build(deps): bump github.com/buildpacks/lifecycle from 0.14.2 to 0.15.0

[dependabot]

Bumps github.com/buildpacks/lifecycle from 0.14.2 to 0.15.0.

Release notes

Sourced from github.com/buildpacks/lifecycle's releases.

lifecycle v0.15.0

Welcome to v0.15.0, a beta release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.15.0.

Features

• When using platform API 0.10 or greater, the lifecycle provides experimental support for image extensions: experimental components that generate Dockerfiles that can be used to define build and runtime base images (buildpacks/lifecycle#860 and buildpacks/lifecycle#869 by @​natalieparellano and buildpacks/lifecycle#896 by @​BarDweller, @​jromero, and @​natalieparellano)
• When using buildpack API 0.9 or greater, buildpacks should write command as a list of strings in launch.toml, instead of a single string; entries in command are arguments that are always provided to the process, whereas entries in args are default arguments that can be overridden by the end user if supported by the platform (buildpacks/lifecycle#889 by @​jabrown85)
• When using platform API 0.10 or greater, user-provided arguments override buildpack-provided default arguments, instead of being appended (buildpacks/lifecycle#920 by @​jabrown85 and buildpacks/lifecycle#921 by @​natalieparellano)

Bug Fixes

• When using platform API 0.10 or greater, the creator when passed -skip-restore will still restore store.toml (buildpacks/lifecycle#929 by @​natalieparellano)
• When using platform API 0.7 or greater, the creator logs the expected phase header for the analyze phase (buildpacks/lifecycle#878 by @​jromero)

Known Issues

• Vulnerability scanners such as grype may trigger on non-impactful CVEs:
  • GHSA-f3fp-gc8g-vw66 and GHSA-v95c-p5hm-xq8f for package github.com/opencontainers/runc: non-impactful as the lifecycle does not create containers; the lifecycle cannot update runc until github.com/GoogleContainerTools/kaniko updates to a compatible version
  • CVE-2015-5237 and CVE-2021-22570 for package google.golang.org/protobuf: false positives (see .grype.yaml in project root for further information)

Contributors

We'd like to acknowledge that this release wouldn't be as good without the help of the following amazing contributors: @​BarDweller, @​jabrown85, @​jromero, @​mboldt, @​natalieparellano

lifecycle v0.15.0-rc.2

Welcome to v0.15.0-rc.2, a beta pre-release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

... (truncated)

Commits

• 6d475da Update README to remove pre-release for 0.15.0
• 6a2b4bf ci(lint): address most staticcheck alarms (#940)
• 8dfa73f Update README with latest apis (#930)
• 8cf3678 Remove <image> as an argument to the extender (#926)
• d69768d Bump dependencies (go get -u ./...) (#938)
• ca6c1c9 build: fix coverage (#936)
• 7b5aa02 Bump imgutil and docker (#933)
• 4b33990 Fix creator restore bug (#929)
• 6643f35 Merge release/0.15.0-rc.1 into main (#924)
• 2f8a818 Dockerfiles phase 2 (#896)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dfreilich]

Merged as part of #1547