build(deps): bump k8s.io/release from 0.8.0 to 0.10.0 #23

dependabot · 2021-08-10T06:28:18Z

Bumps k8s.io/release from 0.8.0 to 0.10.0.

Release notes

Sourced from k8s.io/release's releases.

v0.10.0

Changes by Kind

Feature

Allows more options to be passed to the SPDX document builder

File analysis is now done in parallel speeding the kubernetes bom generation significally

When generating a SPDX package from a directory, file paths will now be relative to the dir root

Golang packages that have local replacements will be honored saving a considerable amount of downloads

Fixed a bug where we would erase the local golang package install

Fixed a bug where license data would be saved in the download cache directory, resulting in the license classifier having a lower accuracy

Golang packages will now include all license text in the SBOM as well as the SPDX license identifier

New function license.ReadTopLicense() will scan and return only the most significant license in a directory, potentially avoiding thousands of operations in the classifier code. (#2096, @puerco) [SIG Release]

Apache-2.0 is now defined as the default and expressed license in packages

The SPDX package now supports ExternalDocRef making it possible to define external documents related to an SBOM

Added functions to the release package to get the produced artifacts (ListBuildImages, ListBuildTarballs, ListBuildBinaries)

Added release tarballs (client, server, node) to artifacts SBOM

Binaries are now listed with their correct relative paths in the artifacts SBOM

FIxed a bug where SPDX Ids would clash when two packages shared the same base image

The source code SBOM is now referenced by the artifacts sbom packages as GENERATED_FROM

Added tests to ensure SPDX Relationships render correctly (#2156, @puerco) [SIG Release]

Changed archived Kubernetes release sources to be compressed as tarball (#2130, @saschagrunert) [SIG Release]

Debian-base: Build buster-v1.8.0 image (#2135, @jindijamie) [SIG Release]

Debian-base: Build buster-v1.9.0 image (#2189, @justaugustus) [SIG Release]

Debian-iptables: Build buster-v1.6.5 image

setcap: Build buster-v2.0.3 image (#2142, @justaugustus) [SIG Release]

Debian-iptables: Build buster-v1.6.6 image

setcap: Build buster-v2.0.4 image (#2192, @justaugustus) [SIG Release]

Fixed a bug that was causing errors downloading go packages, except for a few specific deps, we now have licensing data for all packages.

Correct a bug where HTML entities were being introduced into the spdx licenses and output. The code was wrongly using html/template instead of text/template.

There is now a new Relationship type and a better way to relate objects among themselves via a new spdx.Object interface

New SPDX object interface. This is important as we will start having functions that can take either packages or files, hence we create the interface to address them both

Changes the way image references are treated when generating an SBOM from an image reference. Now, The spdx package will now fetch all images for all architectures found

New function to generates a valid SPDX ID string, optionally it can take strings as seeds to generate a more intuitive ID for packages and files.

Fixes a bug where month and day were in the wrong order in the SPDX document date. (#2147, @puerco) [SIG Release]

K8s-ci-builder: Add 1.22 variant, drop 1.18 variant

k8s-ci-builder: Add 1.23 variant

k8s-ci-builder: Build go1.16.6 images

k8s-cloud-builder: Build v1.17.0-rc.1-1 image (#2168, @justaugustus) [SIG Release]

K8s-cloud-builder/k8s-ci-builder: Build image using go1.15.15 (#2200, @cpanato) [SIG Release]

K8s-cloud-builder/k8s-ci-builder: Build image using go1.16.7 (#2198, @cpanato) [SIG Release]

K8s-cloud-builder: Build image using go1.16.6 (#2163, @puerco) [SIG Release]

K8s-cloud-builder: Build v1.17.0-rc.2-1 image (#2190, @justaugustus) [SIG Release]

Schedule-builder: add new field (#2173, @cpanato) [SIG Release]

Stage now runs completely without setting the github token in the k/k clone remote configuration

krel now resets the git origin remote in the staged clone of kubernetes/kubernetes to pickup a new GITHUB_TOKEN if we change it.

before archiving the release, we now delete the git remote config (#2127, @puerco) [SIG Release]

The binary.Binary object has a new method ContainsString() that allows for searching inside the binary for one or more strings.

The release process now has a new step during staging: VerifyArtifacts. Where during which we will perform checks of the artifacts we produce.

Binaries are now checked to ensure they are of the expected platform/arch

... (truncated)

Commits

82b23b9 Merge pull request #2200 from cpanato/cloud-builder-go115
0f37977 k8s-cloud-builder/k8s-ci-builder: Build image using go1.15.15
fd8145c Merge pull request #2198 from cpanato/cloud-builder
afff9ea k8s-cloud-builder/k8s-ci-builder: Build image using go1.16.7
286b0c2 Merge pull request #2197 from cpanato/go116-go115
2cc1dbc kubepkg/packages-deb: update base image to go1.16.7
c5ccab0 kube-cross: Build v1.16.7-1 and v1.15.15-1 images
ec89879 releng-ci: build image for go1.16.7 and go1.15.15
43a3be2 go-runner: Build v2.3.1-go1.16.7-buster.0 and v2.3.1-go1.15.15-buster.0
13685b2 [go] go1.16.7 and go1.15.15 updates
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [k8s.io/release](https://github.com/kubernetes/release) from 0.8.0 to 0.10.0. - [Release notes](https://github.com/kubernetes/release/releases) - [Changelog](https://github.com/kubernetes/release/blob/master/docs/release-notes-maps.md) - [Commits](kubernetes/release@v0.8.0...v0.10.0) --- updated-dependencies: - dependency-name: k8s.io/release dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2021-08-10T06:28:19Z

The following labels could not be found: release-note-none.

dependabot bot mentioned this pull request Aug 10, 2021

build(deps): bump k8s.io/release from 0.8.0 to 0.9.0 #5

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump k8s.io/release from 0.8.0 to 0.10.0 #23

build(deps): bump k8s.io/release from 0.8.0 to 0.10.0 #23

dependabot bot commented on behalf of github Aug 10, 2021

dependabot bot commented on behalf of github Aug 10, 2021

build(deps): bump k8s.io/release from 0.8.0 to 0.10.0 #23

Are you sure you want to change the base?

build(deps): bump k8s.io/release from 0.8.0 to 0.10.0 #23

Conversation

dependabot bot commented on behalf of github Aug 10, 2021

v0.10.0

Changes by Kind

Feature

dependabot bot commented on behalf of github Aug 10, 2021