incompatible // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
@@ -134,7 +132,7 @@
github.com/google/s2a-go v0.1.9 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/google/uuid v1.6.0 // indirect
- github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
+ github.com/googleapis/enterprise-certificate-proxy v0.3.5 // indirect
github.com/googleapis/gax-go/v2 v2.14.1 // indirect
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
github.com/grpc-ecosystem/go-grpc-prometheus
v1.2.1-0.20210315223345-82c243799c99 // indirect
@@ -156,7 +154,6 @@
github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c
// indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/term v0.5.2 // indirect
- github.com/muesli/cancelreader v0.2.2 // indirect
github.com/muesli/termenv v0.16.0 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 //
indirect
github.com/oklog/ulid v1.3.1 // indirect
@@ -189,14 +186,13 @@
github.com/u-root/u-root v0.14.0 // indirect
github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 // indirect
github.com/vbatts/tar-split v0.12.1 // indirect
- github.com/vektah/gqlparser/v2 v2.5.22 // indirect
+ github.com/vektah/gqlparser/v2 v2.5.23 // indirect
github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
go.lsp.dev/uri v0.3.0 // indirect
go.mongodb.org/mongo-driver v1.17.3 // indirect
- go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
- go.opentelemetry.io/contrib/detectors/gcp v1.32.0 // indirect
+ go.opentelemetry.io/contrib/detectors/gcp v1.34.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
v0.59.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0
// indirect
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 //
indirect
@@ -207,24 +203,25 @@
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0
// indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0
// indirect
go.opentelemetry.io/otel/log v0.8.0 // indirect
- go.opentelemetry.io/otel/metric v1.34.0 // indirect
+ go.opentelemetry.io/otel/metric v1.35.0 // indirect
go.opentelemetry.io/otel/sdk/log v0.8.0 // indirect
- go.opentelemetry.io/otel/sdk/metric v1.32.0 // indirect
- go.opentelemetry.io/otel/trace v1.34.0 // indirect
+ go.opentelemetry.io/otel/sdk/metric v1.34.0 // indirect
+ go.opentelemetry.io/otel/trace v1.35.0 // indirect
go.opentelemetry.io/proto/otlp v1.4.0 // indirect
- go.step.sm/crypto v0.58.1 // indirect
+ go.step.sm/crypto v0.59.1 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
golang.org/x/mod v0.23.0 // indirect
- golang.org/x/net v0.35.0 // indirect
- golang.org/x/oauth2 v0.27.0 // indirect
- golang.org/x/term v0.29.0 // indirect
- google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 //
indirect
- google.golang.org/genproto/googleapis/api
v0.0.0-20250224174004-546df14abb99 // indirect
- google.golang.org/genproto/googleapis/rpc
v0.0.0-20250224174004-546df14abb99 // indirect
- google.golang.org/grpc v1.70.0 // indirect
+ golang.org/x/net v0.37.0 // indirect
+ golang.org/x/oauth2 v0.28.0 // indirect
+ golang.org/x/sys v0.31.0 // indirect
+ golang.org/x/term v0.30.0 // indirect
+ google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb //
indirect
+ google.golang.org/genproto/googleapis/api
v0.0.0-20250303144028-a0af3efb3deb // indirect
+ google.golang.org/genproto/googleapis/rpc
v0.0.0-20250303144028-a0af3efb3deb // indirect
+ google.golang.org/grpc v1.71.0 // indirect
google.golang.org/protobuf v1.36.5 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
- k8s.io/apimachinery v0.32.2 // indirect
+ k8s.io/apimachinery v0.32.3 // indirect
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/go.sum new/melange-0.23.0/go.sum
--- old/melange-0.22.2/go.sum 2025-03-06 21:10:51.000000000 +0100
+++ new/melange-0.23.0/go.sum 2025-03-14 16:07:29.000000000 +0100
@@ -1,34 +1,34 @@
-cel.dev/expr v0.19.0 h1:lXuo+nDhpyJSpWxpPVi5cPUwzKb+dsdOiw6IreM5yt0=
-cel.dev/expr v0.19.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
-chainguard.dev/apko v0.25.2-0.20250225192758-581904a29f4a
h1:QqlKR/xlGrwDZfbAM/Nx2YU6anq2Z49kLmOffIEarME=
-chainguard.dev/apko v0.25.2-0.20250225192758-581904a29f4a/go.mod
h1:yuj+hEMD6KbQuGBlbsmh6AgUhFdqbGVrLcDvbnrC+DY=
+cel.dev/expr v0.19.2 h1:V354PbqIXr9IQdwy4SYA4xa0HXaWq1BUPAGzugBY5V4=
+cel.dev/expr v0.19.2/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
+chainguard.dev/apko v0.25.4 h1:QFFCD7QR3q9AT5H+/ZCXQReCNN0CgRn1mkOq1T+FZfQ=
+chainguard.dev/apko v0.25.4/go.mod
h1:1xdjg538oPqb7VCiDMc4IlNtS5gRfpJqv2VIveR6wIo=
chainguard.dev/go-grpc-kit v0.17.7
h1:TqHua7er5k8m6WM96y0Tm7IoLLkuZ5vh3+5SR1gruKg=
chainguard.dev/go-grpc-kit v0.17.7/go.mod
h1:JroMzTY9mdhKe/bvtyChgfECaNh80+bMZH3HS+TGXHw=
chainguard.dev/sdk v0.1.31 h1:Blvpa0Ji/tC1VVV8/l8UyQe022LoRxZLfgasyFE1EhQ=
chainguard.dev/sdk v0.1.31/go.mod
h1:/zqikqbDCBAAlhIDuBl8V4bR9nmB1qLEIn2w9FxzNwI=
cloud.google.com/go v0.26.0/go.mod
h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE=
-cloud.google.com/go v0.116.0/go.mod
h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U=
+cloud.google.com/go v0.118.3 h1:jsypSnrE/w4mJysioGdMBg4MiW/hHx/sArFpaBWHdME=
+cloud.google.com/go v0.118.3/go.mod
h1:Lhs3YLnBlwJ4KA6nuObNMZ/fCbOQBPuWKPoE0Wa/9Vc=
cloud.google.com/go/auth v0.15.0
h1:Ly0u4aA5vG/fsSsxu98qCQBemXtAtJf+95z9HK+cxps=
cloud.google.com/go/auth v0.15.0/go.mod
h1:WJDGqZ1o9E9wKIL+IwStfyn/+s59zl4Bi+1KQNVXLZ8=
cloud.google.com/go/auth/oauth2adapt v0.2.7
h1:/Lc7xODdqcEw8IrZ9SvwnlLX6j9FHQM74z6cBk9Rw6M=
cloud.google.com/go/auth/oauth2adapt v0.2.7/go.mod
h1:NTbTTzfvPl1Y3V1nPpOgl2w6d/FjO7NNUQaWSox6ZMc=
cloud.google.com/go/compute/metadata v0.6.0
h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
cloud.google.com/go/compute/metadata v0.6.0/go.mod
h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg=
-cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA=
-cloud.google.com/go/iam v1.2.2/go.mod
h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY=
-cloud.google.com/go/logging v1.12.0
h1:ex1igYcGFd4S/RZWOCU51StlIEuey5bjqwH9ZYjHibk=
-cloud.google.com/go/logging v1.12.0/go.mod
h1:wwYBt5HlYP1InnrtYI0wtwttpVU1rifnMT7RejksUAM=
-cloud.google.com/go/longrunning v0.6.2
h1:xjDfh1pQcWPEvnfjZmwjKQEcHnpz6lHjfy7Fo0MK+hc=
-cloud.google.com/go/longrunning v0.6.2/go.mod
h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI=
-cloud.google.com/go/monitoring v1.21.2
h1:FChwVtClH19E7pJ+e0xUhJPGksctZNVOk2UhMmblmdU=
-cloud.google.com/go/monitoring v1.21.2/go.mod
h1:hS3pXvaG8KgWTSz+dAdyzPrGUYmi2Q+WFX8g2hqVEZU=
-cloud.google.com/go/storage v1.50.0
h1:3TbVkzTooBvnZsk7WaAQfOsNrdoM8QHusXA1cpk6QJs=
-cloud.google.com/go/storage v1.50.0/go.mod
h1:l7XeiD//vx5lfqE3RavfmU9yvk5Pp0Zhcv482poyafY=
-cloud.google.com/go/trace v1.11.2
h1:4ZmaBdL8Ng/ajrgKqY5jfvzqMXbrDcBsUGXOT9aqTtI=
-cloud.google.com/go/trace v1.11.2/go.mod
h1:bn7OwXd4pd5rFuAnTrzBuoZ4ax2XQeG3qNgYmfCy0Io=
-dagger.io/dagger v0.16.2 h1:xiBZ9VFeBupl0RQFW/LQ+RK8aieOpDV7LwSJJg08/7g=
-dagger.io/dagger v0.16.2/go.mod h1:NT+jk5un9LZEjvK8c/xu47EDCTWmgHZCn0jMMesMMtQ=
+cloud.google.com/go/iam v1.4.1 h1:cFC25Nv+u5BkTR/BT1tXdoF2daiVbZ1RLx2eqfQ9RMM=
+cloud.google.com/go/iam v1.4.1/go.mod
h1:2vUEJpUG3Q9p2UdsyksaKpDzlwOrnMzS30isdReIcLM=
+cloud.google.com/go/logging v1.13.0
h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXHYc=
+cloud.google.com/go/logging v1.13.0/go.mod
h1:36CoKh6KA/M0PbhPKMq6/qety2DCAErbhXT62TuXALA=
+cloud.google.com/go/longrunning v0.6.5
h1:sD+t8DO8j4HKW4QfouCklg7ZC1qC4uzVZt8iz3uTW+Q=
+cloud.google.com/go/longrunning v0.6.5/go.mod
h1:Et04XK+0TTLKa5IPYryKf5DkpwImy6TluQ1QTLwlKmY=
+cloud.google.com/go/monitoring v1.24.0
h1:csSKiCJ+WVRgNkRzzz3BPoGjFhjPY23ZTcaenToJxMM=
+cloud.google.com/go/monitoring v1.24.0/go.mod
h1:Bd1PRK5bmQBQNnuGwHBfUamAV1ys9049oEPHnn4pcsc=
+cloud.google.com/go/storage v1.51.0
h1:ZVZ11zCiD7b3k+cH5lQs/qcNaoSz3U9I0jgwVzqDlCw=
+cloud.google.com/go/storage v1.51.0/go.mod
h1:YEJfu/Ki3i5oHC/7jyTgsGZwdQ8P9hqMqvpi5kRKGgc=
+cloud.google.com/go/trace v1.11.3
h1:c+I4YFjxRQjvAhRmSsmjpASUKq88chOX854ied0K/pE=
+cloud.google.com/go/trace v1.11.3/go.mod
h1:pt7zCYiDSQjC9Y2oqCsh9jF4GStB/hmjrYLsxRR27q8=
+dagger.io/dagger v0.16.3 h1:4726x/B1PidwjokiU0LkUyhV3nzl7QtrVsmr0Dx01qo=
+dagger.io/dagger v0.16.3/go.mod h1:ZfKiSrU188LGafDfVDFbu9ouZu/1snboBDXej6NEoqg=
dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
@@ -40,12 +40,12 @@
github.com/BurntSushi/toml v0.3.1/go.mod
h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp
v1.25.0 h1:3c8yed4lgqTt+oTQ+JNMDo+F4xprBf+O/il4ZC0nRLw=
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp
v1.25.0/go.mod h1:obipzmGjfSjam60XLwGfqUkJsfiheAl+TUjG+4yzyPM=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric
v0.48.1 h1:UQ0AhxogsIRZDkElkblfnwjc3IaltCm2HUMvezQaL7s=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric
v0.48.1/go.mod h1:jyqM3eLpJ3IbIFDTKVz2rF9T/xWGW0rIriGwnz8l9Tk=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock
v0.48.1 h1:oTX4vsorBZo/Zdum6OKPA4o7544hm6smoRv1QjpTwGo=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock
v0.48.1/go.mod h1:0wEl7vrAD8mehJyohS9HZy+WyEOaQO2mJx86Cvh93kM=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping
v0.48.1 h1:8nn+rsCvTq9axyEh382S0PFLBeaFwNsT43IrPWzctRU=
-github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping
v0.48.1/go.mod h1:viRWSEhtMZqz1rhwmOVKkWl6SwmVowfL9O2YR5gI2PE=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric
v0.51.0 h1:fYE9p3esPxA/C0rQ0AHhP0drtPXDRhaWiwg1DPqO7IU=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric
v0.51.0/go.mod h1:BnBReJLvVYx2CS/UHOgVz2BXKXD9wsQPxZug20nZhd0=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock
v0.51.0 h1:OqVGm6Ei3x5+yZmSJG1Mh2NwHvpVmZ08CB5qJhT9Nuk=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock
v0.51.0/go.mod h1:SZiPHWGOOk3bl8tkevxkoiwPgsIl6CwrWcbwjfHZpdM=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping
v0.51.0 h1:6/0iUd0xrnX7qt+mLNRwg5c0PGv8wpE8K90ryANQwMI=
+github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping
v0.51.0/go.mod h1:otE2jQekW/PqXk1Awf5lmfokJx4uwuqcj1ab5SpGeW0=
github.com/Khan/genqlient v0.8.0
h1:Hd1a+E1CQHYbMEKakIkvBH3zW0PWEeiX6Hp1i2kP2WE=
github.com/Khan/genqlient v0.8.0/go.mod
h1:hn70SpYjWteRGvxTwo0kfaqg4wxvndECGkfa1fdDdYI=
github.com/MakeNowJust/heredoc/v2 v2.0.1
h1:rlCHh70XXXv7toz95ajQWOWQnN4WNLt0TdpZYIR/J6A=
@@ -81,12 +81,10 @@
github.com/cenkalti/backoff/v4 v4.3.0
h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
github.com/cenkalti/backoff/v4 v4.3.0/go.mod
h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod
h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/census-instrumentation/opencensus-proto v0.4.1
h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
-github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod
h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
github.com/cespare/xxhash/v2 v2.3.0
h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
github.com/cespare/xxhash/v2 v2.3.0/go.mod
h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chainguard-dev/clog v1.6.1
h1:CeOhEqKQsO/QMESgOTqv/miI27P1eNcgGgL7uiofOvU=
-github.com/chainguard-dev/clog v1.6.1/go.mod
h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs=
+github.com/chainguard-dev/clog v1.7.0
h1:guPznsK8vLHvzz1QJe2yU6MFeYaiSOFOQBYw4OXu+g8=
+github.com/chainguard-dev/clog v1.7.0/go.mod
h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs=
github.com/chainguard-dev/git-urls v1.0.2
h1:pSpT7ifrpc5X55n4aTTm7FFUE+ZQHKiqpiwNkJrVcKQ=
github.com/chainguard-dev/git-urls v1.0.2/go.mod
h1:rbGgj10OS7UgZlbzdUQIQpT0k/D4+An04HJY7Ol+Y/o=
github.com/chainguard-dev/go-pkgconfig v0.0.0-20240404163941-6351b37b2a10
h1:XR2vgQC024I9/boh9r1ihVv8Z14+pbvWqXeYMCnZJpc=
@@ -95,8 +93,8 @@
github.com/chainguard-dev/yam v0.2.10/go.mod
h1:Dqfj6H4GyIBTyBRQi5S+cji6wH4UlZDaN/sFirjOjjA=
github.com/charmbracelet/lipgloss v1.0.0
h1:O7VkGDvqEdGi93X+DeqsQ7PKHDgtQfF8j8/O2qFMQNg=
github.com/charmbracelet/lipgloss v1.0.0/go.mod
h1:U5fy9Z+C38obMs+T+tJqst9VGzlOYGj4ri9reL3qUlo=
-github.com/charmbracelet/log v0.4.0
h1:G9bQAcx8rWA2T3pWvx7YtPTPwgqpk7D68BX21IRW8ZM=
-github.com/charmbracelet/log v0.4.0/go.mod
h1:63bXt/djrizTec0l11H20t8FDSvA4CRZJ1KH22MdptM=
+github.com/charmbracelet/log v0.4.1
h1:6AYnoHKADkghm/vt4neaNEXkxcXLSV2g1rdyFDOpTyk=
+github.com/charmbracelet/log v0.4.1/go.mod
h1:pXgyTsqsVu4N9hGdHmQ0xEA4RsXof402LX9ZgiITn2I=
github.com/charmbracelet/x/ansi v0.8.0
h1:9GTq3xq9caJW8ZrBTe0LIe2fvfLR/bYXKTx2llXn7xE=
github.com/charmbracelet/x/ansi v0.8.0/go.mod
h1:wdYl/ONOLHLIVmQaxbIYEC/cRKOQyjTkowiI4blgS9Q=
github.com/chzyer/logex v1.1.10/go.mod
h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
@@ -106,8 +104,8 @@
github.com/cloudflare/circl v1.6.0
h1:cr5JKic4HI+LkINy2lg3W2jF8sHCVTBncJr5gIIq7qk=
github.com/cloudflare/circl v1.6.0/go.mod
h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod
h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78
h1:QVw89YDxXxEe+l8gU8ETbOasdwEV+avkR75ZzsVV9WI=
-github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod
h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
+github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42
h1:Om6kYQYDUk5wWbT0t0q6pvyM49i9XZAv9dDrkDA7gjk=
+github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42/go.mod
h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be
h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ=
github.com/common-nighthawk/go-figure
v0.0.0-20210622060536-734e95fb86be/go.mod
h1:mk5IQ+Y0ZeO87b858TlA645sVcEcbiX6YqP98kt+7+w=
github.com/containerd/containerd/v2 v2.0.2
h1:GmH/tRBlTvrXOLwSpWE2vNAm8+MqI6nmxKpKBNKY8Wc=
@@ -118,8 +116,8 @@
github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod
h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU=
github.com/cpuguy83/go-md2man/v2 v2.0.6
h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0=
github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod
h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
-github.com/creack/pty v1.1.23 h1:4M6+isWdcStXEf15G/RbrMPOQj1dZ7HPZCGwE4kOeP0=
-github.com/creack/pty v1.1.23/go.mod
h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=
+github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s=
+github.com/creack/pty v1.1.24/go.mod
h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=
github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467
h1:uX1JmpONuD549D73r6cgnxyUu18Zb7yHAy5AYU0Pm4Q=
github.com/cyberphone/json-canonicalization
v0.0.0-20241213102144-19d51d7fe467/go.mod
h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw=
github.com/cyphar/filepath-securejoin v0.4.1
h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s=
@@ -153,11 +151,15 @@
github.com/envoyproxy/go-control-plane v0.9.0/go.mod
h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane
v0.9.1-0.20191026205805-5f8ba28d4473/go.mod
h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod
h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.13.1
h1:vPfJZCkob6yTMEgS+0TwfTUfbHjfy/6vOJ8hUWX/uXE=
-github.com/envoyproxy/go-control-plane v0.13.1/go.mod
h1:X45hY0mufo6Fd0KW3rqsGvQMw58jvjymeCzBU3mWyHw=
+github.com/envoyproxy/go-control-plane v0.13.4
h1:zEqyPVyku6IvWCFwux4x9RxkLOMUL+1vC9xUFv5l2/M=
+github.com/envoyproxy/go-control-plane v0.13.4/go.mod
h1:kDfuBlDVsSj2MjrLEtRWtHlsWIFcGyB2RMO44Dc5GZA=
+github.com/envoyproxy/go-control-plane/envoy v1.32.4
h1:jb83lalDRZSpPWW2Z7Mck/8kXZ5CQAFYVjQcdVIr83A=
+github.com/envoyproxy/go-control-plane/envoy v1.32.4/go.mod
h1:Gzjc5k8JcJswLjAx1Zm+wSYE20UrLtt7JZMWiWQXQEw=
+github.com/envoyproxy/go-control-plane/ratelimit v0.1.0
h1:/G9QYbddjL25KvtKTv3an9lx6VBE2cnb8wp1vEGNYGI=
+github.com/envoyproxy/go-control-plane/ratelimit v0.1.0/go.mod
h1:Wk+tMFAFbCXaJPzVVHnPgRKdUdwW/KdbRt94AzgRee4=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod
h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/envoyproxy/protoc-gen-validate v1.1.0
h1:tntQDh69XqOCOZsDz0lVJQez/2L6Uu2PdjCQwWCJ3bM=
-github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod
h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4=
+github.com/envoyproxy/protoc-gen-validate v1.2.1
h1:DEo3O99U8j4hBFwbJfrz9VtgcDfUKS7KJ7spH3d86P8=
+github.com/envoyproxy/protoc-gen-validate v1.2.1/go.mod
h1:d/C80l/jxXLdfEIhX1W2TmLfsJ31lvEjwamM4DxlWXU=
github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
github.com/fatih/color v1.16.0/go.mod
h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
github.com/felixge/httpsnoop v1.0.4
h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
@@ -222,7 +224,6 @@
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod
h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod
h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod
h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8
h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod
h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
github.com/golang/mock v1.1.1/go.mod
h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
@@ -234,9 +235,7 @@
github.com/golang/protobuf v1.4.0-rc.2/go.mod
h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod
h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
github.com/golang/protobuf v1.4.0/go.mod
h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod
h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
github.com/golang/protobuf v1.4.2/go.mod
h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod
h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.5.0/go.mod
h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/golang/protobuf v1.5.2/go.mod
h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/golang/protobuf v1.5.4
h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
@@ -245,9 +244,7 @@
github.com/google/go-cmp v0.3.0/go.mod
h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod
h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.4.0/go.mod
h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod
h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.2/go.mod
h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.3/go.mod
h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.4/go.mod
h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.5/go.mod
h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.9/go.mod
h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@@ -269,11 +266,10 @@
github.com/google/s2a-go v0.1.9/go.mod
h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod
h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
-github.com/google/uuid v1.1.2/go.mod
h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod
h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.4
h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw=
-github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod
h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA=
+github.com/googleapis/enterprise-certificate-proxy v0.3.5
h1:VgzTY2jogw3xt39CusEnFJWm7rlsq5yL5q9XdLOuP5g=
+github.com/googleapis/enterprise-certificate-proxy v0.3.5/go.mod
h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
github.com/googleapis/gax-go/v2 v2.14.1
h1:hb0FFeiPaQskmvakKu5EbCbpntQn48jyHuvrkurSS/Q=
github.com/googleapis/gax-go/v2 v2.14.1/go.mod
h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA=
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI=
@@ -355,8 +351,6 @@
github.com/moby/term v0.5.2/go.mod
h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
github.com/morikuni/aec v1.0.0/go.mod
h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/muesli/cancelreader v0.2.2
h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA=
-github.com/muesli/cancelreader v0.2.2/go.mod
h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo=
github.com/muesli/termenv v0.16.0
h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc=
github.com/muesli/termenv v0.16.0/go.mod
h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
@@ -465,7 +459,6 @@
github.com/stretchr/testify v1.7.0/go.mod
h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod
h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod
h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod
h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.4/go.mod
h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.9.0/go.mod
h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/stretchr/testify v1.10.0
h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
@@ -480,8 +473,8 @@
github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701/go.mod
h1:P3a5rG4X7tI17Nn3aOIAYr5HbIMukwXG0urG0WuL8OA=
github.com/vbatts/tar-split v0.12.1
h1:CqKoORW7BUWBe7UL/iqTVvkTBOF8UvOMKOIZykxnnbo=
github.com/vbatts/tar-split v0.12.1/go.mod
h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA=
-github.com/vektah/gqlparser/v2 v2.5.22
h1:yaaeJ0fu+nv1vUMW0Hl+aS1eiv1vMfapBNjpffAda1I=
-github.com/vektah/gqlparser/v2 v2.5.22/go.mod
h1:xMl+ta8a5M1Yo1A1Iwt/k7gSpscwSnHZdw7tfhEGfTM=
+github.com/vektah/gqlparser/v2 v2.5.23
h1:PurJ9wpgEVB7tty1seRUwkIDa/QH5RzkzraiKIjKLfA=
+github.com/vektah/gqlparser/v2 v2.5.23/go.mod
h1:D1/VCZtV3LPnQrcPBeR/q5jkSQIPti0uYCP/RI0gIeo=
github.com/wk8/go-ordered-map/v2 v2.1.8
h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc=
github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod
h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw=
github.com/xanzy/ssh-agent v0.3.3
h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
@@ -499,18 +492,16 @@
go.lsp.dev/uri v0.3.0/go.mod h1:P5sbO1IQR+qySTWOCnhnK7phBx+W3zbLqSMDJNTw88I=
go.mongodb.org/mongo-driver v1.17.3
h1:TQyXhnsWfWtgAhMtOgtYHMTkZIfBTpMTsMnd9ZBeHxQ=
go.mongodb.org/mongo-driver v1.17.3/go.mod
h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
-go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
-go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
go.opentelemetry.io/auto/sdk v1.1.0
h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
go.opentelemetry.io/auto/sdk v1.1.0/go.mod
h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/contrib/detectors/gcp v1.32.0
h1:P78qWqkLSShicHmAzfECaTgvslqHxblNE9j62Ws1NK8=
-go.opentelemetry.io/contrib/detectors/gcp v1.32.0/go.mod
h1:TVqo0Sda4Cv8gCIixd7LuLwW4EylumVWfhjZJjDD4DU=
+go.opentelemetry.io/contrib/detectors/gcp v1.34.0
h1:JRxssobiPg23otYU5SbWtQC//snGVIM3Tx6QRzlQBao=
+go.opentelemetry.io/contrib/detectors/gcp v1.34.0/go.mod
h1:cV4BMFcscUR/ckqLkbfQmF0PRsq8w/lMGzdbCSveBHo=
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
v0.59.0 h1:rgMkmiGfix9vFJDcDi1PK8WEQP4FLQwLDfhp5ZLpFeE=
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
v0.59.0/go.mod h1:ijPqXp5P6IRRByFVVg9DY8P5HkxkHE5ARIa+86aXPf4=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0
h1:CV7UdSGJt/Ao6Gp4CXckLxVRRsRgDHoI8XjbL3PDl8s=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0/go.mod
h1:FRmFuRJfag1IZ2dPkHnEoSFVgTVPUd2qf5Vi69hLb8I=
-go.opentelemetry.io/otel v1.34.0
h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY=
-go.opentelemetry.io/otel v1.34.0/go.mod
h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI=
+go.opentelemetry.io/otel v1.35.0
h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ=
+go.opentelemetry.io/otel v1.35.0/go.mod
h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y=
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0
h1:WzNab7hOOLzdDF/EoWCt4glhrbMPVMOO5JYTmpz36Ls=
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0/go.mod
h1:hKvJwTzJdp90Vh7p6q/9PAOd55dI6WA6sWj62a/JvSs=
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0
h1:S+LdBGiQXtJdowoJoQPEtI52syEP/JYBUpjO49EQhV8=
@@ -527,24 +518,24 @@
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0/go.mod
h1:wAy0T/dUbs468uOlkT31xjvqQgEVXv58BRFWEgn5v/0=
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0
h1:WDdP9acbMYjbKIyJUhTvtzj601sVJOqgWdUxSdR/Ysc=
go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0/go.mod
h1:BLbf7zbNIONBLPwvFnwNHGj4zge8uTCM/UPIVW1Mq2I=
-go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.34.0
h1:jBpDk4HAUsrnVO1FsfCfCOTEc/MkInJmvfCHYLFiT80=
-go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.34.0/go.mod
h1:H9LUIM1daaeZaz91vZcfeM0fejXPmgCYE8ZhzqfJuiU=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.35.0
h1:T0Ec2E+3YZf5bgTNQVet8iTDW7oIk03tXHq+wkwIDnE=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.35.0/go.mod
h1:30v2gqH+vYGJsesLWFov8u47EpYTcIQcBjKpI6pJThg=
go.opentelemetry.io/otel/log v0.8.0
h1:egZ8vV5atrUWUbnSsHn6vB8R21G2wrKqNiDt3iWertk=
go.opentelemetry.io/otel/log v0.8.0/go.mod
h1:M9qvDdUTRCopJcGRKg57+JSQ9LgLBrwwfC32epk5NX8=
-go.opentelemetry.io/otel/metric v1.34.0
h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ=
-go.opentelemetry.io/otel/metric v1.34.0/go.mod
h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE=
-go.opentelemetry.io/otel/sdk v1.34.0
h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A=
-go.opentelemetry.io/otel/sdk v1.34.0/go.mod
h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU=
+go.opentelemetry.io/otel/metric v1.35.0
h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M=
+go.opentelemetry.io/otel/metric v1.35.0/go.mod
h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE=
+go.opentelemetry.io/otel/sdk v1.35.0
h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY=
+go.opentelemetry.io/otel/sdk v1.35.0/go.mod
h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg=
go.opentelemetry.io/otel/sdk/log v0.8.0
h1:zg7GUYXqxk1jnGF/dTdLPrK06xJdrXgqgFLnI4Crxvs=
go.opentelemetry.io/otel/sdk/log v0.8.0/go.mod
h1:50iXr0UVwQrYS45KbruFrEt4LvAdCaWWgIrsN3ZQggo=
-go.opentelemetry.io/otel/sdk/metric v1.32.0
h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU=
-go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod
h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ=
-go.opentelemetry.io/otel/trace v1.34.0
h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k=
-go.opentelemetry.io/otel/trace v1.34.0/go.mod
h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
+go.opentelemetry.io/otel/sdk/metric v1.34.0
h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce1EK0Gyvahk=
+go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod
h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w=
+go.opentelemetry.io/otel/trace v1.35.0
h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs=
+go.opentelemetry.io/otel/trace v1.35.0/go.mod
h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc=
go.opentelemetry.io/proto/otlp v1.4.0
h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg=
go.opentelemetry.io/proto/otlp v1.4.0/go.mod
h1:PPBWZIP98o2ElSqI35IHfu7hIhSwvc5N38Jw8pXuGFY=
-go.step.sm/crypto v0.58.1 h1:2PpEYTbytA3el9dW0gh9uJEe/CR/J6wS+x2vWYLG83M=
-go.step.sm/crypto v0.58.1/go.mod
h1:yluOL5OqY7mXGGQ7JUmAv/6h8T8Ge3yXdlEESWHOqDQ=
+go.step.sm/crypto v0.59.1 h1:jUL+5p19YS9YJKLaPUgkS2OdGm7s0+hwP7AqTFyF9Cg=
+go.step.sm/crypto v0.59.1/go.mod
h1:XHavmnzfTyPpQE/n4YokEtjiBzP3LZI9/1O061f5y0o=
go.uber.org/atomic v1.7.0/go.mod
h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
go.uber.org/goleak v1.1.10/go.mod
h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
@@ -561,8 +552,8 @@
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod
h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod
h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.19.0/go.mod
h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
-golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
-golang.org/x/crypto v0.35.0/go.mod
h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod
h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20250218142911-aa4b98e5adaa
h1:t2QcU6V556bFjYgu4L6C+6VrCPyJZ+eyRsABUPs1mz4=
golang.org/x/exp v0.0.0-20250218142911-aa4b98e5adaa/go.mod
h1:BHOTPb3L19zxehTsLoJXVaTktb06DFgmdW6Wb9s8jqk=
@@ -587,7 +578,6 @@
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod
h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod
h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod
h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod
h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod
h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod
h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod
h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@@ -595,11 +585,11 @@
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod
h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
-golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
+golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
+golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod
h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
-golang.org/x/oauth2 v0.27.0/go.mod
h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
+golang.org/x/oauth2 v0.28.0/go.mod
h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -607,8 +597,8 @@
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
-golang.org/x/sync v0.11.0/go.mod
h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
+golang.org/x/sync v0.12.0/go.mod
h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -636,15 +626,15 @@
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
-golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod
h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod
h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
golang.org/x/term v0.17.0/go.mod
h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
-golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
-golang.org/x/term v0.29.0/go.mod
h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod
h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -652,10 +642,10 @@
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.14.0/go.mod
h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
-golang.org/x/text v0.22.0/go.mod
h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
-golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4=
-golang.org/x/time v0.10.0/go.mod
h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod
h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
+golang.org/x/time v0.11.0/go.mod
h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -673,38 +663,33 @@
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.223.0 h1:JUTaWEriXmEy5AhvdMgksGGPEFsYfUKaPEYXd4c3Wvc=
-google.golang.org/api v0.223.0/go.mod
h1:C+RS7Z+dDwds2b+zoAk5hN/eSfsiCn0UDrYof/M4d2M=
+google.golang.org/api v0.225.0 h1:+4/IVqBQm0MV5S+JW3kdEGC1WtOmM2mXN1LKH1LdNlw=
+google.golang.org/api v0.225.0/go.mod
h1:WP/0Xm4LVvMOCldfvOISnWquSRWbG2kArDZcg+W2DbY=
google.golang.org/appengine v1.1.0/go.mod
h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod
h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod
h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod
h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod
h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod
h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20241118233622-e639e219e697
h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk=
-google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod
h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc=
-google.golang.org/genproto/googleapis/api v0.0.0-20250224174004-546df14abb99
h1:ilJhrCga0AptpJZXmUYG4MCrx/zf3l1okuYz7YK9PPw=
-google.golang.org/genproto/googleapis/api
v0.0.0-20250224174004-546df14abb99/go.mod
h1:Xsh8gBVxGCcbV8ZeTB9wI5XPyZ5RvC6V3CTeeplHbiA=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250224174004-546df14abb99
h1:ZSlhAUqC4r8TPzqLXQ0m3upBNZeF+Y8jQ3c4CR3Ujms=
-google.golang.org/genproto/googleapis/rpc
v0.0.0-20250224174004-546df14abb99/go.mod
h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I=
+google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb
h1:ITgPrl429bc6+2ZraNSzMDk3I95nmQln2fuPstKwFDE=
+google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb/go.mod
h1:sAo5UzpjUwgFBCzupwhcLcxHVDK7vG5IqI30YnwX2eE=
+google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb
h1:p31xT4yrYrSM/G4Sn2+TNUkVhFCbG9y8itM2S6Th950=
+google.golang.org/genproto/googleapis/api
v0.0.0-20250303144028-a0af3efb3deb/go.mod
h1:jbe3Bkdp+Dh2IrslsFCklNhweNTBgSYanP1UXhJDhKg=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb
h1:TLPQVbx1GJ8VKZxz52VAxl1EBgKXXbTiU9Fc5fZeLn4=
+google.golang.org/genproto/googleapis/rpc
v0.0.0-20250303144028-a0af3efb3deb/go.mod
h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I=
google.golang.org/grpc v1.18.0/go.mod
h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
google.golang.org/grpc v1.19.0/go.mod
h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod
h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod
h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.27.0/go.mod
h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.29.1/go.mod
h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.33.2/go.mod
h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.70.0 h1:pWFv03aZoHzlRKHWicjsZytKAiYCtNS0dHbXnIdq7jQ=
-google.golang.org/grpc v1.70.0/go.mod
h1:ofIJqVKDXx/JiXrwr2IG4/zwdH9txy3IlF40RmcJSQw=
+google.golang.org/grpc v1.71.0 h1:kF77BGdPTQ4/JZWMlb9VpJ5pa25aqvVqogsxNHHdeBg=
+google.golang.org/grpc v1.71.0/go.mod
h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod
h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod
h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod
h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod
h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
google.golang.org/protobuf v1.21.0/go.mod
h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod
h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.23.0/go.mod
h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod
h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.25.0/go.mod
h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
google.golang.org/protobuf v1.26.0-rc.1/go.mod
h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod
h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.36.5
h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
@@ -736,14 +721,14 @@
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod
h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod
h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod
h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/apimachinery v0.32.2 h1:yoQBR9ZGkA6Rgmhbp/yuT9/g+4lxtsGYwW6dR6BDPLQ=
-k8s.io/apimachinery v0.32.2/go.mod
h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
+k8s.io/apimachinery v0.32.3/go.mod
h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f
h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod
h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod
h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-mvdan.cc/sh/v3 v3.10.0 h1:v9z7N1DLZ7owyLM/SXZQkBSXcwr2IGMm2LY2pmhVXj4=
-mvdan.cc/sh/v3 v3.10.0/go.mod h1:z/mSSVyLFGZzqb3ZIKojjyqIx/xbmz/UHdCSv9HmqXY=
+mvdan.cc/sh/v3 v3.11.0 h1:q5h+XMDRfUGUedCqFFsjoFjrhwf2Mvtt1rkMvVz0blw=
+mvdan.cc/sh/v3 v3.11.0/go.mod h1:LRM+1NjoYCzuq/WZ6y44x14YNAI0NK7FLPeQSaFagGg=
sigs.k8s.io/release-utils v0.11.0
h1:FUVSw2dO67M7mfcQx9AITEGnTHoBOdJNbbQ3FT3o8mA=
sigs.k8s.io/release-utils v0.11.0/go.mod
h1:wAlXz8xruzvqZUsorI64dZ3lbkiDnYSlI4IYC6l2yEA=
sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/pkg/build/build.go
new/melange-0.23.0/pkg/build/build.go
--- old/melange-0.22.2/pkg/build/build.go 2025-03-06 21:10:51.000000000
+0100
+++ new/melange-0.23.0/pkg/build/build.go 2025-03-14 16:07:29.000000000
+0100
@@ -101,6 +101,7 @@
SourceDateEpoch time.Time
WorkspaceDir string
+ WorkspaceDirFS apkofs.FullFS
WorkspaceIgnore string
// Ordered directories where to find 'uses' pipelines.
PipelineDirs []string
@@ -311,6 +312,7 @@
if b.Runner.Name() == container.QemuName {
b.ExtraPackages = append(b.ExtraPackages, []string{
"melange-microvm-init",
+ "gnutar",
}...)
}
@@ -626,7 +628,7 @@
defer os.RemoveAll(tmp)
log.Infof("cache bucket copied to %s", tmp)
- fsys := os.DirFS(tmp)
+ fsys := apkofs.DirFS(tmp)
// mkdir /var/cache/melange
if err := os.MkdirAll(b.CacheDir, 0o755); err != nil {
@@ -842,7 +844,7 @@
}
log.Infof("populating workspace %s from %s", b.WorkspaceDir,
b.SourceDir)
- if err := b.populateWorkspace(ctx, os.DirFS(b.SourceDir)); err
!= nil {
+ if err := b.populateWorkspace(ctx, apkofs.DirFS(b.SourceDir));
err != nil {
return fmt.Errorf("unable to populate workspace: %w",
err)
}
}
@@ -949,8 +951,9 @@
// Retrieve the post build workspace from the runner
log.Infof("retrieving workspace from builder: %s", cfg.PodID)
- fsys := apkofs.DirFS(b.WorkspaceDir)
- if err := b.retrieveWorkspace(ctx, fsys); err != nil {
+ b.WorkspaceDirFS = apkofs.DirFS(b.WorkspaceDir)
+
+ if err := b.retrieveWorkspace(ctx, b.WorkspaceDirFS); err != nil {
return fmt.Errorf("retrieving workspace: %w", err)
}
log.Infof("retrieved and wrote post-build workspace to: %s",
b.WorkspaceDir)
@@ -1070,15 +1073,15 @@
// filesystem in the directory `/var/lib/db/sbom`. The pkgName parameter should
// be set to the name of the origin package or subpackage.
func (b Build) writeSBOM(pkgName string, doc *spdx.Document) error {
- apkFSPath := filepath.Join(b.WorkspaceDir, melangeOutputDirName,
pkgName)
+ apkFSPath := filepath.Join(melangeOutputDirName, pkgName)
sbomDirPath := filepath.Join(apkFSPath, "/var/lib/db/sbom")
- if err := os.MkdirAll(sbomDirPath, os.FileMode(0o755)); err != nil {
+ if err := b.WorkspaceDirFS.MkdirAll(sbomDirPath, os.FileMode(0o755));
err != nil {
return fmt.Errorf("creating SBOM directory: %w", err)
}
pkgVersion := b.Configuration.Package.FullVersion()
sbomPath := getPathForPackageSBOM(sbomDirPath, pkgName, pkgVersion)
- f, err := os.Create(sbomPath)
+ f, err := b.WorkspaceDirFS.Create(sbomPath)
if err != nil {
return fmt.Errorf("opening SBOM file for writing: %w", err)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/pkg/build/package.go
new/melange-0.23.0/pkg/build/package.go
--- old/melange-0.22.2/pkg/build/package.go 2025-03-06 21:10:51.000000000
+0100
+++ new/melange-0.23.0/pkg/build/package.go 2025-03-14 16:07:29.000000000
+0100
@@ -30,6 +30,7 @@
"strings"
"text/template"
+ apkofs "chainguard.dev/apko/pkg/apk/fs"
apko_types "chainguard.dev/apko/pkg/build/types"
"github.com/klauspost/compress/gzip"
@@ -154,6 +155,9 @@
pkgdesc = {{.Description}}
url = {{.URL}}
commit = {{.Commit}}
+{{- if .Build.Namespace }}
+maintainer = {{.Build.Namespace}}
+{{- end }}
{{- if ne .Build.SourceDateEpoch.Unix 0 }}
builddate = {{ .Build.SourceDateEpoch.Unix }}
{{- end}}
@@ -368,7 +372,7 @@
}
// TODO(kaniini): generate APKv3 packages
-func (pc *PackageBuild) calculateInstalledSize(fsys fs.FS) error {
+func (pc *PackageBuild) calculateInstalledSize(fsys apkofs.FullFS) error {
if err := fs.WalkDir(fsys, ".", func(path string, d fs.DirEntry, err
error) error {
if err != nil {
return err
@@ -388,7 +392,7 @@
return nil
}
-func (pc *PackageBuild) emitDataSection(ctx context.Context, fsys fs.FS,
userinfofs fs.FS, remapUIDs map[int]int, remapGIDs map[int]int, w
io.WriteSeeker) error {
+func (pc *PackageBuild) emitDataSection(ctx context.Context, fsys
apkofs.FullFS, userinfofs apkofs.FullFS, remapUIDs map[int]int, remapGIDs
map[int]int, w io.WriteSeeker) error {
log := clog.FromContext(ctx)
tarctx, err := tarball.NewContext(
tarball.WithSourceDateEpoch(pc.Build.SourceDateEpoch),
@@ -442,10 +446,13 @@
log.Info("generating package " + pc.Identity())
// filesystem for the data package
- fsys := readlinkFS(pc.WorkspaceSubdir())
+ fsys, err := apkofs.Sub(pc.Build.WorkspaceDirFS,
filepath.Join(melangeOutputDirName, pc.PackageName))
+ if err != nil {
+ return fmt.Errorf("failed to return filesystem for workspace
subtree: %w", err)
+ }
// provide the tar writer etc/passwd and etc/group of guest filesystem
- userinfofs := os.DirFS(pc.Build.GuestDir)
+ userinfofs := apkofs.DirFS(pc.Build.GuestDir)
hdl := &SCABuildInterface{
PackageBuild: pc,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/pkg/build/package_test.go
new/melange-0.23.0/pkg/build/package_test.go
--- old/melange-0.22.2/pkg/build/package_test.go 2025-03-06
21:10:51.000000000 +0100
+++ new/melange-0.23.0/pkg/build/package_test.go 2025-03-14
16:07:29.000000000 +0100
@@ -70,6 +70,7 @@
pb: &PackageBuild{
Build: &Build{
SourceDateEpoch: time.Unix(0, 0),
+ Namespace: "wolfi",
},
Origin: pkg,
PackageName: "glibc",
@@ -90,6 +91,7 @@
pkgdesc = I'm a unit test
url = https://chainguard.dev
commit = deadbeef
+maintainer = wolfi
datahash = baadf00d
`,
}, {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/pkg/build/readlinkfs.go
new/melange-0.23.0/pkg/build/readlinkfs.go
--- old/melange-0.22.2/pkg/build/readlinkfs.go 2025-03-06 21:10:51.000000000
+0100
+++ new/melange-0.23.0/pkg/build/readlinkfs.go 1970-01-01 01:00:00.000000000
+0100
@@ -1,142 +0,0 @@
-// Copyright 2022, 2023 Chainguard, Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package build
-
-import (
- "io/fs"
- "os"
- "path/filepath"
-
- apkofs "chainguard.dev/apko/pkg/apk/fs"
- "golang.org/x/sys/unix"
-)
-
-type rlfs struct {
- apkofs.XattrFS
-
- base string
- f fs.FS
-}
-
-func (f *rlfs) Readlink(name string) (string, error) {
- target, err := os.Readlink(filepath.Join(f.base, name))
- if err != nil {
- return "", err
- }
- return target, nil
-}
-
-func (f *rlfs) Open(name string) (fs.File, error) {
- return f.f.Open(name)
-}
-
-func (f *rlfs) Stat(name string) (fs.FileInfo, error) {
- return os.Stat(filepath.Join(f.base, name))
-}
-
-func (f *rlfs) SetXattr(path string, attr string, data []byte) error {
- return unix.Setxattr(filepath.Join(f.base, path), attr, data, 0)
-}
-
-func (f *rlfs) GetXattr(path string, attr string) ([]byte, error) {
- realPath := filepath.Join(f.base, path)
-
- size, err := unix.Getxattr(realPath, attr, nil)
- if err != nil {
- return []byte{}, err
- }
-
- buf := make([]byte, size)
- _, err = unix.Getxattr(realPath, attr, buf)
- if err != nil {
- return []byte{}, err
- }
-
- return buf, nil
-}
-
-func (f *rlfs) RemoveXattr(path string, attr string) error {
- return unix.Removexattr(filepath.Join(f.base, path), attr)
-}
-
-// stringsFromByteSlice converts a sequence of attributes to a []string.
-// On Linux, each entry is a NULL-terminated string.
-// Taken from golang.org/x/sys/unix/syscall_linux_test.go.
-func stringsFromByteSlice(buf []byte) []string {
- var result []string
- off := 0
- for i, b := range buf {
- if b == 0 {
- result = append(result, string(buf[off:i]))
- off = i + 1
- }
- }
- return result
-}
-
-// xattrIgnoreList contains a mapping of xattr names used by various
-// security features which leak their state into packages. We need to
-// ignore these xattrs because they require special permissions to be
-// set when the underlying security features are in use.
-var xattrIgnoreList = map[string]bool{
- "com.apple.provenance": true,
- "security.csm": true,
- "security.selinux": true,
- "com.docker.grpcfuse.ownership": true,
-}
-
-func (f *rlfs) ListXattrs(path string) (map[string][]byte, error) {
- realPath := filepath.Join(f.base, path)
-
- size, err := unix.Listxattr(realPath, nil)
- if err != nil {
- return map[string][]byte{}, err
- }
-
- // If the xattr list is empty, the size will be 0.
- if size <= 0 {
- return map[string][]byte{}, nil
- }
-
- buf := make([]byte, size)
- read, err := unix.Listxattr(realPath, buf)
- if err != nil {
- return map[string][]byte{}, err
- }
-
- xattrMap := map[string][]byte{}
- xattrNames := stringsFromByteSlice(buf[:read])
- for _, xattrName := range xattrNames {
- if _, ok := xattrIgnoreList[xattrName]; ok {
- continue
- }
-
- result, err := f.GetXattr(path, xattrName)
- if err != nil {
- return map[string][]byte{}, err
- }
-
- xattrMap[xattrName] = result
- }
-
- return xattrMap, nil
-}
-
-func readlinkFS(dir string) apkofs.ReadLinkFS {
- return &rlfs{
- base: dir,
- f: os.DirFS(dir),
- }
-}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/pkg/build/sca_interface.go
new/melange-0.23.0/pkg/build/sca_interface.go
--- old/melange-0.22.2/pkg/build/sca_interface.go 2025-03-06
21:10:51.000000000 +0100
+++ new/melange-0.23.0/pkg/build/sca_interface.go 2025-03-14
16:07:29.000000000 +0100
@@ -18,6 +18,7 @@
"fmt"
"path/filepath"
+ apkofs "chainguard.dev/apko/pkg/apk/fs"
"chainguard.dev/melange/pkg/config"
"chainguard.dev/melange/pkg/sca"
)
@@ -54,8 +55,10 @@
// FilesystemForRelative implements an abstract filesystem for any of the
packages being
// built.
func (scabi *SCABuildInterface) FilesystemForRelative(pkgName string)
(sca.SCAFS, error) {
- pkgDir := filepath.Join(scabi.PackageBuild.Build.WorkspaceDir,
melangeOutputDirName, pkgName)
- rlFS := readlinkFS(pkgDir)
+ rlFS, err := apkofs.Sub(scabi.PackageBuild.Build.WorkspaceDirFS,
filepath.Join(melangeOutputDirName, pkgName))
+ if err != nil {
+ return nil, fmt.Errorf("package build subFS: %w", err)
+ }
scaFS, ok := rlFS.(sca.SCAFS)
if !ok {
return nil, fmt.Errorf("SCAFS not implemented")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/pkg/build/test.go
new/melange-0.23.0/pkg/build/test.go
--- old/melange-0.22.2/pkg/build/test.go 2025-03-06 21:10:51.000000000
+0100
+++ new/melange-0.23.0/pkg/build/test.go 2025-03-14 16:07:29.000000000
+0100
@@ -311,7 +311,7 @@
log.Infof("populating workspace %s from %s", t.WorkspaceDir,
t.SourceDir)
- fsys := os.DirFS(t.SourceDir)
+ fsys := apkofs.DirFS(t.SourceDir)
return fs.WalkDir(fsys, ".", func(path string, d fs.DirEntry, err
error) error {
if err != nil {
@@ -349,6 +349,7 @@
if t.Runner.Name() == container.QemuName {
t.ExtraTestPackages = append(t.ExtraTestPackages, []string{
"melange-microvm-init",
+ "gnutar",
}...)
}
@@ -425,7 +426,7 @@
return fmt.Errorf("mkdir -p %s: %w", t.WorkspaceDir,
err)
}
- if err := t.PopulateWorkspace(ctx, os.DirFS(t.SourceDir)); err
!= nil {
+ if err := t.PopulateWorkspace(ctx, apkofs.DirFS(t.SourceDir));
err != nil {
return fmt.Errorf("unable to populate workspace: %w",
err)
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/pkg/config/schema.json
new/melange-0.23.0/pkg/config/schema.json
--- old/melange-0.22.2/pkg/config/schema.json 2025-03-06 21:10:51.000000000
+0100
+++ new/melange-0.23.0/pkg/config/schema.json 2025-03-14 16:07:29.000000000
+0100
@@ -35,6 +35,40 @@
],
"description": "BuildOption describes an optional deviation to a package
build."
},
+ "CPE": {
+ "properties": {
+ "part": {
+ "type": "string"
+ },
+ "vendor": {
+ "type": "string"
+ },
+ "product": {
+ "type": "string"
+ },
+ "edition": {
+ "type": "string"
+ },
+ "language": {
+ "type": "string"
+ },
+ "sw_edition": {
+ "type": "string"
+ },
+ "target_sw": {
+ "type": "string"
+ },
+ "target_hw": {
+ "type": "string"
+ },
+ "other": {
+ "type": "string"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object",
+ "description": "CPE stores values used to produce a CPE to describe the
package, suitable for matching against NVD records."
+ },
"Capabilities": {
"properties": {
"add": {
@@ -530,6 +564,13 @@
"type": "string",
"description": "A human-readable description of the package"
},
+ "annotations": {
+ "additionalProperties": {
+ "type": "string"
+ },
+ "type": "object",
+ "description": "Annotations for this package"
+ },
"url": {
"type": "string",
"description": "The URL to the package's homepage"
@@ -568,6 +609,10 @@
"$ref": "#/$defs/Checks",
"description": "Optional: enabling, disabling, and configuration of
build checks"
},
+ "cpe": {
+ "$ref": "#/$defs/CPE",
+ "description": "The CPE field values to be used for matching against
NVD vulnerability\nrecords, if known."
+ },
"timeout": {
"type": "integer",
"description": "Optional: The amount of time to allow this build to
take before timing out."
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/pkg/container/qemu_runner.go
new/melange-0.23.0/pkg/container/qemu_runner.go
--- old/melange-0.22.2/pkg/container/qemu_runner.go 2025-03-06
21:10:51.000000000 +0100
+++ new/melange-0.23.0/pkg/container/qemu_runner.go 2025-03-14
16:07:29.000000000 +0100
@@ -234,7 +234,7 @@
nil,
outFile,
false,
- []string{"sh", "-c", "cd /home/build && tar cvzf -
melange-out"},
+ []string{"sh", "-c", "cd /home/build && tar cvpzf - --xattrs
--acls melange-out"},
)
if err != nil {
return nil, err
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/pkg/linter/linter.go
new/melange-0.23.0/pkg/linter/linter.go
--- old/melange-0.22.2/pkg/linter/linter.go 2025-03-06 21:10:51.000000000
+0100
+++ new/melange-0.23.0/pkg/linter/linter.go 2025-03-14 16:07:29.000000000
+0100
@@ -29,6 +29,7 @@
"slices"
"strings"
+ apkofs "chainguard.dev/apko/pkg/apk/fs"
"github.com/chainguard-dev/clog"
"github.com/dustin/go-humanize"
"golang.org/x/exp/maps"
@@ -189,9 +190,9 @@
defaultBehavior: Warn,
},
"usrmerge": {
- LinterFunc: allPaths(usrmergeLinter),
- Explain: "Move binary to /usr/{bin,lib/sbin}",
- defaultBehavior: Warn,
+ LinterFunc: usrmergeLinter,
+ Explain: "Move binary to /usr/{bin,sbin}",
+ defaultBehavior: Require,
},
}
@@ -677,7 +678,7 @@
}
log := clog.FromContext(ctx)
- fsys := os.DirFS(path)
+ fsys := apkofs.DirFS(path)
if err := lintPackageFS(ctx, cfg, packageName, fsys, warn); err != nil {
log.Warn(err.Error())
@@ -777,18 +778,36 @@
return &cfg, nil
}
-func usrmergeLinter(_ context.Context, _ *config.Configuration, _, path
string) error {
- if strings.HasPrefix(path, "sbin") {
- return fmt.Errorf("package writes to /sbin in violation of
usrmerge")
- }
+func usrmergeLinter(ctx context.Context, _ *config.Configuration, _ string,
fsys fs.FS) error {
+ return fs.WalkDir(fsys, ".", func(path string, d fs.DirEntry, err
error) error {
+ if err := ctx.Err(); err != nil {
+ return err
+ }
+ if err != nil {
+ return err
+ }
+ if isIgnoredPath(path) {
+ return nil
+ }
- if strings.HasPrefix(path, "lib") {
- return fmt.Errorf("package writes to /lib in violation of
usrmerge")
- }
+ // We don't really care if a package is re-adding a symlink and
this catches wolfi-baselayout
+ // without special casing it with the package name.
+ if path == "sbin" || path == "bin" {
+ if d.IsDir() || d.Type().IsRegular() {
+ return fmt.Errorf("package contains non-symlink
file at /sbin or /bin in violation of usrmerge")
+ } else {
+ return nil
+ }
+ }
- if strings.HasPrefix(path, "bin") {
- return fmt.Errorf("package writes to /bin in violation of
usrmerge")
- }
+ if strings.HasPrefix(path, "sbin") {
+ return fmt.Errorf("package writes to /sbin in violation
of usrmerge: %s", path)
+ }
- return nil
+ if strings.HasPrefix(path, "bin") {
+ return fmt.Errorf("package writes to /bin in violation
of usrmerge: %s", path)
+ }
+
+ return nil
+ })
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/pkg/linter/linter_test.go
new/melange-0.23.0/pkg/linter/linter_test.go
--- old/melange-0.22.2/pkg/linter/linter_test.go 2025-03-06
21:10:51.000000000 +0100
+++ new/melange-0.23.0/pkg/linter/linter_test.go 2025-03-14
16:07:29.000000000 +0100
@@ -194,6 +194,33 @@
}, {
dirFunc: mkfile(t, "sbin/test.sh"),
linter: "usrmerge",
+ pass: false,
+ }, {
+ dirFunc: mkfile(t, "sbin"),
+ linter: "usrmerge",
+ pass: false,
+ }, {
+ dirFunc: mkfile(t, "bin"),
+ linter: "usrmerge",
+ pass: false,
+ }, {
+ dirFunc: func() string {
+ d := t.TempDir()
+ assert.NoError(t, os.MkdirAll(filepath.Join(d,
filepath.Dir("/sbin")), 0700))
+ _ = os.Symlink("/sbin", "/dev/null")
+ return d
+ },
+ linter: "usrmerge",
+ pass: true,
+ }, {
+ dirFunc: func() string {
+ d := t.TempDir()
+ assert.NoError(t, os.MkdirAll(filepath.Join(d,
filepath.Dir("/bin")), 0700))
+ _ = os.Symlink("/bin", "/dev/null")
+ return d
+ },
+ linter: "usrmerge",
+ pass: true,
}} {
ctx := slogtest.Context(t)
t.Run(c.linter, func(t *testing.T) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.22.2/pkg/sca/sca.go
new/melange-0.23.0/pkg/sca/sca.go
--- old/melange-0.22.2/pkg/sca/sca.go 2025-03-06 21:10:51.000000000 +0100
+++ new/melange-0.23.0/pkg/sca/sca.go 2025-03-14 16:07:29.000000000 +0100
@@ -668,7 +668,11 @@
func getShbang(fp io.Reader) (string, error) {
// python3 and sh are symlinks and generateCmdProviders currently only
considers
// regular files. Since nothing will fulfill such a depend, do not
generate one.
- ignores := map[string]bool{"python3": true, "python": true, "sh": true,
"awk": true}
+ //
+ // There are multiple variants of luajit; one maintained by OpenResty,
and several
+ // per each fluent-bit stream. We don't want to pull in the incorrect
variant so do
+ // not generate a dependency on cmd:luajit when found in a shebang.
+ ignores := map[string]bool{"python3": true, "python": true, "sh": true,
"awk": true, "luajit": true}
buf := make([]byte, 80)
blen, err := io.ReadFull(fp, buf)
@@ -731,6 +735,10 @@
return err
}
+ if d.Type()&fs.ModeSymlink == fs.ModeSymlink {
+ return nil
+ }
+
if !strings.HasPrefix(path, "usr/bin/") &&
!strings.HasPrefix(path, "bin/") {
return nil
}
Binary files
old/melange-0.22.2/pkg/sca/testdata/generated/x86_64/shbang-test-1-r1.apk and
new/melange-0.23.0/pkg/sca/testdata/generated/x86_64/shbang-test-1-r1.apk differ
++++++ melange.obsinfo ++++++
--- /var/tmp/diff_new_pack.SXFKG6/_old 2025-03-17 22:21:39.972687372 +0100
+++ /var/tmp/diff_new_pack.SXFKG6/_new 2025-03-17 22:21:39.972687372 +0100
@@ -1,5 +1,5 @@
name: melange
-version: 0.22.2
-mtime: 1741291851
-commit: 3e035809d17ac5761e3c3be0cd8b8916c748c299
+version: 0.23.0
+mtime: 1741964849
+commit: 2c649a99da753b84563ce8e4c3f4c5ae868d5f3f
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/melange/vendor.tar.gz
/work/SRC/openSUSE:Factory/.melange.new.19136/vendor.tar.gz differ: char 5,
line 1
