Unreleased
v4.7.4 - 2024-05-01
NOTE
The default layer download location has changed
Claircore
-
tarfs: follow hardlinks in
ReadFileThis makes `fs.ReadFile` work as expected when opening hardlinks. -
debian: update how "source" packages are handled
Previously, the Updater parsed metadata from the repository to try to record only "binary" packages. This was inaccurate and, with the new dpkg handling, now unneeded. The new approach should be more accurate. -
dpkg: improve Source handling
The dpkg handling machinery now correctly records source packages and versions. Previously, version differences between a source package and the resulting binary package(s) were incorrect if the versions were not identical. -
libindex: add
O_TMPFILEfallback logicAfter discovering that some common deployment methods are incompatible with using the `O_TMPFILE` `open(2)` flag, a fallback path has been added. The changes also move the default location of where temporary files are downloaded to, to better align with the layout recommended by systemd.Please see the documentation for specifics.
26-0.20240325212310-fedb9d327aa7#NewRemoteFetchArena
-
osv: parse database_specific severity when no CVSS severity is defined
Occasionally there are OSV advisories that don't include any severity information in the `.severity` object but they do contain a severity in the `.database_specific` object. This change attempts to parse that severity if we don't get a severity from the native `.severity` object.
Build(Deps)
- 3ebd889c: bump peter-evans/create-pull-request from 6.0.0 to 6.0.1
- b7566a0f: bump peter-evans/create-pull-request from 5.0.2 to 6.0.0
- 4db2f09b: bump actions/cache from 3 to 4
- 6cef8311: bump actions/upload-artifact from 3 to 4
- 5ed80215: bump actions/download-artifact from 3 to 4
- c9e1f56b: bump actions/setup-go from 4 to 5
- 3ab3de55: bump actions/stale from 8 to 9
- 591188f0: bump docker/setup-buildx-action from 2 to 3
- 7ef6ef6b: bump docker/login-action from 2 to 3
- 5597e7cc: bump docker/build-push-action from 4 to 5
- 14d7f2b4: bump docker/setup-qemu-action from 2 to 3
- 1204db98: bump actions/checkout from 3 to 4
Chore
- 4170798b: 4.7.4 changelog bump
- 96dc6074: Add merge step when creating release binaries
- a1c7eb7c: update go version for release
- 6eeb9393: update claircore to v1.5.27
- 809dd5ab: update go version
Cicd
- e6378d03: add container version skew check
- 2ba3ecc0: update testing workflow
- ae135c49: don't upload workspace on failure
- 7222dc88: change version specifiers to be major-version only
Clairctl
- 2a2ba37f: warn when range requests are not honored
Dockerfile
- 5547b96a: remove sh loop
Docs
- 3753415b: add mention of disk space path and usage
Httptransport
- c6df986f: GET vuln report returns 404 when indexing in-progress
Initialize
- 9828576a: use defaults for NewRemoteFetcher