Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 #548

dependabot · 2024-10-17T02:32:03Z

Bumps sigstore/cosign-installer from 3.6.0 to 3.7.0.

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.7.0

What's Changed

Bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in sigstore/cosign-installer#172

bump for latest cosign v2.4.1 release by @bobcallaway in sigstore/cosign-installer#173

Full Changelog: sigstore/cosign-installer@v3.6.0...v3.7.0

Commits

dc72c7d bump for latest cosign v2.4.1 release (#173)
08bb361 Bump actions/checkout from 4.1.7 to 4.2.0 (#172)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.6.0 to 3.7.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@4959ce0...dc72c7d) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

codecov · 2024-10-17T02:33:15Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (b2e63d6) to head (0b2c1cf).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #548   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            8         8           
  Lines          151       151           
  Branches        15        15           
=========================================
  Hits           151       151

Flag	Coverage Δ
python-3.10	`100.00% <ø> (ø)`
python-3.11	`100.00% <ø> (ø)`
python-3.12	`100.00% <ø> (ø)`
python-3.13	`100.00% <ø> (ø)`
python-3.9	`100.00% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

github-actions · 2024-10-17T02:44:49Z

Test Results

5 files ±0 5 suites ±0 22s ⏱️ -1s
36 tests ±0 36 ✅ ±0 0 💤 ±0 0 ❌ ±0
180 runs ±0 180 ✅ ±0 0 💤 ±0 0 ❌ ±0

Results for commit d0c2f4d. ± Comparison against base commit 017be14.

…staller-3.7.0

github-actions · 2024-10-17T07:37:12Z

🔍 Vulnerabilities of `jkreileder/cf-ips-to-hcloud-fw:pr-548`

📦 Image Reference jkreileder/cf-ips-to-hcloud-fw:pr-548

digest	`sha256:57796d8b05808159411f89e0eb927292da7565b9dac13e95bc52c574cd3768dc`
vulnerabilities
size	25 MB
packages	64

📦 Base Image python:3-alpine

also known as	`3-alpine3.20` `3.13-alpine` `3.13-alpine3.20` `3.13.0-alpine` `3.13.0-alpine3.20` `alpine` `alpine3.20`
digest	`sha256:6e0d21f66f665a33876d963f3ff6206b13863a17af0d6cfda68097cd415ec128`
vulnerabilities

github-actions · 2024-10-17T07:37:14Z

Recommended fixes for image `jkreileder/cf-ips-to-hcloud-fw:pr-548`

Base image is python:3-alpine

Name	3.13.0-alpine3.20
Digest	sha256:6e0d21f66f665a33876d963f3ff6206b13863a17af0d6cfda68097cd415ec128
Vulnerabilities
Pushed	1 week ago
Size	16 MB
Packages	43
Flavor	alpine
OS	3.20
Runtime	3.13.0

The base image is also available under the supported tag(s): 3-alpine3.20, 3.13-alpine, 3.13-alpine3.20, 3.13.0-alpine, 3.13.0-alpine3.20, alpine, alpine3.20

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

✅ There are no tag recommendations at this time.

github-actions · 2024-10-17T07:37:21Z

Overview

Image reference	`jkreileder/cf-ips-to-hcloud-fw:1`	`quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-548`
- digest	`f6c3fb147a85`	`57796d8b0580`
- tag	`1`	`pr-548`
- provenance	`a3b2b14`	`a85dfb1`
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	27 MB	25 MB (-1.6 MB)
- packages	80	64 (-16)
Base Image	`python:3.12.4-alpine3.20` also known as: • `3-alpine` • `3-alpine3.20` • `3.12-alpine` • `3.12-alpine3.20` • `alpine` • `alpine3.20`	`python:3-alpine` also known as: • `3-alpine3.20` • `3.13-alpine` • `3.13-alpine3.20` • `3.13.0-alpine` • `3.13.0-alpine3.20` • `alpine` • `alpine3.20`
- vulnerabilities

Environment Variables (5 changes)

- 4 removed

± 1 changed

4 unchanged

 GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305
-LANG=C.UTF-8
 PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 PYTHONDONTWRITEBYTECODE=1
 PYTHONFAULTHANDLER=1
-PYTHON_GET_PIP_SHA256=ee09098395e42eb1f82ef4acb231a767a6ae85504a9cf9983223df0a7cbd35d7
-PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/e03e1607ad60522cf34a92e834138eb89f57667c/public/get-pip.py
-PYTHON_PIP_VERSION=24.0
-PYTHON_VERSION=3.12.4
+PYTHON_VERSION=3.13.0

Labels (3 changes)

± 3 changed

5 unchanged

-org.opencontainers.image.created=2024-07-15T18:40:43.715Z
+org.opencontainers.image.created=2024-10-17T07:36:15.436Z
 org.opencontainers.image.description=Update Hetzner Cloud firewall rules with current Cloudflare IP ranges
 org.opencontainers.image.licenses=MIT
-org.opencontainers.image.revision=a3b2b148963e273bab7629350a036f97ec24e0d7
+org.opencontainers.image.revision=a85dfb116fe805ea735f71d37fc68dd5c0c03576
 org.opencontainers.image.source=https://github.com/jkreileder/cf-ips-to-hcloud-fw
 org.opencontainers.image.title=cf-ips-to-hcloud-fw
 org.opencontainers.image.url=https://github.com/jkreileder/cf-ips-to-hcloud-fw
-org.opencontainers.image.version=1.0.12
+org.opencontainers.image.version=pr-548

Policies (1 improved, 1 worsened, 2 missing data)

Policy Name	`jkreileder/cf-ips-to-hcloud-fw:1`	`quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-548`	Change	Standing
Default non-root user	✅	✅		No Change
No AGPL v3 licenses	⚠️ 1	✅	-1	Improved
No fixable critical or high vulnerabilities	✅	✅		No Change
No high-profile vulnerabilities	✅	✅		No Change
No outdated base images	✅	❓ No data
No unapproved base images	❓ No data	❓ No data
Supply chain attestations	✅	⚠️ 2	+2	Worsened

Packages and Vulnerabilities (44 package changes and 4 vulnerability changes)

➖ 15 packages removed

♾️ 29 packages changed

35 packages unchanged

✔️ 4 vulnerabilities removed

Changes for packages of type apk (27 changes)

	Package	Version `jkreileder/cf-ips-to-hcloud-fw:1`	Version `quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-548`
♾️	.python-rundeps	`20240715.184054`	`20241017.073623`
♾️	ca-certificates-bundle	`20240226-r0`	`20240705-r0`
➖	e2fsprogs	`1.47.0-r5`
♾️	expat	`2.6.2-r0`	`2.6.3-r0`

		Removed vulnerabilities (3):
➖	gettext	`0.22.5-r0`
➖	keyutils	`1.6.3-r3`
➖	keyutils-libs	`1.6.3-r3`
➖	krb5	`1.21.3-r0`
➖	krb5-conf	`1.0-r2`
➖	krb5-libs	`1.21.3-r0`
➖	libcom_err	`1.47.0-r5`
♾️	libcrypto3	`3.3.1-r1`	`3.3.2-r0`
♾️	libexpat	`2.6.2-r0`	`2.6.3-r0`
➖	libintl	`0.22.5-r0`
♾️	libncursesw	`6.4_p20240420-r0`	`6.4_p20240420-r1`
➖	libnsl	`2.0.1-r0`
♾️	libpanelw	`6.4_p20240420-r0`	`6.4_p20240420-r1`
♾️	libssl3	`3.3.1-r1`	`3.3.2-r0`
➖	libtirpc	`1.3.4-r0`
➖	libtirpc-conf	`1.3.4-r0`
➖	libverto	`0.3.2-r2`
♾️	ncurses	`6.4_p20240420-r0`	`6.4_p20240420-r1`
♾️	ncurses-terminfo-base	`6.4_p20240420-r0`	`6.4_p20240420-r1`
♾️	openssl	`3.3.1-r1`	`3.3.2-r0`

		Removed vulnerabilities (1):
♾️	tzdata	`2024a-r1`	`2024b-r0`
♾️	xz	`5.6.1-r3`	`5.6.2-r0`
♾️	xz-libs	`5.6.1-r3`	`5.6.2-r0`

Changes for packages of type generic (1 changes)

	Package	Version `jkreileder/cf-ips-to-hcloud-fw:1`	Version `quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-548`
♾️	python	`3.12.4`	`3.13.0`

Changes for packages of type pypi (16 changes)

	Package	Version `jkreileder/cf-ips-to-hcloud-fw:1`	Version `quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-548`
♾️	anyio	`4.4.0`	`4.6.2.post1`
♾️	certifi	`2024.7.4`	`2024.8.30`
♾️	cf-ips-to-hcloud-fw	`1.0.12`	`1.0.13.dev0`
♾️	charset-normalizer	`3.3.2`	`3.4.0`
♾️	cloudflare	`3.0.1`	`3.1.0`
♾️	hcloud	`2.0.1`	`2.3.0`
♾️	httpcore	`1.0.5`	`1.0.6`
♾️	httpx	`0.27.0`	`0.27.2`
♾️	idna	`3.7`	`3.10`
♾️	pip	`24.0`	`24.2`
♾️	pydantic	`2.8.2`	`2.9.2`
♾️	pydantic-core	`2.20.1`	`2.23.4`
♾️	pyyaml	`6.0.1`	`6.0.2`
➖	setuptools	`70.3.0`
♾️	urllib3	`2.2.2`	`2.2.3`
➖	wheel	`0.43.0`

dependabot bot requested a review from jkreileder as a code owner October 17, 2024 02:32

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 17, 2024

jkreileder approved these changes Oct 17, 2024

View reviewed changes

jkreileder enabled auto-merge (squash) October 17, 2024 07:32

Merge branch 'main' into dependabot/github_actions/sigstore/cosign-in…

0b2c1cf

…staller-3.7.0

jkreileder merged commit 16e7824 into main Oct 17, 2024
56 checks passed

jkreileder deleted the dependabot/github_actions/sigstore/cosign-installer-3.7.0 branch October 17, 2024 07:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 #548

Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 #548

dependabot bot commented on behalf of github Oct 17, 2024 •

edited

Loading

codecov bot commented Oct 17, 2024 •

edited

Loading

github-actions bot commented Oct 17, 2024

github-actions bot commented Oct 17, 2024

github-actions bot commented Oct 17, 2024

github-actions bot commented Oct 17, 2024

Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 #548

Bump sigstore/cosign-installer from 3.6.0 to 3.7.0 #548

Conversation

dependabot bot commented on behalf of github Oct 17, 2024 • edited Loading

v3.7.0

What's Changed

codecov bot commented Oct 17, 2024 • edited Loading

Codecov Report

github-actions bot commented Oct 17, 2024

Test Results

github-actions bot commented Oct 17, 2024

🔍 Vulnerabilities of jkreileder/cf-ips-to-hcloud-fw:pr-548

github-actions bot commented Oct 17, 2024

Recommended fixes for image jkreileder/cf-ips-to-hcloud-fw:pr-548

Refresh base image

Change base image

github-actions bot commented Oct 17, 2024

Overview

dependabot bot commented on behalf of github Oct 17, 2024 •

edited

Loading

codecov bot commented Oct 17, 2024 •

edited

Loading

🔍 Vulnerabilities of `jkreileder/cf-ips-to-hcloud-fw:pr-548`

Recommended fixes for image `jkreileder/cf-ips-to-hcloud-fw:pr-548`