Skip to content

build(aqua-proj): 🌊 minor aqua#91

Merged
renovate[bot] merged 2 commits intomainfrom
renovate/aqua
Jan 16, 2025
Merged

build(aqua-proj): 🌊 minor aqua#91
renovate[bot] merged 2 commits intomainfrom
renovate/aqua

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jan 16, 2025

This PR contains the following updates:

Package Type Update Change OpenSSF
anchore/syft minor v1.12.2 -> v1.18.1 OpenSSF Scorecard
aquaproj/aqua minor v2.30.0 -> v2.42.2 OpenSSF Scorecard
aquaproj/aqua-installer action minor v3.0.1 -> v3.1.0 OpenSSF Scorecard
aquaproj/aqua-registry minor v4.205.0 -> v4.296.0 OpenSSF Scorecard
cli/cli minor v2.53.0 -> v2.65.0 OpenSSF Scorecard
direnv/direnv minor v2.34.0 -> v2.35.0 OpenSSF Scorecard
golang/go minor 1.22.5 -> 1.23.5 OpenSSF Scorecard
golangci/golangci-lint minor v1.59.1 -> v1.63.4 OpenSSF Scorecard
goreleaser/goreleaser minor v2.1.0 -> v2.5.1 OpenSSF Scorecard
mikefarah/yq minor v4.44.3 -> v4.45.1 OpenSSF Scorecard
miniscruff/changie minor v1.19.1 -> v1.21.0 OpenSSF Scorecard
mvdan/gofumpt minor v0.6.0 -> v0.7.0 OpenSSF Scorecard

Release Notes

anchore/syft (anchore/syft)

v1.18.1

Compare Source

Bug Fixes
Additional Changes

(Full Changelog)

v1.18.0

Compare Source

Added Features
Bug Fixes

(Full Changelog)

v1.17.0

Compare Source

Added Features
Bug Fixes
Additional Changes

(Full Changelog)

v1.16.0

Compare Source

Added Features
Bug Fixes

(Full Changelog)

v1.15.0

Compare Source

Added Features

(Full Changelog)

v1.14.2

Compare Source

Bug Fixes
Additional Changes

(Full Changelog)

v1.14.1

Compare Source

Bug Fixes

(Full Changelog)

v1.14.0

Compare Source

Added Features
Bug Fixes
Additional Changes

(Full Changelog)

v1.13.0

Compare Source

Added Features
Bug Fixes

(Full Changelog)

aquaproj/aqua (aquaproj/aqua)

v2.42.2

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.42.1...v2.42.2

🐛 Bug Fixes

#​3436 Fix a bug that aqua update command fails if version_expr or go_version_file is used

As of this release, aqua update command ignores packages with version_expr or go_version_file.

v2.42.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.42.0...v2.42.1

🐞 Bug Fixes

#​3433 Create symlinks if unarchived files are symlinks

This fixes a bug of aqua v2.42.0. #​3432

v2.42.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.41.0...v2.42.0

[!CAUTION]
This version has a known buhttps://github.com/aquaproj/aqua/issues/3432/3432
This bug was fixed at v2.42.1. https://github.com/aquaproj/aqua/releases/tag/v2.42.1

Features

#​3422 Support 7 zip

Others

#​3422 Replace mholt/archiver/v3 with mholt/archives

mholt/archiver/v3 was deprecated and it's encourage to migrate to mholt/archives.

v2.41.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.40.0...v2.41.0

Features

#​3407 Support cargo install's --locked option

https://aquaproj.github.io/docs/reference/registry-config/cargo-package

e.g. registry.yaml:

            type: cargo
            crate: rhit
            cargo:
              locked: true
      --locked               Assert that `Cargo.lock` will remain unchanged

#​3399 update: Support filtering updated packages using package tags

https://aquaproj.github.io/docs/guides/package-tag

e.g.

aqua up -t bootstrap # Update only packages with a tag `bootstrap`
aqua up --exclude-tags bootstrap # Exclude packages with a tag `bootstrap`

v2.40.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.39.1...v2.40.0

Features

#​3363 Support getting package versions from external files

This release enables you to get package versions from external files.
This feature is useful when:

  • Migrate any tool to aqua gradually
  • Support aqua and other tools

This release adds some fields to aqua.yaml's packages.

  • version_expr: An expr expression to read external files
  • version_expr_prefix: A prefix of version

e.g.

packages:
- name: hashicorp/terraform
  version_expr: |
    "v" + readFile('.terraform-version')
  version_expr: |
    readJSON('version.json').version
  version_expr_prefix: cli-
  version_expr: |
    readYAML('version.yaml').version

version_expr is evaluated using expr.
The following custom functions are available.

  • readFile("file path"): reads a file and returns a file content
  • readJSON("file path"): read and unmarshal a JSON file and returns an object
  • readYAML("file path"): read and unmarshal a YAML file and returns an object
⚠️ Constraint of version_expr

Allowing to read external files is potentially risky in terms of security.
Malicious users can try to read secret files and expose secrets via log using version_expr.
To prevent such a threat, we restrict the evaluation result of version_expr.
It must match with the regular expression ^v?\d+\.\d+(\.\d+)*[.-]?((alpha|beta|dev|rc)[.-]?)?\d*.

v2.39.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.39.0...v2.39.1

Fixes

#​3365 cargo: Normalize the install path of cargo packages

Others

#​3361 Refactor reading config

v2.39.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.38.4...v2.39.0

Features

#​3354 policy: add a code comment for YAML Language Servers to a generated file aqua-policy.yaml

### yaml-language-server: $schema=https://raw.githubusercontent.com/aquaproj/aqua/main/json-schema/policy.json

#​3352 init: Add a code comment for YAML Language Servers to a generated file aqua.yaml

### yaml-language-server: $schema=https://raw.githubusercontent.com/aquaproj/aqua/main/json-schema/aqua-yaml.json

These code comments are useful when you edit files with editors such as VSCode.

image image

v2.38.4

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.38.3...v2.38.4

Bug Fixes

#​3337 generate-registry: Fix a bug that unused replacements are added

v2.38.3

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.38.2...v2.38.3

Bug Fixes

#​3325 #​3333 Fix a bug that aqua g -i removes comments from packages

v2.38.2

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.38.1...v2.38.2

🐛 Bug Fixes

#​3307 generate-registry: Fix a bug that description isn't formatted

v2.38.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.38.0...v2.38.1

Fixes

#​3297 completion: Improve the completion settings suggested in aqua completion --help @​akinomyoga

v2.38.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.37.2...v2.38.0

Features

#​3269 Get available versions from Go Module Proxy

https://aquaproj.github.io/docs/reference/registry-config/go-version-path

This release adds the new field go_version_path to registries.

e.g.

packages:
  - name: _go/sigsum.org/sigsum-go#cmd/sigsum-key
    type: go_install
    path: sigsum.org/sigsum-go/cmd/sigsum-key
    go_version_path: sigsum.org/sigsum-go

If this field is set, aqua g and aqua up commands gets available versions from Go Module Proxy.

v2.37.2

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.37.1...v2.37.2

Fixes

#​3233 which, exec: Search configuration files even if AQUA_CONFIG is set

v2.37.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.37.0...v2.37.1

Bug Fixes

#​3226 #​584 Fix a bug that newlines in aqua.yaml are removed when updating aqua.yaml by aqua g -i and aqua up

This issue came from the bug of goccy/go-yaml. https://github.com/goccy/go-yaml/issues/285
The issue was solved at goccy/go-yaml 1.13.3.
So we updated goccy/go-yaml to 1.13.3 and solve the issue.

v2.37.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.36.2...v2.37.0

Features

#​3224 Allow to set command aliases in aqua.yaml

You can now define command aliases in aqua.yaml.
This is useful to use multiple versions of the same package.

e.g.

registries:
- type: standard
  ref: v4.246.0 # renovate: depName=aquaproj/aqua-registry
packages:
- name: hashicorp/terraform@v1.9.8
- name: hashicorp/terraform
  version: v0.13.7
  command_aliases:
    - command: terraform
      alias: terraform-013

##### no_link: true

Then you can run terraform (v1.9.8) and terraform-013 (v0.13.7).

$ terraform version
Terraform v1.9.8
on darwin_arm64

$ terraform-013 version
Terraform v0.13.7

Your version of Terraform is out of date! The latest version
is 1.9.8. You can update by downloading from https://www.terraform.io/downloads.html

You can skip creating symbolic links for aliases by no_link: true

  command_aliases:
    - command: terraform
      alias: terraform-013
      no_link: true

You can still run aliases via aqua exec.

aqua exec -- terraform-013 version

v2.36.2

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.36.1...v2.36.2

Bug Fixes

#​3193 #​3194 Fix a bug that vars are not replaced in files[].src

v2.36.1

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.36.0...v2.36.1

Fixes

#​3146 generate-registry: Remove rosetta2 and windows_arm_emulation if {{.Arch}} isn't included in asset

Dependency updates

#​3148 Update aqua-proxy to 1.2.8
#​3149 Update Go to 1.23.2

v2.36.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.35.0...v2.36.0

Features

#​3130 #​3134 support changing $0 by symlink

Some tools change their behavior by $0.

For example, granted changes the behavior based on args[0].

https://github.com/common-fate/granted/blob/e8de3ec7d62d543062d8be802b27abb3d8fac429/cmd/granted/main.go#L37-L44

	// Use a single binary to keep keychain ACLs simple, swapping behavior via argv[0]
	var app *cli.App
	switch filepath.Base(os.Args[0]) {
	case "assumego", "assumego.exe", "dassumego", "dassumego.exe":
		app = assume.GetCliApp()
	default:
		app = granted.GetCliApp()
	}

This release supports changing $0 by symlink.

        files:
          - name: granted
          - name: assumego
            src: granted
            link: assumego # link is the relative path from src to the symlink
Bug Fixes

#​3136 #​3137 remove: Handle panic error when package is not found @​Shion1305
#​3138 remove: Ignore not found commands

v2.35.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.34.0...v2.35.0

Features

#​3119 #​3131 Verify packages' GitHub Artifact Attestations

When aqua installs packages, it verifies their GitHub Artifact Attestations if they are provided and registries have settings for GitHub Artifact Attestations.

#​3117 Create GitHub Artifact Attestations of aqua

We start providing aqua's GitHub Artifact Attestations!

https://github.com/aquaproj/aqua/attestations

If you download aqua from GitHub Releases, you can verify GitHub Artifact Attestations using GitHub CLI.

https://aquaproj.github.io/docs/install#verify-downloaded-binaries-from-github-releases

Reference:

Fixes

#​3129 Redirect stdout of some commands to stderr

aqua executes some os commands to install packages.

  • go install
  • go build
  • cargo
  • cosign
  • slsa-verifier
  • minisign
  • gh attestation verify

aqua should redirect the stdout of these commands to stderr.

v2.34.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.33.0...v2.34.0

Features

#​3103 Enabling you to verify checksum files using Minisign

You can now verify checksum files using Minisign.

e.g.

        checksum:
          type: github_release
          asset: sha256.txt
          algorithm: sha256
          minisign:
            type: github_release
            asset: sha256.txt.minisig
            public_key: RWQ/i9xseZwBVE7pEniCNjlNOeeyp4BQgdZDLQcAohxEAH5Uj5DEKjv6

v2.33.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.32.0...v2.33.0

Features

#​3101 Enable you to remove go_install and http packages

You can now uninstall go_install and http packages!
Furthermore, the uninstall can now handles version_overrides properly.

v2.32.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.31.0...v2.32.0

Features

#​3075 #​3094 Support removing links from the bin directory

By default, aqua remove command removes only packages from the pkgs directory and doesn't remove links from the bin directory.
This release has added the command line option -mode to the remove command.
The value of -mode is a string containing characters l and p.
The order of the characters doesn't matter.

aqua rm -m l cli/cli # Remove only links
aqua rm -m pl cli/cli # Remove links and packages

You can also configure the mode by the environment variable AQUA_REMOVE_MODE, so you can change the default behaviour of aqua remove command by setting AQUA_REMOVE_MODE in your shell setting such as .bashrc.

export AQUA_REMOVE_MODE=pl

v2.31.0

Compare Source

Pull Requests | Issues | aquaproj/aqua@v2.30.0...v2.31.0

Overview
Featuers

#​2978 #​2994 Support verifying packages with minisign
#​3052 Support passing variables

Fixes

#​3012 Fix typo temporal. Replace them with temporary
#​3017 #​3024 Stop using replace directive

Others

Update Go 1.22.5 to 1.22.6

Feature - Support verifying packages with minisign

#​2978 #​2994

Support verifying packages with minisign.

Why is the feature needed?

To install some packages securely.
For example, zig is signed by minisign.

Example Code

This feature is similar to Cosign and slsa-verifier.

https://aquaproj.github.io/docs/reference/registry-config/cosign/

This feature depends on minisign.
So aqua should install minisign transparently same as Cosign and slsa-verifier.

registry.yaml

minisign:
  enabled: true
  public_key: "RWSGOq2NVecA2UPNdBUZykf1CCb147pkmdtYxgb3Ti+JO/wCYvhbAb/U"

##### public_key_url: https://example/signature.pub
Feature - Support passing variables

#​3052

Add the optional field vars in aqua.yaml and Registry.

vars in Registry

e.g.

packages:
  - type: github_release
    repo_owner: indygreg
    repo_name: python-build-standalone
    asset: cpython-{{.Vars.python_version}}+{{.Version}}-{{.Arch}}-{{.OS}}-install_only.{{.Format}} # .Vars.python_version
    vars:
      - name: python_version
        required: true

##### ...

vars is a list of variables.
Fields of a variable

  • name: string (Required): A variable name
  • required: boolean (Optional): If true, the variable is required. To use the package, users need to set the variable in aqua.yaml
  • default: any (Optional): The default value of the variable

Variables are passed to template strings as .Vars.<template name>.

e.g.

asset: cpython-{{.Vars.python_version}}+{{.Version}}-{{.Arch}}-{{.OS}}-install_only.{{.Format}}
vars in aqua.yaml

e.g.

packages:
  - name: indygreg/python-build-standalone@20240726
    vars:
      python_version: 3.11.9

vars is a map of variables.
The key is a variable name and the value is a variable value.

aquaproj/aqua-installer (aquaproj/aqua-installer)

v3.1.0

Compare Source

SHA256 checksum

62fecc49c98bdec0bba1ff1e5c2719f116e235769e0998090a7397473ef631e9  aqua-installer

Features

#​709 action: Add an input skip_install_aqua

If this true and aqua is already installed, installing aqua is skipped.
This input is useful when you want to ensure aqua is installed.

Fixes

#​708 action: stop adding bat to $PATH on Windows

v3.0.2

Compare Source

SHA256 checksum
62fecc49c98bdec0bba1ff1e5c2719f116e235769e0998090a7397473ef631e9  aqua-installer
Bug Fixes

#​703 Fix the feature of the input enable_aqua_install.

  1. Update $PATH even if enable_aqua_install is false
  2. Stop running aqua i if enable_aqua_install isn't true
Others

#​704 Update the bootstrap aqua version to v2.37.2
#​666 refactor: Use $GITHUB_ACTION_PATH

We ever stopped using ${{ github.action_path }} and copied aqua-installer in action.yaml due to the bug of GitHub Actions. https://github.com/aquaproj/aqua-installer/pull/463
But we noticed that $GITHUB_ACTION_PATH worked well in containers as well, so we use it instead of coping aqua-installer in action.yaml.

aquaproj/aqua-registry (aquaproj/aqua-registry)

v4.296.0

Compare Source

Issues | Pull Requests | aquaproj/aqua-registry@v4.295.1...v4.296.0

🎉 New Packages

#​30887 justjanne/powerline-go: Beautiful and useful low-latency prompt for your shell, written in go @​scop
#​30904 suzuki-shunsuke/deny-self-approve: CLI to deny self-approved GitHub Pull Requests

Fixes

#​30814 ycd/dstp: Re-scaffold

v4.295.1

Compare Source

Issues | Pull Requests | aquaproj/aqua-registry@v4.295.0...v4.295.1

Fixes

#​30794 sharkdp/bat: Re-scaffold sharkdp/bat @​yudai-nkt
#​30801 sharkdp/bat: Drop the support of old versions using cargo

v4.295.0

Compare Source

Issues | Pull Requests | aquaproj/aqua-registry@v4.294.1...v4.295.0

🎉 New Packages

#​30715 kcl-lang/cli - The KCL Command Line Interface (CLI) @​SanderKnape
#​30712 kcl-lang/kcl - KCL Programming Language (CNCF Sandbox Project). https://kcl-lang.io @​SanderKnape

Fixes

#​30791 imsnif/bandwhich: Re-scaffold to support linux/arm64

v4.294.1

Compare Source

Issues | Pull Requests | aquaproj/aqua-registry@v4.294.0...v4.294.1

Fixes

#​30789 bridgecrewio/checkov: Re-scafold the setting
#​30786 magodo/pipeform: Change the package type to github_release
#​30781 gradle/gradle-distributions: Support milestone versions @​risu729

v4.294.0

Compare Source

Issues | Pull Requests | aquaproj/aqua-registry@v4.293.0...v4.294.0

🎉 New Packages

#​30603 apache/spark: Apache Spark - A unified analytics engine for large-scale data processing
#​30736 magodo/pipeform: Terraform runtime TUI

[!WARNING]
pipeform has some requirements:
https://github.com/magodo/pipeform/blob/91dbcabf38da01e1b59856e00cfa6068200c7237/README.md?plain=1#L48

Note that the clipboard functionality is only enabled when the tool is built properly (CGO might be required) on a supported platform. Details.

  • macOS: require Cgo, no dependency
  • Linux: require X11 dev package. For instance, install libx11-dev or xorg-dev or libX11-devel to access X window system.
  • Windows: no Cgo, no dependency
Fixes

#​30735 editorconfig-checker/editorconfig-checker: Re-scaffold the setting
#​30751 typst/typst: Re-scaffold the setting. Support linux/arm64

v4.293.0

Compare Source

Issues | Pull Requests | aquaproj/aqua-registry@v4.292.0...v4.293.0

🎉 New Packages

#​30662 pinterest/ktlint: An anti-bikeshedding Kotlin linter with built-in formatter @​itochan

Fixes

#​30690 sharkdp/fd: Re-scaffold
#​30627 ariga/atlas: Drop the support of old versions

https://github.com/ariga/atlas/issues/3296#issuecomment-2574924728

Old Versions of Atlas
As part of our Supported Version Policy mentioned above, binaries for versions that were published more than 6 months ago will be removed from the CDN and Docker Hub.

v4.292.0

Compare Source

Issues | Pull Requests | aquaproj/aqua-registry@v4.291.0...v4.292.0

🎉 New Packages

#​30540 PowerShell/PowerShell: PowerShell for every system

Fixes

#​30586 Dreamacro/clash: Remove the package

GitHub Repository isn't found

v4.291.0

Compare Source

Issues | Pull Requests | aquaproj/aqua-registry@v4.290.0...v4.291.0

🎉 New Packages

#​30569 jorgerojas26/lazysql: A cross-platform TUI database management tool written in Go @​wancup

v4.290.0

Compare Source

Issues | Pull Requests | aquaproj/aqua-registry@v4.289.0...v4.290.0

🎉 New Packages

#​30556 Automattic/harper/harper-cli: The Grammar Checker for Developers

Fixes

#​30535 koalaman/shellcheck: Re-scaffold the setting @​yudai-nkt

v4.289.0

Compare Source

Issues | Pull Requests | aquaproj/aqua-registry@v4.288.0...v4.289.0

🎉 New Packages

#​30518 dskkato/rjo: A small utility to create JSON objects, written in Rust @​jihchi

v4.288.0

Compare Source

Issues | Pull Requests | aquaproj/aqua-registry@v4.287.0...v4.288.0

🎉 New Packages

#​30465 fujiwara/apprun-cli: apprun-cli is a command line interface for AppRun β Sakura Cloud @​ponkio-o
#​30464 samwho/spacer - CLI tool to insert spacers when command output stops @​ryoppippi

Fixes

#​30442 Canop/rhit: Support windows and darwin by cargo

aqua >= v2.41.0 is required

v4.287.0

Compare Source

Issues | Pull Requests | aquaproj/aqua-registry@v4.286.0...v4.287.0

🎉 New Packages

#​30439 Canop/rhit: A nginx log explorer @​tmeijn
#​30441 Lifailon/lazyjournal: TUI for journalctl, file system logs, as well Docker and Podman containers for quick viewing and filtering with fuzzy find, regex support (like fzf and grep) and coloring the output, written in Go with the gocui library @​tmeijn
#​30440 robinovitch61/kl: An interactive Kubernetes log viewer for your terminal @​tmeijn

[v4.286.0](https://redirect.

Configuration

📅 Schedule: Branch creation - "after 10pm on monday,before 3am on monday" in timezone America/Chicago, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner January 16, 2025 21:53
@renovate renovate bot enabled auto-merge (squash) January 16, 2025 21:53
renovate-approve[bot]
renovate-approve bot previously approved these changes Jan 16, 2025
View reviewed changes
sheldonhull
sheldonhull previously approved these changes Jan 16, 2025
View reviewed changes
@sheldonhull sheldonhull dismissed stale reviews from renovate-approve[bot] and themself via 5f49c26 January 16, 2025 22:13
@renovate renovate bot merged commit 02386be into main Jan 16, 2025
8 checks passed
@renovate renovate bot deleted the renovate/aqua branch January 16, 2025 22:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sheldonhull sheldonhull sheldonhull approved these changes

@renovate-approve renovate-approve[bot] renovate-approve[bot] left review comments

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sheldonhull