From 8fc927a6a7344e5fb29f69751a64ead928eff6f4 Mon Sep 17 00:00:00 2001 From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Date: Thu, 12 Dec 2024 22:51:57 +0000 Subject: [PATCH 01/72] libreoffice-24.8/24.8.4.2 package update Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- libreoffice-24.8.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libreoffice-24.8.yaml b/libreoffice-24.8.yaml index df4583cc69e..3a3853ef225 100644 --- a/libreoffice-24.8.yaml +++ b/libreoffice-24.8.yaml @@ -1,6 +1,6 @@ package: name: libreoffice-24.8 - version: 24.8.4.1 + version: 24.8.4.2 epoch: 0 description: # https://www.libreoffice.org/about-us/licenses @@ -101,7 +101,7 @@ pipeline: with: repository: https://github.com/LibreOffice/core tag: libreoffice-${{package.version}} - expected-commit: 1be9007f5d86a3741c366527d13e2970cbeef057 + expected-commit: bb3cfa12c7b1bf994ecc5649a80400d06cd71002 # patch rather than cherry-pick. The git fetch of main takes multiple minutes. - uses: patch From 420ef6a529d53d3fb1f34941cf6da8e610b51e07 Mon Sep 17 00:00:00 2001 From: debasishbsws Date: Fri, 13 Dec 2024 15:42:04 +0000 Subject: [PATCH 02/72] Improvemet: Replace the dinamic go mod -edit command with the use of go/bump replaces The previous pipeline could result in downgrade to the upstream go version Signed-off-by: debasishbsws --- nodetaint.yaml | 29 +---------------------------- 1 file changed, 1 insertion(+), 28 deletions(-) diff --git a/nodetaint.yaml b/nodetaint.yaml index 5a6caf7d173..83c63c27ffc 100644 --- a/nodetaint.yaml +++ b/nodetaint.yaml @@ -24,36 +24,9 @@ pipeline: - uses: go/bump with: deps: k8s.io/api@v0.28.15 k8s.io/client-go@v0.28.15 google.golang.org/protobuf@v1.33.0 golang.org/x/net@v0.23.0 k8s.io/apimachinery@v0.28.15 k8s.io/kubernetes@v1.28.15 + replaces: k8s.io/api=k8s.io/api@v0.28.15 k8s.io/apiextensions-apiserver=k8s.io/apiextensions-apiserver@v0.28.15 k8s.io/apimachinery=k8s.io/apimachinery@v0.28.15 k8s.io/apiserver=k8s.io/apiserver@v0.28.15 k8s.io/cli-runtime=k8s.io/cli-runtime@v0.28.15 k8s.io/client-go=k8s.io/client-go@v0.28.15 k8s.io/cloud-provider=k8s.io/cloud-provider@v0.28.15 k8s.io/cluster-bootstrap=k8s.io/cluster-bootstrap@v0.28.15 k8s.io/code-generator=k8s.io/code-generator@v0.28.15 k8s.io/component-base=k8s.io/component-base@v0.28.15 k8s.io/cri-api=k8s.io/cri-api@v0.28.15 k8s.io/csi-translation-lib=k8s.io/csi-translation-lib@v0.28.15 k8s.io/kube-aggregator=k8s.io/kube-aggregator@v0.28.15 k8s.io/kube-controller-manager=k8s.io/kube-controller-manager@v0.28.15 k8s.io/kube-proxy=k8s.io/kube-proxy@v0.28.15 k8s.io/kube-scheduler=k8s.io/kube-scheduler@v0.28.15 k8s.io/kubectl=k8s.io/kubectl@v0.28.15 k8s.io/kubelet=k8s.io/kubelet@v0.28.15 k8s.io/legacy-cloud-providers=k8s.io/legacy-cloud-providers@v0.28.15 k8s.io/metrics=k8s.io/metrics@v0.28.15 k8s.io/sample-apiserver=k8s.io/sample-apiserver@v0.28.15 k8s.io/sample-cli-plugin=k8s.io/sample-cli-plugin@v0.28.15 k8s.io/sample-controller=k8s.io/sample-controller@v0.28.15 - runs: | - # Mitigate CVE-2023-39325, CVE-2023-3978, CVE-2023-44487, GHSA-27wf-5967-98gx - - # CVE-2021-25736, CVE-2023-3676, CVE-2023-3955, GHSA-8cfg-vx93-jvxw - go mod edit -replace=k8s.io/api=k8s.io/api@v0.28.15 - go mod edit -replace=k8s.io/apiextensions-apiserver=k8s.io/apiextensions-apiserver@v0.28.15 - go mod edit -replace=k8s.io/apimachinery=k8s.io/apimachinery@v0.28.15 - go mod edit -replace=k8s.io/apiserver=k8s.io/apiserver@v0.28.15 - go mod edit -replace=k8s.io/cli-runtime=k8s.io/cli-runtime@v0.28.15 - go mod edit -replace=k8s.io/client-go=k8s.io/client-go@v0.28.15 - go mod edit -replace=k8s.io/cloud-provider=k8s.io/cloud-provider@v0.28.15 - go mod edit -replace=k8s.io/cluster-bootstrap=k8s.io/cluster-bootstrap@v0.28.15 - go mod edit -replace=k8s.io/code-generator=k8s.io/code-generator@v0.28.15 - go mod edit -replace=k8s.io/component-base=k8s.io/component-base@v0.28.15 - go mod edit -replace=k8s.io/cri-api=k8s.io/cri-api@v0.28.15 - go mod edit -replace=k8s.io/csi-translation-lib=k8s.io/csi-translation-lib@v0.28.15 - go mod edit -replace=k8s.io/kube-aggregator=k8s.io/kube-aggregator@v0.28.15 - go mod edit -replace=k8s.io/kube-controller-manager=k8s.io/kube-controller-manager@v0.28.15 - go mod edit -replace=k8s.io/kube-proxy=k8s.io/kube-proxy@v0.28.15 - go mod edit -replace=k8s.io/kube-scheduler=k8s.io/kube-scheduler@v0.28.15 - go mod edit -replace=k8s.io/kubectl=k8s.io/kubectl@v0.28.15 - go mod edit -replace=k8s.io/kubelet=k8s.io/kubelet@v0.28.15 - go mod edit -replace=k8s.io/legacy-cloud-providers=k8s.io/legacy-cloud-providers@v0.28.15 - go mod edit -replace=k8s.io/metrics=k8s.io/metrics@v0.28.15 - go mod edit -replace=k8s.io/sample-apiserver=k8s.io/sample-apiserver@v0.28.15 - go mod edit -replace=k8s.io/sample-cli-plugin=k8s.io/sample-cli-plugin@v0.28.15 - go mod edit -replace=k8s.io/sample-controller=k8s.io/sample-controller@v0.28.15 - go mod tidy -compat=1.17 - CGO_ENABLED=0 GOARCH=$(go env GOARCH) GOOS=$(go env GOOS) go build -o . -a -installsuffix cgo . mkdir -p ${{targets.destdir}}/usr/bin install -Dm755 nodetaint ${{targets.destdir}}/usr/bin/nodetaint From b931765b4f7e083c9749233339cfa5d3e330228b Mon Sep 17 00:00:00 2001 From: debasishbsws Date: Fri, 13 Dec 2024 15:56:46 +0000 Subject: [PATCH 03/72] add basic melange test Signed-off-by: debasishbsws --- nodetaint.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nodetaint.yaml b/nodetaint.yaml index 83c63c27ffc..f674b3c8530 100644 --- a/nodetaint.yaml +++ b/nodetaint.yaml @@ -33,6 +33,12 @@ pipeline: - uses: strip +test: + pipeline: + - name: Verify nodetaint binary + runs: | + nodetaint --help + update: enabled: true github: From d10bf445554727985aec86fbf988c5b260b7f12f Mon Sep 17 00:00:00 2001 From: debasishbsws Date: Fri, 13 Dec 2024 15:57:30 +0000 Subject: [PATCH 04/72] Bump epoch Signed-off-by: debasishbsws --- nodetaint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nodetaint.yaml b/nodetaint.yaml index f674b3c8530..ccdff18a5e8 100644 --- a/nodetaint.yaml +++ b/nodetaint.yaml @@ -1,7 +1,7 @@ package: name: nodetaint version: 0.0.4 - epoch: 23 + epoch: 24 description: Controller to manage taints for nodes in a k8s cluster. copyright: - license: Apache-2.0 From dd907d48db9f6af4f4370e456cf58db52aca44e5 Mon Sep 17 00:00:00 2001 From: debasishbsws Date: Fri, 13 Dec 2024 16:17:10 +0000 Subject: [PATCH 05/72] Fix test, greping it as it results in a non zero exit code Signed-off-by: debasishbsws --- nodetaint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nodetaint.yaml b/nodetaint.yaml index ccdff18a5e8..d8e2aa4e67c 100644 --- a/nodetaint.yaml +++ b/nodetaint.yaml @@ -37,7 +37,7 @@ test: pipeline: - name: Verify nodetaint binary runs: | - nodetaint --help + nodetaint --help | grep -q "Usage:" update: enabled: true From c0d9f1672530d8720b341f0dc582ea52263654b7 Mon Sep 17 00:00:00 2001 From: Luca Di Maio Date: Fri, 13 Dec 2024 17:49:42 +0100 Subject: [PATCH 06/72] fix(microvm-init): fix modprobe when missing modalias Signed-off-by: Luca Di Maio --- melange.yaml | 2 +- melange/init | 22 ++++++++++++++++++---- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/melange.yaml b/melange.yaml index d2722876d6b..bb940bb6ffd 100644 --- a/melange.yaml +++ b/melange.yaml @@ -1,7 +1,7 @@ package: name: melange version: 0.17.7 - epoch: 0 + epoch: 1 description: build APKs from source code copyright: - license: Apache-2.0 diff --git a/melange/init b/melange/init index 19e2b44f756..352c9f281ac 100755 --- a/melange/init +++ b/melange/init @@ -34,11 +34,25 @@ fi # If this fails and we won't have network, the ifconfig command will fail anyway. # Also we load cpu accelleration drivers in case those are needed. depmod -a || : -sort -u \ - /sys/devices/system/cpu/modalias \ - /sys/devices/pci*/*/virtio*/modalias | xargs -n1 modprobe 2>/dev/null || : +sort -u /sys/devices/system/cpu/modalias | xargs -n1 modprobe 2>/dev/null || : +sort -u /sys/devices/pci*/*/virtio*/modalias | xargs -n1 modprobe 2>/dev/null || : # modprobe 9p if absent -grep -q 9p /proc/filesystems || modprobe 9p +if ! grep -q 9p /proc/filesystems; then + modprobe virtio + modprobe virtio_blk + modprobe virtio_gpu + modprobe virtio_net + modprobe virtio_pci + modprobe virtio_pci_legacy_dev + modprobe virtio_pci_modern_dev + modprobe virtio_pmem + modprobe virtio_ring + modprobe virtio_rng + modprobe virtio_scsi + modprobe 9pnet_virtio + modprobe 9pnet + modprobe 9p +fi # Setup default mountpoint for 9p shared dir mount -t 9p -otrans=virtio -oversion=9p2000.L defaultshare /mnt/ From 520a1f913e0716b21b622abc9b51de5461d39529 Mon Sep 17 00:00:00 2001 From: Justin Vreeland Date: Fri, 1 Nov 2024 09:25:24 -0700 Subject: [PATCH 07/72] py3-ml-metadata.yaml: Add openssf-options --- py3-ml-metadata.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py3-ml-metadata.yaml b/py3-ml-metadata.yaml index 2a837196502..17f465a5e62 100644 --- a/py3-ml-metadata.yaml +++ b/py3-ml-metadata.yaml @@ -1,7 +1,7 @@ package: name: py3-ml-metadata version: 1.16.0 - epoch: 3 + epoch: 4 description: For recording and retrieving metadata associated with ML developer and data scientist workflows. copyright: - license: MIT From 68e7f5168aa7e6e9e813540b00f2bd834978cf5b Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 17:03:21 +0000 Subject: [PATCH 08/72] terragrunt/0.69.13 package update (#36922)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- terragrunt.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terragrunt.yaml b/terragrunt.yaml index f8520e35108..c746bd65ffe 100644 --- a/terragrunt.yaml +++ b/terragrunt.yaml @@ -1,6 +1,6 @@ package: name: terragrunt - version: 0.69.12 + version: 0.69.13 epoch: 0 description: Thin wrapper for Terraform providing extra tools copyright: @@ -21,7 +21,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: 521d95fbc561d35ed0d847e56d16f1021128f005 + expected-commit: 38ceae28c17dd78e83181a6e3655032744730c56 repository: https://github.com/gruntwork-io/terragrunt tag: v${{package.version}} From ca97c9b85adaa1be8911700a5924f2c499f8779a Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 17:03:34 +0000 Subject: [PATCH 09/72] spqr/2.1.0-r0: cve remediation (#36919) spqr/2.1.0-r0: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/spqr.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- spqr.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/spqr.yaml b/spqr.yaml index 682f540a186..734fbc8c638 100644 --- a/spqr.yaml +++ b/spqr.yaml @@ -1,7 +1,7 @@ package: name: spqr version: 2.1.0 - epoch: 0 + epoch: 1 description: Stateless Postgres Query Router copyright: - license: BSD-2-Clause @@ -25,6 +25,10 @@ pipeline: expected-commit: 51c4c60a701ed9e42fd0570d22a5176fef8f8a5d tag: ${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make build mkdir -p ${{targets.destdir}}/usr/bin From f7b0763841840416de3de3a1291c9dbb3c109866 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 17:03:51 +0000 Subject: [PATCH 10/72] spiffe-helper/0.9.0-r0: cve remediation (#36918) spiffe-helper/0.9.0-r0: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/spiffe-helper.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- spiffe-helper.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/spiffe-helper.yaml b/spiffe-helper.yaml index d60550e443a..49d4f157739 100644 --- a/spiffe-helper.yaml +++ b/spiffe-helper.yaml @@ -1,7 +1,7 @@ package: name: spiffe-helper version: 0.9.0 - epoch: 0 + epoch: 1 description: A helper utility for SPIFFE (Secure Production Identity Framework For Everyone) operations. copyright: - license: Apache-2.0 @@ -13,6 +13,10 @@ pipeline: expected-commit: 71c089743733add8c6d36a3a15c12f1b16b9b21a tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: "./cmd/spiffe-helper" From dd30eadb7cd82b88ad5fa87ef8d1848d14c50197 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 17:04:15 +0000 Subject: [PATCH 11/72] py3-openai/1.57.4 package update (#36921)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-openai.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/py3-openai.yaml b/py3-openai.yaml index 0dd7a046452..1be25569b26 100644 --- a/py3-openai.yaml +++ b/py3-openai.yaml @@ -1,8 +1,8 @@ # Generated from https://pypi.org/project/openai/ package: name: py3-openai - version: 1.57.3 - epoch: 1 + version: 1.57.4 + epoch: 0 description: Python client library for the OpenAI API copyright: - license: MIT @@ -39,7 +39,7 @@ pipeline: with: repository: https://github.com/openai/openai-python.git tag: v${{package.version}} - expected-commit: 0ae6f6b0ce55b6a9dd7e5caa684dfae2780c0088 + expected-commit: e94d98e9bf97a5d2d02d79d58f2abdbab26ff2bd subpackages: - range: py-versions From 380d61030b087621f582d55f373cbaa9c890960d Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 17:04:27 +0000 Subject: [PATCH 12/72] oauth2-proxy/7.7.1-r0: cve remediation (#36913) oauth2-proxy/7.7.1-r0: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/oauth2-proxy.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- oauth2-proxy.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/oauth2-proxy.yaml b/oauth2-proxy.yaml index ae3d42dea19..61838b5631a 100644 --- a/oauth2-proxy.yaml +++ b/oauth2-proxy.yaml @@ -1,7 +1,7 @@ package: name: oauth2-proxy version: 7.7.1 - epoch: 0 + epoch: 1 description: Reverse proxy and static file server that provides authentication using various providers to validate accounts by email, domain or group. copyright: - license: MIT @@ -24,7 +24,7 @@ pipeline: - uses: go/bump with: - deps: github.com/go-jose/go-jose/v3@v3.0.3 + deps: github.com/go-jose/go-jose/v3@v3.0.3 golang.org/x/crypto@v0.31.0 - uses: go/build with: From 65961c77e7632af4dfb17dceb507765e8e14a29a Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 17:04:57 +0000 Subject: [PATCH 13/72] portieris/0.13.22-r0: cve remediation (#36916) portieris/0.13.22-r0: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/portieris.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- portieris.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/portieris.yaml b/portieris.yaml index f1ca6e5c330..d12645ad60c 100644 --- a/portieris.yaml +++ b/portieris.yaml @@ -1,7 +1,7 @@ package: name: portieris version: 0.13.22 - epoch: 0 + epoch: 1 description: A Kubernetes Admission Controller for verifying image trust. copyright: - license: Apache-2.0 @@ -17,6 +17,10 @@ pipeline: tag: v${{package.version}} expected-commit: ad0725d34f9ee1aa18078ab2ba624dee26dafba9 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: "./cmd/portieris" From aa9aee9e34cdb46ea3e0f1c49da7b3f40cb5fc5a Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 22:40:27 +0530 Subject: [PATCH 14/72] gitea/1.22.6 package update (#36837)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: Debasish Biswas --- gitea.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gitea.yaml b/gitea.yaml index 35ca01242c6..056441a1964 100644 --- a/gitea.yaml +++ b/gitea.yaml @@ -1,6 +1,6 @@ package: name: gitea - version: 1.22.5 + version: 1.22.6 epoch: 0 description: self-hosted git service copyright: @@ -19,7 +19,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: c0092af2e01c15d806435b9c4916a61415483e24 + expected-commit: 8eefa1f6dedf2488db2c9e12c916e8e51f673160 repository: https://github.com/go-gitea/gitea tag: v${{package.version}} From 49cdbdd4398a667a3e14e31816d2fa34719fb382 Mon Sep 17 00:00:00 2001 From: Mark McCormick Date: Fri, 13 Dec 2024 17:14:04 +0000 Subject: [PATCH 15/72] kubernetes-latest: bump to kubernetes 1.32 (#36749) Latest Kubernetes is v1.32: - https://github.com/wolfi-dev/os/pull/36719 As per internal runbook, bumping version here to match. Example of previous upgrade: https://github.com/wolfi-dev/os/pull/26288 Signed-off-by: Mark McCormick From 6769837ff85e0a2830ee4787c4f0d922a80fb36b Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 12:19:44 -0500 Subject: [PATCH 16/72] terraform-provider-aws/5.81.0 package update (#36655) Package update. Remove patch no longer needed - dep is already at the version that was being patched ---------

--------- Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Signed-off-by: Mark McCormick Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: Mark McCormick --- terraform-provider-aws.yaml | 13 +++---------- terraform-provider-aws/GHSA-v778-237x-gjrc.patch | 13 ------------- 2 files changed, 3 insertions(+), 23 deletions(-) delete mode 100644 terraform-provider-aws/GHSA-v778-237x-gjrc.patch diff --git a/terraform-provider-aws.yaml b/terraform-provider-aws.yaml index 27f81baa0d5..26db7bdaedc 100644 --- a/terraform-provider-aws.yaml +++ b/terraform-provider-aws.yaml @@ -1,7 +1,7 @@ package: name: terraform-provider-aws - version: 5.80.0 - epoch: 1 + version: 5.81.0 + epoch: 0 description: Terraform AWS provider copyright: - license: MPL-2.0 @@ -19,14 +19,7 @@ pipeline: with: repository: https://github.com/hashicorp/terraform-provider-aws tag: v${{package.version}} - expected-commit: 9273b07bad89e6aa730482f3a8fc7840b38b9d68 - - # At the time of writing (12/24), we can't use go/bump on this project, due - # to 'godebug' directive being defined in the go.mod. We'll need updates to - # go/bump to handle this - internal DYDX ticket filed. - - uses: patch - with: - patches: GHSA-v778-237x-gjrc.patch + expected-commit: c38d7c284d0684653d53452eb1f9dd3e65b905fd - runs: go mod tidy diff --git a/terraform-provider-aws/GHSA-v778-237x-gjrc.patch b/terraform-provider-aws/GHSA-v778-237x-gjrc.patch deleted file mode 100644 index bb9fbb53384..00000000000 --- a/terraform-provider-aws/GHSA-v778-237x-gjrc.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/go.mod b/go.mod -index 31209aa041..68f75297f4 100644 ---- a/go.mod -+++ b/go.mod -@@ -299,7 +299,7 @@ require ( - github.com/mitchellh/mapstructure v1.5.0 - github.com/pquerna/otp v1.4.0 - github.com/shopspring/decimal v1.4.0 -- golang.org/x/crypto v0.29.0 -+ golang.org/x/crypto v0.31.0 - golang.org/x/mod v0.22.0 - golang.org/x/text v0.20.0 - golang.org/x/tools v0.27.0 From 12c2c3cc993b5a9c19f3b778c5a0aef15392cb1d Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 22:51:18 +0530 Subject: [PATCH 17/72] boost/1.87.0 package update (#36440) Automated package update - patches were failing to apply. These changes look to be in the latest release, so we don't need to cherry-pick them anymore. -----------

--------- Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Signed-off-by: Mark McCormick Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: Mark McCormick --- boost.yaml | 12 +- ...16b5b76e9132eba78a399af9c95ec8d23bd4.patch | 62 ------ ...e9b4a749a77c24facf2da44f01e032c40842.patch | 184 ------------------ 3 files changed, 3 insertions(+), 255 deletions(-) delete mode 100644 boost/c98516b5b76e9132eba78a399af9c95ec8d23bd4.patch delete mode 100644 boost/cd21e9b4a749a77c24facf2da44f01e032c40842.patch diff --git a/boost.yaml b/boost.yaml index 55efa9c6db3..934f2d6268e 100644 --- a/boost.yaml +++ b/boost.yaml @@ -1,7 +1,7 @@ package: name: boost - version: 1.86.0 - epoch: 2 + version: 1.87.0 + epoch: 0 description: "Free peer-reviewed portable C++ source libraries" copyright: - license: "BSL-1.0" @@ -59,13 +59,7 @@ pipeline: - uses: fetch with: uri: https://boostorg.jfrog.io/artifactory/main/release/${{package.version}}/source/boost_${{vars.mangled-package-version}}.tar.gz - expected-sha256: 2575e74ffc3ef1cd0babac2c1ee8bdb5782a0ee672b1912da40e5b4b591ca01f - - # Apply patches to fix build https://github.com/boostorg/bcp/pull/18 - - runs: | - cd ./tools/bcp - patch -p1 < ../../c98516b5b76e9132eba78a399af9c95ec8d23bd4.patch - patch -p1 < ../../cd21e9b4a749a77c24facf2da44f01e032c40842.patch + expected-sha256: f55c340aa49763b1925ccf02b2e83f35fdcf634c9d5164a2acb87540173c741d - runs: | abiflags="$(python3-config --abiflags)" diff --git a/boost/c98516b5b76e9132eba78a399af9c95ec8d23bd4.patch b/boost/c98516b5b76e9132eba78a399af9c95ec8d23bd4.patch deleted file mode 100644 index 2f0f6252ff8..00000000000 --- a/boost/c98516b5b76e9132eba78a399af9c95ec8d23bd4.patch +++ /dev/null @@ -1,62 +0,0 @@ -From c98516b5b76e9132eba78a399af9c95ec8d23bd4 Mon Sep 17 00:00:00 2001 -From: Andrey Semashev -Date: Sun, 24 Mar 2024 15:43:33 +0300 -Subject: [PATCH] Updated list of special dependencies. - ---- - add_path.cpp | 16 ++++++---------- - 1 file changed, 6 insertions(+), 10 deletions(-) - -diff --git a/add_path.cpp b/add_path.cpp -index 747bb8c..9ae43c9 100644 ---- a/add_path.cpp -+++ b/add_path.cpp -@@ -196,12 +196,6 @@ void bcp_implementation::add_file(const fs::path& p) - // - static const std::pair - specials[] = { -- std::pair("tools/build/src/kernel/modules.jam", "libs/predef/check"), -- std::pair("tools/build/src/kernel/modules.jam", "libs/predef/tools"), -- std::pair("tools/build/src/kernel/modules.jam", "tools/boost_install/boost-install.jam"), -- std::pair("tools/build/src/kernel/modules.jam", "tools/boost_install/boost-install-dirs.jam"), -- std::pair("tools/build/src/kernel/modules.jam", "tools/boost_install/Jamfile"), -- std::pair("tools/build/src/kernel/modules.jam", "libs/headers"), - std::pair("libs/test/build/Jamfile.v2", "libs/timer/src"), - std::pair("libs/test/build/Jamfile.v2", "libs/timer/build"), - std::pair("boost/atomic/capabilities.hpp", "boost/atomic/detail"), -@@ -226,14 +220,14 @@ static const std::pair - std::pair("libs/thread/build", "boost/system"), - std::pair("libs/thread/build", "boost/cerrno.hpp"), - std::pair("libs/thread/build", "boost/chrono"), -- std::pair("boost/filesystem/convenience.hpp", "boost/filesystem.hpp"), -+ std::pair("boost/filesystem/cstdio.hpp", "boost/filesystem.hpp"), -+ std::pair("boost/filesystem/directory.hpp", "boost/filesystem.hpp"), - std::pair("boost/filesystem/exception.hpp", "boost/filesystem.hpp"), - std::pair("boost/filesystem/fstream.hpp", "boost/filesystem.hpp"), - std::pair("boost/filesystem/operations.hpp", "boost/filesystem.hpp"), -+ std::pair("boost/filesystem/file_status.hpp", "boost/filesystem.hpp"), - std::pair("boost/filesystem/path.hpp", "boost/filesystem.hpp"), - std::pair("boost/filesystem.hpp", "libs/filesystem/build"), -- std::pair("boost/filesystem.hpp", "libs/filesystem/v2"), -- std::pair("boost/filesystem.hpp", "libs/filesystem/v3"), - std::pair("boost/config.hpp", "boost/config"), - std::pair("tools/build/bootstrap.sh", "libs/config/checks"), - std::pair("tools/build/bootstrap.sh", "libs/config/test"), -@@ -242,6 +236,7 @@ static const std::pair - std::pair("tools/build/bootstrap.sh", "tools/boost_install/BoostDetectToolset.cmake"), - std::pair("tools/build/bootstrap.sh", "tools/boost_install/boost-install.jam"), - std::pair("tools/build/bootstrap.sh", "tools/boost_install/boost-install-dirs.jam"), -+ std::pair("tools/build/bootstrap.sh", "tools/boost_install/Jamfile"), - std::pair("tools/build/bootstrap.sh", "boostcpp.jam"), - std::pair("tools/build/bootstrap.sh", "project-config.jam"), - std::pair("tools/build/bootstrap.sh", "bootstrap.bat"), -@@ -271,7 +266,8 @@ static const std::pair - std::pair("boost/test/detail/config.hpp", "libs/test/src"), - std::pair("boost/test/detail/config.hpp", "libs/test/build"), - std::pair("boost/test/detail/config.hpp", "libs/predef/build.jam"), -- std::pair("boost/test/detail/config.hpp", "libs/predef/check"), -+ std::pair("boost/test/detail/config.hpp", "libs/predef/tools/check"), -+ std::pair("boost/test/detail/config.hpp", "libs/predef/check"), // libs/predef/check if obsolete, but may still be used - std::pair("boost/typeof.hpp", "boost/typeof/incr_registration_group.hpp"), - std::pair("boost/function_types/detail/pp_loop.hpp", "boost/function_types/detail/pp_cc_loop"), - std::pair("boost/function_types/components.hpp", "boost/function_types/detail/components_impl"), diff --git a/boost/cd21e9b4a749a77c24facf2da44f01e032c40842.patch b/boost/cd21e9b4a749a77c24facf2da44f01e032c40842.patch deleted file mode 100644 index e45881c204f..00000000000 --- a/boost/cd21e9b4a749a77c24facf2da44f01e032c40842.patch +++ /dev/null @@ -1,184 +0,0 @@ -From cd21e9b4a749a77c24facf2da44f01e032c40842 Mon Sep 17 00:00:00 2001 -From: Andrey Semashev -Date: Sun, 24 Mar 2024 14:49:18 +0300 -Subject: [PATCH] Remove usage of deprecated and removed Boost.Filesystem APIs. - ---- - add_dependent_lib.cpp | 5 +++-- - add_path.cpp | 30 +++++++++++++++--------------- - bcp_imp.hpp | 1 + - copy_path.cpp | 8 ++++---- - file_types.cpp | 2 +- - 5 files changed, 24 insertions(+), 22 deletions(-) - -diff --git a/add_dependent_lib.cpp b/add_dependent_lib.cpp -index 4852914..521b70d 100644 ---- a/add_dependent_lib.cpp -+++ b/add_dependent_lib.cpp -@@ -15,6 +15,7 @@ - #include "bcp_imp.hpp" - #include "fileview.hpp" - #include -+#include - #include - #include - #include -@@ -43,12 +44,12 @@ static void init_library_scanner(const fs::path& p, bool cvs_mode, const std::st - // - // Don't add files created by build system: - // -- if((p.leaf() == "bin") || (p.leaf() == "bin-stage")) -+ if((p.filename() == "bin") || (p.filename() == "bin-stage")) - return; - // - // Don't add version control directories: - // -- if((p.leaf() == "CVS") || (p.leaf() == ".svn")) -+ if((p.filename() == "CVS") || (p.filename() == ".svn")) - return; - // - // don't add directories not under version control: -diff --git a/add_path.cpp b/add_path.cpp -index 8a1fee3..747bb8c 100644 ---- a/add_path.cpp -+++ b/add_path.cpp -@@ -15,6 +15,7 @@ - #include "bcp_imp.hpp" - #include "fileview.hpp" - #include -+#include - #include - #include - #include -@@ -24,8 +25,7 @@ void bcp_implementation::add_path(const fs::path& p) - { - if (m_excluded.find(p) != m_excluded.end()) - return; -- fs::path normalized_path = p; -- normalized_path.normalize(); -+ fs::path normalized_path = p.lexically_normal(); - if(fs::exists(m_boost_path / normalized_path)) - { - if(fs::is_directory(m_boost_path / normalized_path)) -@@ -45,12 +45,12 @@ void bcp_implementation::add_directory(const fs::path& p) - // - // Don't add files created by build system: - // -- if((p.leaf() == "bin") || (p.leaf() == "bin-stage")) -+ if((p.filename() == "bin") || (p.filename() == "bin-stage")) - return; - // - // Don't add version control directories: - // -- if((p.leaf() == "CVS") || (p.leaf() == ".svn")) -+ if((p.filename() == "CVS") || (p.filename() == ".svn")) - return; - // - // don't add directories not under version control: -@@ -180,7 +180,7 @@ void bcp_implementation::add_file(const fs::path& p) - { - // only concatonate if it's a relative path - // rather than a URL: -- fs::path dep(p.branch_path() / s); -+ fs::path dep(p.parent_path() / s); - if(!m_dependencies.count(dep)) - { - m_dependencies[dep] = p; // set up dependency tree -@@ -355,13 +355,13 @@ void bcp_implementation::add_file_dependencies(const fs::path& p, bool scanfile) - continue; - } - include_file = i->str(); -- fs::path test_file(m_boost_path / p.branch_path() / include_file); -- if(fs::exists(test_file) && !fs::is_directory(test_file) && (p.branch_path().string() != "boost")) -+ fs::path test_file(m_boost_path / p.parent_path() / include_file); -+ if(fs::exists(test_file) && !fs::is_directory(test_file) && (p.parent_path().string() != "boost")) - { -- if(!m_dependencies.count(p.branch_path() / include_file)) -+ if(!m_dependencies.count(p.parent_path() / include_file)) - { -- m_dependencies[p.branch_path() / include_file] = p; -- add_pending_path(p.branch_path() / include_file); -+ m_dependencies[p.parent_path() / include_file] = p; -+ add_pending_path(p.parent_path() / include_file); - } - } - else if(fs::exists(m_boost_path / include_file)) -@@ -405,13 +405,13 @@ void bcp_implementation::add_file_dependencies(const fs::path& p, bool scanfile) - ++i; - continue; - } -- fs::path test_file(m_boost_path / p.branch_path() / include_file); -- if(fs::exists(test_file) && !fs::is_directory(test_file) && (p.branch_path().string() != "boost")) -+ fs::path test_file(m_boost_path / p.parent_path() / include_file); -+ if(fs::exists(test_file) && !fs::is_directory(test_file) && (p.parent_path().string() != "boost")) - { -- if(!m_dependencies.count(p.branch_path() / include_file)) -+ if(!m_dependencies.count(p.parent_path() / include_file)) - { -- m_dependencies[p.branch_path() / include_file] = p; -- add_pending_path(p.branch_path() / include_file); -+ m_dependencies[p.parent_path() / include_file] = p; -+ add_pending_path(p.parent_path() / include_file); - } - } - else if(fs::exists(m_boost_path / include_file)) -diff --git a/bcp_imp.hpp b/bcp_imp.hpp -index e515581..51c85ba 100644 ---- a/bcp_imp.hpp -+++ b/bcp_imp.hpp -@@ -14,6 +14,7 @@ - #include - #include - #include -+#include - #include - - namespace fs = boost::filesystem; -diff --git a/copy_path.cpp b/copy_path.cpp -index 4143c79..6b7a370 100644 ---- a/copy_path.cpp -+++ b/copy_path.cpp -@@ -49,18 +49,18 @@ void bcp_implementation::copy_path(const fs::path& p) - if(fs::exists(m_dest_path / p)) - { - std::cout << "Copying (and overwriting) file: " << p.string() << "\n"; -- fs::remove(m_dest_path / p); -+ fs::remove(m_dest_path / p); - } - else - std::cout << "Copying file: " << p.string() << "\n"; - // - // create the path to the new file if it doesn't already exist: - // -- create_path(p.branch_path()); -+ create_path(p.parent_path()); - // - // do text based copy if requested: - // -- if((p.leaf() == "Jamroot") && m_namespace_name.size()) -+ if((p.filename() == "Jamroot") && m_namespace_name.size()) - { - static std::vector v1, v2; - v1.clear(); -@@ -240,7 +240,7 @@ void bcp_implementation::create_path(const fs::path& p) - if(!fs::exists(m_dest_path / p)) - { - // recurse then create the path: -- create_path(p.branch_path()); -+ create_path(p.parent_path()); - fs::create_directory(m_dest_path / p); - } - } -diff --git a/file_types.cpp b/file_types.cpp -index 297d304..69f6027 100644 ---- a/file_types.cpp -+++ b/file_types.cpp -@@ -52,7 +52,7 @@ bool bcp_implementation::is_binary_file(const fs::path& p) - "|" - "(Jamfile|makefile|configure)", - boost::regex::perl | boost::regex::icase); -- return !boost::regex_match(p.leaf().generic_string(), e); -+ return !boost::regex_match(p.filename().generic_string(), e); - - } - From 52f176046b2b94eda840fdd823c51fd4769f189b Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 10:30:23 -0700 Subject: [PATCH 18/72] trino/467 package update (#36043)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- trino.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/trino.yaml b/trino.yaml index 841fbfa11eb..f808b7ef2e8 100644 --- a/trino.yaml +++ b/trino.yaml @@ -1,7 +1,7 @@ package: name: trino - version: "464" - epoch: 3 + version: "467" + epoch: 0 description: The distributed SQL query engine for big data, formerly known as PrestoSQL copyright: - license: Apache-2.0 @@ -33,7 +33,7 @@ pipeline: with: repository: https://github.com/trinodb/trino.git tag: ${{package.version}} - expected-commit: 299842e3cddde87b2f4b2589edbe53c41743f71a + expected-commit: 019b299ae716e44c659a47402e8349d4b87c9cae - uses: maven/pombump From bdbf1b82ca9471ee1d3b983cde8a789ffb9a12cd Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 18:04:27 +0000 Subject: [PATCH 19/72] py3-debugpy/1.8.11 package update (#36928)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-debugpy.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py3-debugpy.yaml b/py3-debugpy.yaml index 436b5f42804..c7aa65f5c7f 100644 --- a/py3-debugpy.yaml +++ b/py3-debugpy.yaml @@ -1,6 +1,6 @@ package: name: py3-debugpy - version: 1.8.9 + version: 1.8.11 epoch: 0 description: An implementation of the Debug Adapter Protocol for Python copyright: @@ -28,7 +28,7 @@ environment: pipeline: - uses: git-checkout with: - expected-commit: f4ba976121ce38ee1c7c1f3174fcc520bccc7e19 + expected-commit: 34cc53b2ac31b9de89a5445bbcfb0daddf33146e repository: https://github.com/microsoft/debugpy tag: v${{package.version}} From c1580282fdf591fa5c8b2fc3d7e1dd0adc261dc9 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 18:04:41 +0000 Subject: [PATCH 20/72] nsc/2.10.1 package update (#36927)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- nsc.yaml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/nsc.yaml b/nsc.yaml index af3c1651450..c434bc2ad5e 100644 --- a/nsc.yaml +++ b/nsc.yaml @@ -1,7 +1,7 @@ package: name: nsc - version: 2.10.0 - epoch: 1 + version: 2.10.1 + epoch: 0 description: Tool for creating nkey/jwt based configurations copyright: - license: Apache-2.0 @@ -11,12 +11,7 @@ pipeline: with: repository: https://github.com/nats-io/nsc tag: v${{package.version}} - expected-commit: ce4b0540970b221460e0dcfaafaa7865e33f6fd2 - - - uses: go/bump - with: - deps: golang.org/x/crypto@v0.31.0 - modroot: . + expected-commit: d2af91035880fe69d230afdbca0729d70d7eefef - uses: go/build with: From 61ca57cab8c48b3bdc7a0eea33384fab7038deda Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 18:04:56 +0000 Subject: [PATCH 21/72] sql_exporter/0.16.0-r0: cve remediation (#36924) sql_exporter/0.16.0-r0: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/sql_exporter.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- sql_exporter.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sql_exporter.yaml b/sql_exporter.yaml index 66775006f7d..dd9c1dc6c5c 100644 --- a/sql_exporter.yaml +++ b/sql_exporter.yaml @@ -1,7 +1,7 @@ package: name: sql_exporter version: 0.16.0 - epoch: 0 + epoch: 1 description: Database-agnostic SQL Exporter for Prometheus copyright: - license: Apache-2.0 @@ -13,6 +13,10 @@ pipeline: tag: ${{package.version}} expected-commit: a1726ff66775980c1de3ad44bfffb169525b2dd1 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./cmd/sql_exporter From 2e73a0b43bc845b051a3f6e9488c173b7167e7df Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 18:05:11 +0000 Subject: [PATCH 22/72] rqlite/8.36.0-r0: cve remediation (#36926) rqlite/8.36.0-r0: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/rqlite.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- rqlite.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rqlite.yaml b/rqlite.yaml index 0b0c00391dd..a9de841bd05 100644 --- a/rqlite.yaml +++ b/rqlite.yaml @@ -1,7 +1,7 @@ package: name: rqlite version: 8.36.0 - epoch: 0 + epoch: 1 description: The lightweight, distributed relational database built on SQLite copyright: - license: MIT @@ -21,6 +21,10 @@ pipeline: tag: v${{package.version}} expected-commit: 72a2858148ca055442321676d28c7fbc187a9b94 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | # docker-entrypoint.sh: update hardcoded docker entrypoint sed -i "s|RQLITED=/bin/rqlited|RQLITED=/usr/bin/rqlited|g" docker-entrypoint.sh From eadd4698b87978de163e595b854318390c1bb8f0 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 18:05:26 +0000 Subject: [PATCH 23/72] skaffold/2.13.2-r2: cve remediation (#36925) skaffold/2.13.2-r2: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/skaffold.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- skaffold.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/skaffold.yaml b/skaffold.yaml index 4347b12ae5b..06d43e90ed3 100644 --- a/skaffold.yaml +++ b/skaffold.yaml @@ -1,7 +1,7 @@ package: name: skaffold version: 2.13.2 - epoch: 2 + epoch: 3 description: Easy and Repeatable Kubernetes Development copyright: - license: Apache-2.0 @@ -24,7 +24,7 @@ pipeline: - uses: go/bump with: - deps: github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 - runs: | make From 9f124f10f7a13cc2ebccb870921f1c983d6ebaae Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 18:05:46 +0000 Subject: [PATCH 24/72] wgcf/2.2.23-r0: cve remediation (#36923) wgcf/2.2.23-r0: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/wgcf.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- wgcf.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/wgcf.yaml b/wgcf.yaml index 43b61954725..3b01097ab98 100644 --- a/wgcf.yaml +++ b/wgcf.yaml @@ -1,7 +1,7 @@ package: name: wgcf version: 2.2.23 - epoch: 0 + epoch: 1 description: Cross-platform, unofficial CLI for Cloudflare Warp copyright: - license: MIT @@ -21,6 +21,10 @@ pipeline: repository: https://github.com/ViRb3/wgcf tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: ldflags: -s -w From 8998f752f4e58eb07b965174c1b75b174a0fd84a Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Fri, 13 Dec 2024 10:14:07 -0800 Subject: [PATCH 25/72] Drop pkg-config tests obsoleted by pkgconf tests (#36930) The pkg-config and pkgconf tests are the same so let's drop the pkg-config ones in favor of the pkgconf ones which use a pipeline. --- libspatialindex.yaml | 7 +++---- userspace-rcu.yaml | 5 ----- wayland-protocols.yaml | 4 ---- 3 files changed, 3 insertions(+), 13 deletions(-) diff --git a/libspatialindex.yaml b/libspatialindex.yaml index 8d16aa2b1b9..9dc21b3566d 100644 --- a/libspatialindex.yaml +++ b/libspatialindex.yaml @@ -36,6 +36,9 @@ subpackages: - name: libspatialindex-dev pipeline: - uses: split/dev + test: + pipeline: + - uses: test/pkgconf test: environment: @@ -139,10 +142,6 @@ test: # Run the program to check if it can open the BPF object ./test_prog - - name: "Check pkg-config" - runs: | - pkg-config --exists libspatialindex - pkg-config --modversion libspatialindex update: enabled: true diff --git a/userspace-rcu.yaml b/userspace-rcu.yaml index 798b4eccf31..b7b3143fb5b 100644 --- a/userspace-rcu.yaml +++ b/userspace-rcu.yaml @@ -86,8 +86,3 @@ test: grep "RCU read lock acquired" output.log grep "RCU read lock released" output.log grep "RCU thread unregistered successfully" output.log - - name: "Check pkg-config information" - runs: | - pkg-config --exists liburcu - pkg-config --modversion liburcu | grep ${{package.version}} - pkg-config --libs liburcu | grep -- -lurcu diff --git a/wayland-protocols.yaml b/wayland-protocols.yaml index 236795285fc..d04721b8402 100644 --- a/wayland-protocols.yaml +++ b/wayland-protocols.yaml @@ -49,10 +49,6 @@ test: runs: | test -d /usr/share/wayland-protocols test -d /usr/share/pkgconfig - - name: "Check pkg-config registration" - runs: | - pkg-config --exists wayland-protocols - pkg-config --variable=pkgdatadir wayland-protocols - name: "Verify presence of core protocol files" runs: | for proto in \ From 9d960ed115cf35d636d68d47d9ae7ffe2f5f32dc Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 13:43:59 -0500 Subject: [PATCH 26/72] spark-operator/2.1.0 package update (#36333)

--------- Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Signed-off-by: Debasish Biswas Signed-off-by: debasishbsws Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: Debasish Biswas --- spark-operator.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/spark-operator.yaml b/spark-operator.yaml index a17527e8174..bd88bc1673f 100644 --- a/spark-operator.yaml +++ b/spark-operator.yaml @@ -1,7 +1,7 @@ package: name: spark-operator - version: 2.0.2 - epoch: 2 + version: 2.1.0 + epoch: 0 description: Kubernetes operator for managing the lifecycle of Apache Spark applications on Kubernetes. copyright: - license: Apache-2.0 @@ -25,7 +25,7 @@ pipeline: with: repository: https://github.com/kubeflow/spark-operator tag: v${{package.version}} - expected-commit: ef9a2a134b80f8c5368db53615d9aa766c67ad0a + expected-commit: 664b9d01c42a04a5327e582cc23215c34e9a5020 - uses: go/bump with: @@ -33,7 +33,7 @@ pipeline: - uses: go/build with: - packages: ./cmd/ + packages: ./cmd/operator output: spark-operator - uses: strip @@ -43,7 +43,7 @@ subpackages: pipeline: - uses: go/build with: - packages: ./sparkctl + packages: ./cmd/sparkctl output: sparkctl - uses: strip test: From 105bec3aa2618372ba87a16a4e6041a55248e8b5 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 19:03:11 +0000 Subject: [PATCH 27/72] git-sync/4.4.0 package update (#36935)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- git-sync.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/git-sync.yaml b/git-sync.yaml index 9c0745a2195..cfdc6bfe2df 100644 --- a/git-sync.yaml +++ b/git-sync.yaml @@ -1,7 +1,7 @@ package: name: git-sync - version: 4.3.0 - epoch: 1 + version: 4.4.0 + epoch: 0 description: A sidecar app which clones a git repo and keeps it in sync with the upstream. copyright: - license: Apache-2.0 @@ -15,7 +15,7 @@ pipeline: with: repository: https://github.com/kubernetes/git-sync tag: v${{package.version}} - expected-commit: 97c0d585a83057184821549b30945f2105cc8966 + expected-commit: 69eb59185a073d4a08362d07bbe6459311027746 - uses: go/bump with: From 69d705adb232d84592d4dcb826dd3ea2cef24f06 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 19:03:28 +0000 Subject: [PATCH 28/72] mc/0.20241117.193525-r0: cve remediation (#36929) mc/0.20241117.193525-r0: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/mc.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- mc.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mc.yaml b/mc.yaml index d0673fdc869..46a70abb3a9 100644 --- a/mc.yaml +++ b/mc.yaml @@ -1,7 +1,7 @@ package: name: mc version: 0.20241117.193525 - epoch: 0 + epoch: 1 description: Multi-Cloud Object Storage copyright: - license: AGPL-3.0-or-later @@ -28,6 +28,10 @@ pipeline: tag: ${{vars.mangled-package-version}} expected-commit: bb4ff4951a3e54bbee6ac75cfaf387c521e98709 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | make build mkdir -p ${{targets.destdir}}/usr/bin From 595e2f2252c306ab76a7c5cfbdfcbe6799651598 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 19:03:49 +0000 Subject: [PATCH 29/72] py3-aiosignal/1.3.2 package update (#36934)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- py3-aiosignal.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/py3-aiosignal.yaml b/py3-aiosignal.yaml index 04b73930e2a..4fd6b1e8d53 100644 --- a/py3-aiosignal.yaml +++ b/py3-aiosignal.yaml @@ -1,8 +1,8 @@ # Generated from https://pypi.org/project/aiosignal/ package: name: py3-aiosignal - version: 1.3.1 - epoch: 5 + version: 1.3.2 + epoch: 0 description: 'aiosignal: a list of registered asynchronous callbacks' copyright: - license: Apache-2.0 @@ -32,7 +32,7 @@ environment: pipeline: - uses: fetch with: - expected-sha256: 54cd96e15e1649b75d6c87526a6ff0b6c1b0dd3459f43d9ca11d48c339b68cfc + expected-sha256: a8c255c66fafb1e499c9351d0bf32ff2d8a0321595ebac3b93713656d2436f54 uri: https://files.pythonhosted.org/packages/source/a/aiosignal/aiosignal-${{package.version}}.tar.gz subpackages: From 717f56bc1fb457e1c2d7de6535944703a0ec26d7 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:02:32 -0500 Subject: [PATCH 30/72] Make python 3.13 version of virtual packages the default. batch 1.10 (#36950) --- py3-deprecation.yaml | 4 ++-- py3-diffoscope.yaml | 4 ++-- py3-dill.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/py3-deprecation.yaml b/py3-deprecation.yaml index dcbb1b3e29f..3fa184ac116 100644 --- a/py3-deprecation.yaml +++ b/py3-deprecation.yaml @@ -1,7 +1,7 @@ package: name: py3-deprecation version: 2.1.0 - epoch: 4 + epoch: 5 description: A library to handle automated deprecations copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-diffoscope.yaml b/py3-diffoscope.yaml index 8c36688a802..2b22d4581df 100644 --- a/py3-diffoscope.yaml +++ b/py3-diffoscope.yaml @@ -2,7 +2,7 @@ package: name: py3-diffoscope version: "284" - epoch: 0 + epoch: 1 description: in-depth comparison of files, archives, and directories copyright: - license: GPL-3.0-or-later @@ -72,7 +72,7 @@ data: "3.10": "310" "3.11": "311" "3.12": "312" - "3.13": "300" + "3.13": "313" update: enabled: true diff --git a/py3-dill.yaml b/py3-dill.yaml index 89fb78788f7..84730433995 100644 --- a/py3-dill.yaml +++ b/py3-dill.yaml @@ -2,7 +2,7 @@ package: name: py3-dill version: 0.3.9 - epoch: 1 + epoch: 2 description: serialize all of Python copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From 415ae3341ef21a9022f0dde61d04cdfbf228f22c Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:02:49 -0500 Subject: [PATCH 31/72] Make python 3.13 version of virtual packages the default. batch 1.8 (#36948) --- py3-colorama.yaml | 4 ++-- py3-colorlog.yaml | 4 ++-- py3-comm.yaml | 4 ++-- py3-commonmark.yaml | 4 ++-- py3-conda-package-handling.yaml | 4 ++-- py3-conda-package-streaming.yaml | 4 ++-- py3-configargparse.yaml | 4 ++-- py3-configobj.yaml | 4 ++-- py3-contextlib2.yaml | 4 ++-- py3-contourpy.yaml | 4 ++-- py3-cppy.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/py3-colorama.yaml b/py3-colorama.yaml index d25a25184a5..ab70fd45804 100644 --- a/py3-colorama.yaml +++ b/py3-colorama.yaml @@ -1,7 +1,7 @@ package: name: py3-colorama version: 0.4.6 - epoch: 7 + epoch: 8 description: Simple cross-platform colored terminal text copyright: - license: BSD-3-Clause @@ -27,7 +27,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' pipeline: - uses: git-checkout diff --git a/py3-colorlog.yaml b/py3-colorlog.yaml index 18a73e1f4f5..9d8797d257c 100644 --- a/py3-colorlog.yaml +++ b/py3-colorlog.yaml @@ -1,7 +1,7 @@ package: name: py3-colorlog version: 6.8.2 - epoch: 1 + epoch: 2 description: Add colours to the output of Python's logging module. copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-comm.yaml b/py3-comm.yaml index 675bf125273..21d2bdc220f 100644 --- a/py3-comm.yaml +++ b/py3-comm.yaml @@ -1,7 +1,7 @@ package: name: py3-comm version: 0.2.2 - epoch: 1 + epoch: 2 description: Jupyter Python Comm implementation, for usage in ipykernel, xeus-python etc. copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-commonmark.yaml b/py3-commonmark.yaml index e7a16f19cef..cfad750ddb7 100644 --- a/py3-commonmark.yaml +++ b/py3-commonmark.yaml @@ -1,7 +1,7 @@ package: name: py3-commonmark version: 0.9.1 - epoch: 1 + epoch: 2 description: Python parser for the CommonMark Markdown spec copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-conda-package-handling.yaml b/py3-conda-package-handling.yaml index 6d14fab0f7e..9ece6a91995 100644 --- a/py3-conda-package-handling.yaml +++ b/py3-conda-package-handling.yaml @@ -1,7 +1,7 @@ package: name: py3-conda-package-handling version: 2.4.0 - epoch: 0 + epoch: 1 description: Create and extract conda packages of various formats copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-conda-package-streaming.yaml b/py3-conda-package-streaming.yaml index 118e755ec42..3448ec2360e 100644 --- a/py3-conda-package-streaming.yaml +++ b/py3-conda-package-streaming.yaml @@ -1,7 +1,7 @@ package: name: py3-conda-package-streaming version: 0.11.0 - epoch: 0 + epoch: 1 description: An efficient library to read from new and old format .conda and .tar.bz2 conda packages. copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-configargparse.yaml b/py3-configargparse.yaml index f2cdcf5b744..038101a4ea0 100644 --- a/py3-configargparse.yaml +++ b/py3-configargparse.yaml @@ -1,7 +1,7 @@ package: name: py3-configargparse version: 1.7 - epoch: 1 + epoch: 2 description: A drop-in replacement for argparse that allows options to also be set via config files and/or environment variables. copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-configobj.yaml b/py3-configobj.yaml index b7d0de0fcba..8a162c804b3 100644 --- a/py3-configobj.yaml +++ b/py3-configobj.yaml @@ -1,7 +1,7 @@ package: name: py3-configobj version: 5.0.9 - epoch: 1 + epoch: 2 description: Config file reading, writing and validation. copyright: - license: BSD-2-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-contextlib2.yaml b/py3-contextlib2.yaml index ce71a49fe96..73fac114aa4 100644 --- a/py3-contextlib2.yaml +++ b/py3-contextlib2.yaml @@ -1,7 +1,7 @@ package: name: py3-contextlib2 version: 21.6.0 - epoch: 5 + epoch: 6 description: backports of the contextlib module from newer versions of python copyright: - license: PSF-2.0 AND Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-contourpy.yaml b/py3-contourpy.yaml index 52a46b3065d..15445cd7c8b 100644 --- a/py3-contourpy.yaml +++ b/py3-contourpy.yaml @@ -1,7 +1,7 @@ package: name: py3-contourpy version: 1.3.1 - epoch: 0 + epoch: 1 description: Python library for calculating contours of 2D quadrilateral grids copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-cppy.yaml b/py3-cppy.yaml index 18fe2d10d79..eadc7cf51bd 100644 --- a/py3-cppy.yaml +++ b/py3-cppy.yaml @@ -1,7 +1,7 @@ package: name: py3-cppy version: 1.3.0 - epoch: 0 + epoch: 1 copyright: - license: BSD-3-Clause dependencies: @@ -17,7 +17,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From 6635c8579f3ffad76c0fca8c3649fb724497b9cb Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:02:58 -0500 Subject: [PATCH 32/72] Make python 3.13 version of virtual packages the default. batch 1.7 (#36947) --- py3-chardet.yaml | 4 ++-- py3-charset-normalizer.yaml | 4 ++-- py3-cleo.yaml | 4 ++-- py3-cli-helpers.yaml | 4 ++-- py3-click-aliases.yaml | 4 ++-- py3-click-option-group.yaml | 4 ++-- py3-click.yaml | 4 ++-- py3-cloudpickle.yaml | 4 ++-- py3-cmaes.yaml | 4 ++-- py3-codeowners.yaml | 4 ++-- py3-codespell.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/py3-chardet.yaml b/py3-chardet.yaml index bdc6f9af4c3..7cd2dd02471 100644 --- a/py3-chardet.yaml +++ b/py3-chardet.yaml @@ -1,7 +1,7 @@ package: name: py3-chardet version: 5.2.0 - epoch: 3 + epoch: 4 description: Universal encoding detector for Python 3 copyright: - license: LGPL-2.1-or-later @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-charset-normalizer.yaml b/py3-charset-normalizer.yaml index a9d0c3ff009..e0f6b5e03aa 100644 --- a/py3-charset-normalizer.yaml +++ b/py3-charset-normalizer.yaml @@ -1,7 +1,7 @@ package: name: py3-charset-normalizer version: 3.4.0 - epoch: 0 + epoch: 1 description: offers you an alternative to Universal Charset Encoding Detector, also known as Chardet copyright: - license: MIT @@ -28,7 +28,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' pipeline: - uses: git-checkout diff --git a/py3-cleo.yaml b/py3-cleo.yaml index 11b2697d080..6d802e16d5a 100644 --- a/py3-cleo.yaml +++ b/py3-cleo.yaml @@ -2,7 +2,7 @@ package: name: py3-cleo version: 2.2.1 - epoch: 0 + epoch: 1 description: Cleo allows you to create beautiful and testable command-line interfaces. copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-cli-helpers.yaml b/py3-cli-helpers.yaml index 9739a2bb307..913bd4af104 100644 --- a/py3-cli-helpers.yaml +++ b/py3-cli-helpers.yaml @@ -1,7 +1,7 @@ package: name: py3-cli-helpers version: 2.3.1 - epoch: 1 + epoch: 2 description: Helpers for building command-line apps copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-click-aliases.yaml b/py3-click-aliases.yaml index 84d7fc30105..8c1a56455e8 100644 --- a/py3-click-aliases.yaml +++ b/py3-click-aliases.yaml @@ -1,7 +1,7 @@ package: name: py3-click-aliases version: 1.0.5 - epoch: 0 + epoch: 1 description: enable aliases for click copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-click-option-group.yaml b/py3-click-option-group.yaml index 5616101ecea..2cde329cd5a 100644 --- a/py3-click-option-group.yaml +++ b/py3-click-option-group.yaml @@ -1,7 +1,7 @@ package: name: py3-click-option-group version: 0.5.6 - epoch: 3 + epoch: 4 description: Option groups missing in Click. copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-click.yaml b/py3-click.yaml index 6018afc4fa4..28847ef69f5 100644 --- a/py3-click.yaml +++ b/py3-click.yaml @@ -2,7 +2,7 @@ package: name: py3-click version: 8.1.7 - epoch: 5 + epoch: 6 description: Composable command line interface toolkit copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-cloudpickle.yaml b/py3-cloudpickle.yaml index 241d05bb840..b302213512a 100644 --- a/py3-cloudpickle.yaml +++ b/py3-cloudpickle.yaml @@ -1,7 +1,7 @@ package: name: py3-cloudpickle version: 3.1.0 - epoch: 0 + epoch: 1 description: Extended pickling support for Python objects copyright: - license: BSD-3-Clause @@ -17,7 +17,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-cmaes.yaml b/py3-cmaes.yaml index b14ac06f504..c0b2779ecce 100644 --- a/py3-cmaes.yaml +++ b/py3-cmaes.yaml @@ -1,7 +1,7 @@ package: name: py3-cmaes version: 0.11.1 - epoch: 1 + epoch: 2 description: Lightweight Covariance Matrix Adaptation Evolution Strategy (CMA-ES) implementation for Python 3. copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-codeowners.yaml b/py3-codeowners.yaml index f59fc1266b4..784e9f52223 100644 --- a/py3-codeowners.yaml +++ b/py3-codeowners.yaml @@ -1,7 +1,7 @@ package: name: py3-codeowners version: 0.6.0 - epoch: 2 + epoch: 3 description: Codeowners parser for Python copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-codespell.yaml b/py3-codespell.yaml index ae8d8ad20b3..2ad948c29aa 100644 --- a/py3-codespell.yaml +++ b/py3-codespell.yaml @@ -1,7 +1,7 @@ package: name: py3-codespell version: 2.3.0 - epoch: 2 + epoch: 3 description: 'checker for common misspellings ' copyright: - license: GPL-2.0-or-later @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From b9c5a1362e4c43239e45ab5f00c694d7562db1d0 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:03:10 -0500 Subject: [PATCH 33/72] Make python 3.13 version of virtual packages the default. batch 1.6 (#36946) --- py3-breezy.yaml | 4 ++-- py3-cachecontrol.yaml | 4 ++-- py3-cached-property.yaml | 4 ++-- py3-cachetools.yaml | 4 ++-- py3-calver.yaml | 4 ++-- py3-canonicaljson.yaml | 4 ++-- py3-cassandra-driver.yaml | 4 ++-- py3-certifi.yaml | 4 ++-- py3-certipy.yaml | 4 ++-- py3-cffi.yaml | 4 ++-- py3-changelog-chug.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/py3-breezy.yaml b/py3-breezy.yaml index df9be7ac3f8..6072ffdcc83 100644 --- a/py3-breezy.yaml +++ b/py3-breezy.yaml @@ -1,7 +1,7 @@ package: name: py3-breezy version: 3.3.9 - epoch: 2 + epoch: 3 description: Friendly distributed version control system copyright: - license: GPL-2.0-or-later @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-cachecontrol.yaml b/py3-cachecontrol.yaml index ca8bba90506..bcdbd02bf3c 100644 --- a/py3-cachecontrol.yaml +++ b/py3-cachecontrol.yaml @@ -2,7 +2,7 @@ package: name: py3-cachecontrol version: 0.14.1 - epoch: 0 + epoch: 1 description: httplib2 caching for requests copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-cached-property.yaml b/py3-cached-property.yaml index 17fea7a9392..c1acc7cfa9a 100644 --- a/py3-cached-property.yaml +++ b/py3-cached-property.yaml @@ -1,7 +1,7 @@ package: name: py3-cached-property version: 2.0.1 - epoch: 0 + epoch: 1 description: A decorator for caching properties in classes. copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-cachetools.yaml b/py3-cachetools.yaml index c9b988d29ef..2ec1930a48a 100644 --- a/py3-cachetools.yaml +++ b/py3-cachetools.yaml @@ -1,7 +1,7 @@ package: name: py3-cachetools version: 5.5.0 - epoch: 1 + epoch: 2 description: Extensible memoizing collections and decorators copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-calver.yaml b/py3-calver.yaml index e72dd0b67b6..72143e3fef3 100644 --- a/py3-calver.yaml +++ b/py3-calver.yaml @@ -2,7 +2,7 @@ package: name: py3-calver version: 2022.6.26 - epoch: 3 + epoch: 4 description: Setuptools extension for CalVer package versions copyright: - license: Apache-2.0 @@ -24,7 +24,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-canonicaljson.yaml b/py3-canonicaljson.yaml index 130f8ea4fd1..42806d6a1b5 100644 --- a/py3-canonicaljson.yaml +++ b/py3-canonicaljson.yaml @@ -1,7 +1,7 @@ package: name: py3-canonicaljson version: 2.0.0 - epoch: 1 + epoch: 2 description: Canonical JSON copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-cassandra-driver.yaml b/py3-cassandra-driver.yaml index 60ac78de286..507da3e598b 100644 --- a/py3-cassandra-driver.yaml +++ b/py3-cassandra-driver.yaml @@ -2,7 +2,7 @@ package: name: py3-cassandra-driver version: 3.29.2 - epoch: 2 + epoch: 3 description: DataStax Driver for Apache Cassandra copyright: - license: Apache-2.0 @@ -28,7 +28,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' pipeline: - uses: git-checkout diff --git a/py3-certifi.yaml b/py3-certifi.yaml index bace5c12d89..e9045339bf2 100644 --- a/py3-certifi.yaml +++ b/py3-certifi.yaml @@ -1,7 +1,7 @@ package: name: py3-certifi version: 2024.08.30 - epoch: 1 + epoch: 2 description: Python3 package for providing Mozilla's CA Bundle copyright: - license: MPL-2.0 @@ -27,7 +27,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' # certifi uses a special versioning scheme where the version is a date like "2023.07.22". During the # build process, the version is "normalized" (and importantly, changed) to a form like "2023.7.22", diff --git a/py3-certipy.yaml b/py3-certipy.yaml index 3907cfec42c..e03ef1b49d9 100644 --- a/py3-certipy.yaml +++ b/py3-certipy.yaml @@ -1,7 +1,7 @@ package: name: py3-certipy version: 0.2.1 - epoch: 1 + epoch: 2 description: Utility to create and sign CAs and certificates copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-cffi.yaml b/py3-cffi.yaml index f12447f196a..fc0ac5e277c 100644 --- a/py3-cffi.yaml +++ b/py3-cffi.yaml @@ -2,7 +2,7 @@ package: name: py3-cffi version: 1.17.1 - epoch: 2 + epoch: 3 description: Foreign Function Interface for Python calling C code. copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-changelog-chug.yaml b/py3-changelog-chug.yaml index f5b93fb687e..48a8e3313a0 100644 --- a/py3-changelog-chug.yaml +++ b/py3-changelog-chug.yaml @@ -1,7 +1,7 @@ package: name: py3-changelog-chug version: 0.0.3 - epoch: 0 + epoch: 1 description: Parser library for project Change Log documents. copyright: - license: AGPL-3.0-only @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From 95de5f7db43cc094a7b9055a82ce6547fef5ec27 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:03:18 -0500 Subject: [PATCH 34/72] Make python 3.13 version of virtual packages the default. batch 1.5 (#36945) --- py3-beartype.yaml | 4 ++-- py3-beautifulsoup4.yaml | 4 ++-- py3-beniget.yaml | 4 ++-- py3-bleach.yaml | 4 ++-- py3-blinker.yaml | 4 ++-- py3-bokeh.yaml | 4 ++-- py3-boltons.yaml | 4 ++-- py3-boolean.py.yaml | 4 ++-- py3-boto3.yaml | 4 ++-- py3-botocore.yaml | 4 ++-- py3-bracex.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/py3-beartype.yaml b/py3-beartype.yaml index 6eac17504d1..0bd854c1d63 100644 --- a/py3-beartype.yaml +++ b/py3-beartype.yaml @@ -1,7 +1,7 @@ package: name: py3-beartype version: 0.19.0 - epoch: 1 + epoch: 2 description: Unbearably fast runtime type checking in pure Python. copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-beautifulsoup4.yaml b/py3-beautifulsoup4.yaml index 06cc3a6b472..c00d077eb47 100644 --- a/py3-beautifulsoup4.yaml +++ b/py3-beautifulsoup4.yaml @@ -1,7 +1,7 @@ package: name: py3-beautifulsoup4 version: 4.12.3 - epoch: 2 + epoch: 3 description: Screen-scraping library copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-beniget.yaml b/py3-beniget.yaml index f3609d1a83c..b985cdaee5c 100644 --- a/py3-beniget.yaml +++ b/py3-beniget.yaml @@ -1,7 +1,7 @@ package: name: py3-beniget version: 0.4.2 - epoch: 1 + epoch: 2 description: Extract semantic information about static Python code copyright: - license: BSD-3-Clause @@ -17,7 +17,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-bleach.yaml b/py3-bleach.yaml index 8cfa15c4bae..b3dda63a103 100644 --- a/py3-bleach.yaml +++ b/py3-bleach.yaml @@ -1,7 +1,7 @@ package: name: py3-bleach version: 6.2.0 - epoch: 0 + epoch: 1 description: An easy safelist-based HTML-sanitizing tool. copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-blinker.yaml b/py3-blinker.yaml index 244d28bf3d8..5321da139ac 100644 --- a/py3-blinker.yaml +++ b/py3-blinker.yaml @@ -1,7 +1,7 @@ package: name: py3-blinker version: 1.9.0 - epoch: 0 + epoch: 1 description: Fast, simple object-to-object and broadcast signaling copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-bokeh.yaml b/py3-bokeh.yaml index 1b8954b6517..c38f86379d5 100644 --- a/py3-bokeh.yaml +++ b/py3-bokeh.yaml @@ -2,7 +2,7 @@ package: name: py3-bokeh version: 3.6.2 - epoch: 0 + epoch: 1 description: Interactive plots and applications in the browser from Python copyright: - license: BSD-3-Clause @@ -19,7 +19,7 @@ data: 3.10: "310" 3.11: "311" 3.12: "312" - 3.13: "300" + 3.13: "313" environment: contents: diff --git a/py3-boltons.yaml b/py3-boltons.yaml index 549e446e610..8fe3dc29759 100644 --- a/py3-boltons.yaml +++ b/py3-boltons.yaml @@ -1,7 +1,7 @@ package: name: py3-boltons version: 24.1.0 - epoch: 0 + epoch: 1 description: When they're not builtins, they're boltons. copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-boolean.py.yaml b/py3-boolean.py.yaml index a7963272a65..e54b124f47f 100644 --- a/py3-boolean.py.yaml +++ b/py3-boolean.py.yaml @@ -1,7 +1,7 @@ package: name: py3-boolean.py version: '4.0' - epoch: 3 + epoch: 4 description: Define boolean algebras, create and parse boolean expressions and create custom boolean DSL. copyright: - license: BSD-2-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-boto3.yaml b/py3-boto3.yaml index 6bd8200f811..c68c1413a91 100644 --- a/py3-boto3.yaml +++ b/py3-boto3.yaml @@ -1,7 +1,7 @@ package: name: py3-boto3 version: 1.35.80 - epoch: 0 + epoch: 1 description: The AWS SDK for Python copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-botocore.yaml b/py3-botocore.yaml index 6b9c4b23699..ac49735442d 100644 --- a/py3-botocore.yaml +++ b/py3-botocore.yaml @@ -1,7 +1,7 @@ package: name: py3-botocore version: 1.35.80 - epoch: 0 + epoch: 1 description: The low-level, core functionality of Boto3 copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-bracex.yaml b/py3-bracex.yaml index 681ac13c55f..1087ad9338e 100644 --- a/py3-bracex.yaml +++ b/py3-bracex.yaml @@ -1,7 +1,7 @@ package: name: py3-bracex version: '2.5' - epoch: 1 + epoch: 2 description: Bash style brace expander. copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From 8dad1694e5e84c07b31b99ce22956c9302b3075b Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:03:49 -0500 Subject: [PATCH 35/72] Make python 3.13 version of virtual packages the default. batch 1.2 (#36942) --- py3-alembic.yaml | 4 ++-- py3-annotated-types.yaml | 4 ++-- py3-ansible-core.yaml | 4 ++-- py3-ansible-runner-http.yaml | 4 ++-- py3-ansible-runner.yaml | 4 ++-- py3-antlr4-python3-runtime.yaml | 4 ++-- py3-anyio.yaml | 4 ++-- py3-appdirs.yaml | 4 ++-- py3-appnope.yaml | 4 ++-- py3-archspec.yaml | 4 ++-- py3-argcomplete.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/py3-alembic.yaml b/py3-alembic.yaml index d0cc7e9ad2a..4cb3f7e83a4 100644 --- a/py3-alembic.yaml +++ b/py3-alembic.yaml @@ -1,7 +1,7 @@ package: name: py3-alembic version: 1.11.3 - epoch: 5 + epoch: 6 description: A database migration tool for SQLAlchemy. copyright: - license: MIT @@ -24,7 +24,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-annotated-types.yaml b/py3-annotated-types.yaml index c983e206604..93f0819e050 100644 --- a/py3-annotated-types.yaml +++ b/py3-annotated-types.yaml @@ -2,7 +2,7 @@ package: name: py3-annotated-types version: 0.7.0 - epoch: 2 + epoch: 3 description: Reusable constraint types to use with typing.Annotated copyright: - license: MIT @@ -19,7 +19,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-ansible-core.yaml b/py3-ansible-core.yaml index adde8b15109..84fe16031f2 100644 --- a/py3-ansible-core.yaml +++ b/py3-ansible-core.yaml @@ -1,7 +1,7 @@ package: name: py3-ansible-core version: 2.18.1 - epoch: 0 + epoch: 1 description: Ansible is a radically simple IT automation platform copyright: - license: GPL-3.0 @@ -16,7 +16,7 @@ data: items: 3.11: "311" 3.12: "312" - 3.13: "300" + 3.13: "313" environment: contents: diff --git a/py3-ansible-runner-http.yaml b/py3-ansible-runner-http.yaml index caaa62b49cf..4d692b74491 100644 --- a/py3-ansible-runner-http.yaml +++ b/py3-ansible-runner-http.yaml @@ -1,7 +1,7 @@ package: name: py3-ansible-runner-http version: 1.0.0 - epoch: 0 + epoch: 1 description: This project is a plugin for Ansible Runner. copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-ansible-runner.yaml b/py3-ansible-runner.yaml index cba9082dd45..70de809852a 100644 --- a/py3-ansible-runner.yaml +++ b/py3-ansible-runner.yaml @@ -1,7 +1,7 @@ package: name: py3-ansible-runner version: 2.4.0 - epoch: 0 + epoch: 1 description: A tool and python library that helps when interfacing with Ansible directly. copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: "310" 3.11: "311" 3.12: "312" - 3.13: "300" + 3.13: "313" environment: contents: diff --git a/py3-antlr4-python3-runtime.yaml b/py3-antlr4-python3-runtime.yaml index ffa7a339b7b..c8274a0101f 100644 --- a/py3-antlr4-python3-runtime.yaml +++ b/py3-antlr4-python3-runtime.yaml @@ -1,7 +1,7 @@ package: name: py3-antlr4-python3-runtime version: 4.13.2 - epoch: 2 + epoch: 3 description: ANTLR runtime for Python 3 copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-anyio.yaml b/py3-anyio.yaml index 81ce4c6de53..92f65c6a7b2 100644 --- a/py3-anyio.yaml +++ b/py3-anyio.yaml @@ -2,7 +2,7 @@ package: name: py3-anyio version: 4.7.0 - epoch: 0 + epoch: 1 description: High level compatibility layer for multiple asynchronous event loop implementations copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-appdirs.yaml b/py3-appdirs.yaml index 10641ec8c8d..32ce74c7f92 100644 --- a/py3-appdirs.yaml +++ b/py3-appdirs.yaml @@ -1,7 +1,7 @@ package: name: py3-appdirs version: 1.4.4 - epoch: 6 + epoch: 7 description: a small python module for appdir support copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-appnope.yaml b/py3-appnope.yaml index 58a509cd81b..43a9a41c4f9 100644 --- a/py3-appnope.yaml +++ b/py3-appnope.yaml @@ -1,7 +1,7 @@ package: name: py3-appnope version: 0.1.4 - epoch: 1 + epoch: 2 description: Disable App Nap on macOS >= 10.9 copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-archspec.yaml b/py3-archspec.yaml index 142878f3df2..182ccabe2b9 100644 --- a/py3-archspec.yaml +++ b/py3-archspec.yaml @@ -1,7 +1,7 @@ package: name: py3-archspec version: 0.2.5 - epoch: 0 + epoch: 1 description: A library to query system architecture copyright: - license: Apache-2.0 OR MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-argcomplete.yaml b/py3-argcomplete.yaml index 48b43ed25f2..19d9c89cb74 100644 --- a/py3-argcomplete.yaml +++ b/py3-argcomplete.yaml @@ -1,7 +1,7 @@ package: name: py3-argcomplete version: 3.5.2 - epoch: 0 + epoch: 1 description: Bash/zsh tab completion for argparse copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From d600b6d18ef5a462c194a001f916bf2129fe9543 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 20:04:22 +0000 Subject: [PATCH 36/72] step-ca/0.28.1-r0: cve remediation (#36952) step-ca/0.28.1-r0: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/step-ca.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- step-ca.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/step-ca.yaml b/step-ca.yaml index df422da83a8..ae80298a984 100644 --- a/step-ca.yaml +++ b/step-ca.yaml @@ -1,7 +1,7 @@ package: name: step-ca version: 0.28.1 - epoch: 0 + epoch: 1 description: A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH. copyright: - license: Apache-2.0 @@ -20,6 +20,10 @@ pipeline: tag: v${{package.version}} expected-commit: d327203c1c2a1900bd019a0d9b38bd280fbd5c24 + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - runs: | CGO_ENABLED=0 go build -v \ -ldflags='-w -X "main.Version=${{package.version}}"' \ From e023fb53a537ee4726a21a01a3490527fff9b3c8 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 20:04:39 +0000 Subject: [PATCH 37/72] fulcio/1.6.5-r0: cve remediation (#36951) fulcio/1.6.5-r0: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/fulcio.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- fulcio.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fulcio.yaml b/fulcio.yaml index f8deb2586be..a9bd745fd20 100644 --- a/fulcio.yaml +++ b/fulcio.yaml @@ -1,7 +1,7 @@ package: name: fulcio version: 1.6.5 - epoch: 0 + epoch: 1 description: Sigstore OIDC PKI copyright: - license: Apache-2.0 @@ -17,6 +17,11 @@ pipeline: repository: https://github.com/sigstore/fulcio tag: v${{package.version}} + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + modroot: . + - uses: go/build with: ldflags: -s -w From f577ba2d3a78fe9314a877a1f79ac90b1f94a184 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 20:04:55 +0000 Subject: [PATCH 38/72] spegel/0.0.27-r1: cve remediation (#36939) spegel/0.0.27-r1: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/spegel.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- spegel.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spegel.yaml b/spegel.yaml index 571f6ab1ff2..f819e2016a1 100644 --- a/spegel.yaml +++ b/spegel.yaml @@ -1,7 +1,7 @@ package: name: spegel version: 0.0.27 - epoch: 1 + epoch: 2 description: Stateless cluster local OCI registry mirror. copyright: - license: Apache-2.0 @@ -22,7 +22,7 @@ pipeline: - uses: go/bump with: - deps: github.com/quic-go/quic-go@v0.48.2 github.com/libp2p/go-libp2p@v0.37.2 + deps: github.com/quic-go/quic-go@v0.48.2 github.com/libp2p/go-libp2p@v0.37.2 golang.org/x/crypto@v0.31.0 - uses: go/build with: From 4f5756bb2d32a6deae418f9d138c70f49136c9c1 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 20:05:17 +0000 Subject: [PATCH 39/72] dockerize/0.8.0-r1: cve remediation (#36940) dockerize/0.8.0-r1: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/dockerize.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- dockerize.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/dockerize.yaml b/dockerize.yaml index 3e6a6541ff8..488de29a32a 100644 --- a/dockerize.yaml +++ b/dockerize.yaml @@ -1,7 +1,7 @@ package: name: dockerize version: 0.8.0 - epoch: 1 + epoch: 2 description: Utility to simplify running applications in docker containers copyright: - license: MIT @@ -21,6 +21,10 @@ pipeline: tag: v${{package.version}} expected-commit: b9b22a266f4f11efe04b0db837ceb3fca7b30dad + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: . From 0387cf09cf878f472f5b2311599be514b07c534c Mon Sep 17 00:00:00 2001 From: Justin Vreeland Date: Thu, 12 Dec 2024 00:17:55 +0000 Subject: [PATCH 40/72] Add file based escape hatch to openssf-compiler-options --- openssf-compiler-options.yaml | 12 +++++++++++- openssf-compiler-options/usr/local/bin/gcc-wrapper | 4 ++++ pipelines/compiler/disable-openssf-flags.yaml | 5 +++++ pipelines/compiler/undisable-openssf-flags.yaml | 5 +++++ py3-ml-metadata.yaml | 3 +++ 5 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 pipelines/compiler/disable-openssf-flags.yaml create mode 100644 pipelines/compiler/undisable-openssf-flags.yaml diff --git a/openssf-compiler-options.yaml b/openssf-compiler-options.yaml index bba3bf595fb..72908e8c17b 100644 --- a/openssf-compiler-options.yaml +++ b/openssf-compiler-options.yaml @@ -1,7 +1,7 @@ package: name: openssf-compiler-options version: 20240627 - epoch: 5 + epoch: 6 description: "Compiler Options Hardening Guide for C and C++" url: https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html copyright: @@ -57,6 +57,16 @@ test: touch foo.c gcc -v foo.c &>stderr.log || true grep gcc_s stderr.log + - name: Ensure etc specfile is used + runs: | + touch /etc/gcc_spec_file + gcc -v 2>&1 | grep "/etc/gcc_spec_file" + rm /etc/gcc_spec_file + - name: Ensure GCC_SPEC_FILE is used over "/etc/gcc_spec_file" + runs: | + touch /etc/gcc_spec_file + GCC_SPEC_FILE="/dev/null" gcc -v 2>&1 | grep "/dev/null" + rm /etc/gcc_spec_file update: enabled: false diff --git a/openssf-compiler-options/usr/local/bin/gcc-wrapper b/openssf-compiler-options/usr/local/bin/gcc-wrapper index 943d6db3d7e..9985e285bcf 100755 --- a/openssf-compiler-options/usr/local/bin/gcc-wrapper +++ b/openssf-compiler-options/usr/local/bin/gcc-wrapper @@ -1,2 +1,6 @@ #!/bin/sh + +if [ -z "$GCC_SPEC_FILE" ] && [ -f "/etc/gcc_spec_file" ]; then + GCC_SPEC_FILE="/etc/gcc_spec_file" +fi exec /usr/bin/${0##*/} -specs "${GCC_SPEC_FILE:-openssf.spec}" "$@" diff --git a/pipelines/compiler/disable-openssf-flags.yaml b/pipelines/compiler/disable-openssf-flags.yaml new file mode 100644 index 00000000000..f4667d9563d --- /dev/null +++ b/pipelines/compiler/disable-openssf-flags.yaml @@ -0,0 +1,5 @@ +name: disable-openssf-flags + +pipeline: + - runs: | + touch /etc/gcc_spec_file diff --git a/pipelines/compiler/undisable-openssf-flags.yaml b/pipelines/compiler/undisable-openssf-flags.yaml new file mode 100644 index 00000000000..b29ddb4c100 --- /dev/null +++ b/pipelines/compiler/undisable-openssf-flags.yaml @@ -0,0 +1,5 @@ +name: undisable-openssf-flags + +pipeline: + - runs: | + rm -f /etc/gcc_spec_file diff --git a/py3-ml-metadata.yaml b/py3-ml-metadata.yaml index 17f465a5e62..92969e6d65a 100644 --- a/py3-ml-metadata.yaml +++ b/py3-ml-metadata.yaml @@ -31,6 +31,7 @@ environment: - cmake - gcc~13 - openjdk-11 + - openssf-compiler-options - openssl-dev - patch - py3-supported-build-base-dev @@ -49,6 +50,8 @@ pipeline: with: series: series + - uses: compiler/disable-openssf-flags + subpackages: - range: py-versions name: py${{range.key}}-${{vars.pypi-package}} From ff9bf6b03342f200ed7ca25d3391b83c4a91dd81 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:08:33 -0500 Subject: [PATCH 41/72] Make python 3.13 version of virtual packages the default. - batch 02.09 (#36962) --- py3-itsdangerous.yaml | 4 ++-- py3-jaeger-client.yaml | 4 ++-- py3-jaraco.classes.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/py3-itsdangerous.yaml b/py3-itsdangerous.yaml index 8b2234493ae..fd2e48305da 100644 --- a/py3-itsdangerous.yaml +++ b/py3-itsdangerous.yaml @@ -1,7 +1,7 @@ package: name: py3-itsdangerous version: 2.2.0 - epoch: 3 + epoch: 4 description: Safely pass data to untrusted environments and back. copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-jaeger-client.yaml b/py3-jaeger-client.yaml index 5582f2e6e33..3b2ac8db4a3 100644 --- a/py3-jaeger-client.yaml +++ b/py3-jaeger-client.yaml @@ -1,7 +1,7 @@ package: name: py3-jaeger-client version: 4.8.0 - epoch: 4 + epoch: 5 description: Jaeger Python OpenTracing Tracer implementation copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-jaraco.classes.yaml b/py3-jaraco.classes.yaml index a6c7d4fda94..879c49d2f75 100644 --- a/py3-jaraco.classes.yaml +++ b/py3-jaraco.classes.yaml @@ -2,7 +2,7 @@ package: name: py3-jaraco.classes version: 3.4.0 - epoch: 4 + epoch: 5 description: Utility functions for Python class constructs copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From 0408698b92b17d1c3466dd56c0fc3b613e653fa6 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:15:37 -0500 Subject: [PATCH 42/72] Make python 3.13 version of virtual packages the default. - batch 02.07 (#36960) --- py3-httplib2.yaml | 4 ++-- py3-httpx.yaml | 4 ++-- py3-huggingface-hub.yaml | 4 ++-- py3-humanfriendly.yaml | 4 ++-- py3-hyperlink.yaml | 4 ++-- py3-hyperopt.yaml | 4 ++-- py3-idna.yaml | 4 ++-- py3-imagesize.yaml | 4 ++-- py3-importlib-metadata.yaml | 4 ++-- py3-importlib-resources.yaml | 4 ++-- py3-influxdb-client.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/py3-httplib2.yaml b/py3-httplib2.yaml index 51b5cea56b0..8747fc2ef98 100644 --- a/py3-httplib2.yaml +++ b/py3-httplib2.yaml @@ -1,7 +1,7 @@ package: name: py3-httplib2 version: 0.22.0 - epoch: 2 + epoch: 3 description: A comprehensive HTTP client library. copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-httpx.yaml b/py3-httpx.yaml index 9a106a3081f..48db8dfdba3 100644 --- a/py3-httpx.yaml +++ b/py3-httpx.yaml @@ -2,7 +2,7 @@ package: name: py3-httpx version: 0.28.1 - epoch: 0 + epoch: 1 description: The next generation HTTP client. copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-huggingface-hub.yaml b/py3-huggingface-hub.yaml index 88c336b0d5c..b509f4a18a9 100644 --- a/py3-huggingface-hub.yaml +++ b/py3-huggingface-hub.yaml @@ -2,7 +2,7 @@ package: name: py3-huggingface-hub version: 0.26.5 - epoch: 0 + epoch: 1 description: Client library to download and publish models, datasets and other repos on the huggingface.co hub copyright: - license: Apache-2.0 @@ -29,7 +29,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' pipeline: - uses: git-checkout diff --git a/py3-humanfriendly.yaml b/py3-humanfriendly.yaml index 1ce35960a7a..42de2127024 100644 --- a/py3-humanfriendly.yaml +++ b/py3-humanfriendly.yaml @@ -2,7 +2,7 @@ package: name: py3-humanfriendly version: '10.0' - epoch: 5 + epoch: 6 description: Human friendly output for text interfaces using Python copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-hyperlink.yaml b/py3-hyperlink.yaml index b61200bd328..fcbc5fb73da 100644 --- a/py3-hyperlink.yaml +++ b/py3-hyperlink.yaml @@ -1,7 +1,7 @@ package: name: py3-hyperlink version: 21.0.0 - epoch: 3 + epoch: 4 description: A featureful, immutable, and correct URL for Python. copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-hyperopt.yaml b/py3-hyperopt.yaml index f38aa607804..0a45bc22210 100644 --- a/py3-hyperopt.yaml +++ b/py3-hyperopt.yaml @@ -1,7 +1,7 @@ package: name: py3-hyperopt version: 0.2.7 - epoch: 3 + epoch: 4 description: Distributed Asynchronous Hyperparameter Optimization copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-idna.yaml b/py3-idna.yaml index e3a3b71e6ca..250dac92257 100644 --- a/py3-idna.yaml +++ b/py3-idna.yaml @@ -2,7 +2,7 @@ package: name: py3-idna version: '3.10' - epoch: 1 + epoch: 2 description: Internationalized Domain Names in Applications (IDNA) copyright: - license: BSD-3-Clause @@ -30,7 +30,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' pipeline: - uses: git-checkout diff --git a/py3-imagesize.yaml b/py3-imagesize.yaml index 0abef1741a2..186e32f1ec6 100644 --- a/py3-imagesize.yaml +++ b/py3-imagesize.yaml @@ -1,7 +1,7 @@ package: name: py3-imagesize version: 1.4.1 - epoch: 2 + epoch: 3 description: Getting image size from png/jpeg/jpeg2000/gif file copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-importlib-metadata.yaml b/py3-importlib-metadata.yaml index 2b61525c231..28f82c0f47b 100644 --- a/py3-importlib-metadata.yaml +++ b/py3-importlib-metadata.yaml @@ -2,7 +2,7 @@ package: name: py3-importlib-metadata version: 8.5.0 - epoch: 1 + epoch: 2 description: Read metadata from Python packages copyright: - license: Apache-2.0 @@ -19,7 +19,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-importlib-resources.yaml b/py3-importlib-resources.yaml index f3ac73c2f8d..61c7120eb0d 100644 --- a/py3-importlib-resources.yaml +++ b/py3-importlib-resources.yaml @@ -1,7 +1,7 @@ package: name: py3-importlib-resources version: 6.4.5 - epoch: 1 + epoch: 2 description: Read resources from Python packages copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-influxdb-client.yaml b/py3-influxdb-client.yaml index 97daf6f0432..516d0a80e16 100644 --- a/py3-influxdb-client.yaml +++ b/py3-influxdb-client.yaml @@ -1,7 +1,7 @@ package: name: py3-influxdb-client version: 1.48.0 - epoch: 0 + epoch: 1 description: InfluxDB 2.0 python client copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From 9f2ca3f4b736ecc80fa0b06840fb2d6aa00da3e1 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:16:21 -0500 Subject: [PATCH 43/72] Make python 3.13 version of virtual packages the default. batch 1.4 (#36944) --- py3-avro-python3.yaml | 4 ++-- py3-awscrt.yaml | 4 ++-- py3-awslambdaric.yaml | 4 ++-- py3-azure-core.yaml | 4 ++-- py3-azure-identity.yaml | 4 ++-- py3-azure-storage-blob.yaml | 4 ++-- py3-babel.yaml | 4 ++-- py3-backcall.yaml | 4 ++-- py3-backoff.yaml | 4 ++-- py3-backports.tarfile.yaml | 4 ++-- py3-bcrypt.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/py3-avro-python3.yaml b/py3-avro-python3.yaml index 567e60d4515..0c760a7b5e1 100644 --- a/py3-avro-python3.yaml +++ b/py3-avro-python3.yaml @@ -1,7 +1,7 @@ package: name: py3-avro-python3 version: 1.10.2 - epoch: 3 + epoch: 4 description: Avro is a serialization and RPC framework. copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-awscrt.yaml b/py3-awscrt.yaml index 6ec0f55b350..10cfadf8b37 100644 --- a/py3-awscrt.yaml +++ b/py3-awscrt.yaml @@ -1,7 +1,7 @@ package: name: py3-awscrt version: 0.23.4 - epoch: 0 + epoch: 1 description: Python bindings for the AWS Common Runtime copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: "310" 3.11: "311" 3.12: "312" - 3.13: "300" + 3.13: "313" environment: contents: diff --git a/py3-awslambdaric.yaml b/py3-awslambdaric.yaml index 1eb219bf33e..0ce2db4b52b 100644 --- a/py3-awslambdaric.yaml +++ b/py3-awslambdaric.yaml @@ -1,7 +1,7 @@ package: name: py3-awslambdaric version: 3.0.0 - epoch: 0 + epoch: 1 description: AWS Lambda Runtime Interface Client for Python copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-azure-core.yaml b/py3-azure-core.yaml index 26a90c38ade..b19aeac076f 100644 --- a/py3-azure-core.yaml +++ b/py3-azure-core.yaml @@ -1,7 +1,7 @@ package: name: py3-azure-core version: 1.32.0 - epoch: 0 + epoch: 1 description: Microsoft Azure Core Library for Python copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-azure-identity.yaml b/py3-azure-identity.yaml index 81473075de7..3ac84e6df9c 100644 --- a/py3-azure-identity.yaml +++ b/py3-azure-identity.yaml @@ -1,7 +1,7 @@ package: name: py3-azure-identity version: 1.19.0 - epoch: 1 + epoch: 2 description: Microsoft Azure Identity Library for Python copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-azure-storage-blob.yaml b/py3-azure-storage-blob.yaml index 168b862e87a..442ef57269f 100644 --- a/py3-azure-storage-blob.yaml +++ b/py3-azure-storage-blob.yaml @@ -1,7 +1,7 @@ package: name: py3-azure-storage-blob version: 12.24.0 - epoch: 0 + epoch: 1 description: Microsoft Azure Blob Storage Client Library for Python copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-babel.yaml b/py3-babel.yaml index 44a4588ec43..effe4316014 100644 --- a/py3-babel.yaml +++ b/py3-babel.yaml @@ -1,7 +1,7 @@ package: name: py3-babel version: 2.16.0 - epoch: 1 + epoch: 2 description: Python3 i18n tool copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-backcall.yaml b/py3-backcall.yaml index 4073d4862fc..5928e77e813 100644 --- a/py3-backcall.yaml +++ b/py3-backcall.yaml @@ -1,7 +1,7 @@ package: name: py3-backcall version: 0.2.0 - epoch: 3 + epoch: 4 description: Specifications for callback functions passed in to an API copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-backoff.yaml b/py3-backoff.yaml index ec83c07847d..ea0e44c8888 100644 --- a/py3-backoff.yaml +++ b/py3-backoff.yaml @@ -1,7 +1,7 @@ package: name: py3-backoff version: 2.2.1 - epoch: 2 + epoch: 3 description: Function decoration for backoff and retry copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-backports.tarfile.yaml b/py3-backports.tarfile.yaml index 5d3d372008b..2e1af3d641e 100644 --- a/py3-backports.tarfile.yaml +++ b/py3-backports.tarfile.yaml @@ -1,7 +1,7 @@ package: name: py3-backports.tarfile version: 1.2.0 - epoch: 1 + epoch: 2 description: Backport of CPython tarfile module copyright: - license: MIT @@ -17,7 +17,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-bcrypt.yaml b/py3-bcrypt.yaml index 85fed7cf7b2..2ae87c11d62 100644 --- a/py3-bcrypt.yaml +++ b/py3-bcrypt.yaml @@ -1,7 +1,7 @@ package: name: py3-bcrypt version: 4.2.1 - epoch: 0 + epoch: 1 description: Modern password hashing for your software and your servers copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From 988414e10e0f1fc05cb181e26f4ef2f0d785a73e Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:16:49 -0500 Subject: [PATCH 44/72] Make python 3.13 version of virtual packages the default. batch 1.1 (#36941) --- emissary.yaml | 4 ++-- gdal.yaml | 4 ++-- grpc-1.67.yaml | 4 ++-- grpc-1.68.yaml | 4 ++-- py3-absl-py.yaml | 4 ++-- py3-agate.yaml | 4 ++-- py3-aiofiles.yaml | 4 ++-- py3-aiohappyeyeballs.yaml | 4 ++-- py3-aiohttp.yaml | 4 ++-- py3-aiosignal.yaml | 4 ++-- py3-alabaster.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/emissary.yaml b/emissary.yaml index 3cfc6954d44..915287278ee 100644 --- a/emissary.yaml +++ b/emissary.yaml @@ -1,7 +1,7 @@ package: name: emissary version: 3.9.1 - epoch: 4 + epoch: 5 description: "open source Kubernetes-native API gateway for microservices built on the Envoy Proxy" copyright: - license: Apache-2.0 @@ -20,7 +20,7 @@ data: 3.10: "310" 3.11: "311" 3.12: "312" - 3.13: "300" + 3.13: "313" environment: contents: diff --git a/gdal.yaml b/gdal.yaml index d756de8e9eb..0e6d40deaa4 100644 --- a/gdal.yaml +++ b/gdal.yaml @@ -1,7 +1,7 @@ package: name: gdal version: 3.10.0 - epoch: 0 + epoch: 1 description: GDAL is an open source MIT licensed translator library for raster and vector geospatial data formats. copyright: - license: MIT @@ -14,7 +14,7 @@ data: 3.10: "310" 3.11: "311" 3.12: "312" - 3.13: "300" + 3.13: "313" environment: environment: diff --git a/grpc-1.67.yaml b/grpc-1.67.yaml index 5b6036081b3..2cd82c9ab89 100644 --- a/grpc-1.67.yaml +++ b/grpc-1.67.yaml @@ -1,7 +1,7 @@ package: name: grpc-1.67 version: 1.67.1 - epoch: 3 + epoch: 4 description: The C based gRPC copyright: - license: Apache-2.0 AND BSD-3-Clause AND MIT @@ -28,7 +28,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/grpc-1.68.yaml b/grpc-1.68.yaml index fced38bcdeb..beb89324ad0 100644 --- a/grpc-1.68.yaml +++ b/grpc-1.68.yaml @@ -1,7 +1,7 @@ package: name: grpc-1.68 version: 1.68.2 - epoch: 1 + epoch: 2 description: The C based gRPC copyright: - license: Apache-2.0 AND BSD-3-Clause AND MIT @@ -28,7 +28,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-absl-py.yaml b/py3-absl-py.yaml index 212d36aed08..7bf8f0b1bf0 100644 --- a/py3-absl-py.yaml +++ b/py3-absl-py.yaml @@ -1,7 +1,7 @@ package: name: py3-absl-py version: 2.1.0 - epoch: 2 + epoch: 3 description: Abseil Python Common Libraries, see https://github.com/abseil/abseil-py. copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-agate.yaml b/py3-agate.yaml index 9d7bccc57dd..97f17dd3e12 100644 --- a/py3-agate.yaml +++ b/py3-agate.yaml @@ -1,7 +1,7 @@ package: name: py3-agate version: 1.12.0 - epoch: 1 + epoch: 2 description: A data analysis library that is optimized for humans instead of machines. copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-aiofiles.yaml b/py3-aiofiles.yaml index 3ee54ba9439..b2e7afcc686 100644 --- a/py3-aiofiles.yaml +++ b/py3-aiofiles.yaml @@ -1,7 +1,7 @@ package: name: py3-aiofiles version: 24.1.0 - epoch: 3 + epoch: 4 description: File support for asyncio. copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-aiohappyeyeballs.yaml b/py3-aiohappyeyeballs.yaml index d0dd1e6b4e4..59f56dafdd9 100644 --- a/py3-aiohappyeyeballs.yaml +++ b/py3-aiohappyeyeballs.yaml @@ -2,7 +2,7 @@ package: name: py3-aiohappyeyeballs version: 2.4.4 - epoch: 0 + epoch: 1 description: Happy Eyeballs for pre-resolved hosts copyright: - license: PSF-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-aiohttp.yaml b/py3-aiohttp.yaml index 6f12863c8d9..16caa59476f 100644 --- a/py3-aiohttp.yaml +++ b/py3-aiohttp.yaml @@ -2,7 +2,7 @@ package: name: py3-aiohttp version: 3.11.10 - epoch: 0 + epoch: 1 description: Async http client/server framework (asyncio) copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-aiosignal.yaml b/py3-aiosignal.yaml index 4fd6b1e8d53..9ae8326b428 100644 --- a/py3-aiosignal.yaml +++ b/py3-aiosignal.yaml @@ -2,7 +2,7 @@ package: name: py3-aiosignal version: 1.3.2 - epoch: 0 + epoch: 1 description: 'aiosignal: a list of registered asynchronous callbacks' copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-alabaster.yaml b/py3-alabaster.yaml index 15fbdcf7616..44307e5cbc9 100644 --- a/py3-alabaster.yaml +++ b/py3-alabaster.yaml @@ -1,7 +1,7 @@ package: name: py3-alabaster version: 1.0.0 - epoch: 1 + epoch: 2 description: A configurable sidebar-enabled Sphinx theme copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From 487c807fe58714c78c72fea3426d28574ef572ed Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:18:11 -0500 Subject: [PATCH 45/72] Make python 3.13 version of virtual packages the default. - batch 02.01 (#36954) --- py3-elfdeps.yaml | 4 ++-- py3-entrypoints.yaml | 4 ++-- py3-escapism.yaml | 4 ++-- py3-exceptiongroup.yaml | 4 ++-- py3-executing.yaml | 4 ++-- py3-expandvars.yaml | 4 ++-- py3-extras.yaml | 4 ++-- py3-fabric.yaml | 4 ++-- py3-face.yaml | 4 ++-- py3-fastavro.yaml | 4 ++-- py3-fastbencode.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/py3-elfdeps.yaml b/py3-elfdeps.yaml index c16a44f3e79..dc6606f64cf 100644 --- a/py3-elfdeps.yaml +++ b/py3-elfdeps.yaml @@ -1,7 +1,7 @@ package: name: py3-elfdeps version: 0.2.0 - epoch: 1 + epoch: 2 description: Python implementation of RPM elfdeps copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: "3.10": "310" "3.11": "311" "3.12": "312" - "3.13": "300" + "3.13": "313" environment: contents: diff --git a/py3-entrypoints.yaml b/py3-entrypoints.yaml index 46ec52f2918..7a009d20939 100644 --- a/py3-entrypoints.yaml +++ b/py3-entrypoints.yaml @@ -1,7 +1,7 @@ package: name: py3-entrypoints version: '0.4' - epoch: 3 + epoch: 4 description: Discover and load entry points from installed packages. copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-escapism.yaml b/py3-escapism.yaml index 092bf006968..ac5cfc43618 100644 --- a/py3-escapism.yaml +++ b/py3-escapism.yaml @@ -1,7 +1,7 @@ package: name: py3-escapism version: 1.0.1 - epoch: 1 + epoch: 2 description: Simple, generic API for escaping strings. copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-exceptiongroup.yaml b/py3-exceptiongroup.yaml index 44b3a8aa13e..144c798315a 100644 --- a/py3-exceptiongroup.yaml +++ b/py3-exceptiongroup.yaml @@ -2,7 +2,7 @@ package: name: py3-exceptiongroup version: 1.2.2 - epoch: 2 + epoch: 3 description: Backport of PEP 654 (exception groups) copyright: - license: MIT @@ -28,7 +28,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' pipeline: - uses: git-checkout diff --git a/py3-executing.yaml b/py3-executing.yaml index 1a4833cbea2..83c3914a763 100644 --- a/py3-executing.yaml +++ b/py3-executing.yaml @@ -1,7 +1,7 @@ package: name: py3-executing version: 2.1.0 - epoch: 2 + epoch: 3 description: Get the currently executing AST node of a frame, and other information copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-expandvars.yaml b/py3-expandvars.yaml index 009c655c43c..1e4cad31e5a 100644 --- a/py3-expandvars.yaml +++ b/py3-expandvars.yaml @@ -2,7 +2,7 @@ package: name: py3-expandvars version: 0.12.0 - epoch: 1 + epoch: 2 description: Expand system variables Unix style copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-extras.yaml b/py3-extras.yaml index e2421fb7a32..a495fab5440 100644 --- a/py3-extras.yaml +++ b/py3-extras.yaml @@ -1,7 +1,7 @@ package: name: py3-extras version: 1.0.0 - epoch: 1 + epoch: 2 description: Useful extra bits for Python - things that shold be in the standard library copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-fabric.yaml b/py3-fabric.yaml index a76e0e38aca..38736d0ea62 100644 --- a/py3-fabric.yaml +++ b/py3-fabric.yaml @@ -1,7 +1,7 @@ package: name: py3-fabric version: 3.2.2 - epoch: 3 + epoch: 4 description: High level SSH command execution copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-face.yaml b/py3-face.yaml index 461a5600a94..be4b7bd7db8 100644 --- a/py3-face.yaml +++ b/py3-face.yaml @@ -1,7 +1,7 @@ package: name: py3-face version: 24.0.0 - epoch: 0 + epoch: 1 description: A command-line application framework (and CLI parser). Friendly for users, full-featured for developers. copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-fastavro.yaml b/py3-fastavro.yaml index e2ee52484c1..35e29cf4028 100644 --- a/py3-fastavro.yaml +++ b/py3-fastavro.yaml @@ -1,7 +1,7 @@ package: name: py3-fastavro version: 1.9.7 - epoch: 1 + epoch: 2 description: Fast read/write of AVRO files copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-fastbencode.yaml b/py3-fastbencode.yaml index 14c4a7afaec..31b51af9e75 100644 --- a/py3-fastbencode.yaml +++ b/py3-fastbencode.yaml @@ -1,7 +1,7 @@ package: name: py3-fastbencode version: 0.3.1 - epoch: 2 + epoch: 3 description: Implementation of bencode with optional fast C extensions copyright: - license: GPL-2.0-or-later @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From 4943405f5bc403ce549c3d9729c198afc66b681d Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:18:39 -0500 Subject: [PATCH 46/72] Make python 3.13 version of virtual packages the default. - batch 02.04 (#36957) --- py3-glom.yaml | 4 ++-- py3-glpk.yaml | 4 ++-- py3-google-api-core.yaml | 4 ++-- py3-google-auth-httplib2.yaml | 4 ++-- py3-google-auth-oauthlib.yaml | 4 ++-- py3-google-auth.yaml | 4 ++-- py3-google-cloud-core.yaml | 4 ++-- py3-google-cloud-spanner.yaml | 4 ++-- py3-google-crc32c.yaml | 4 ++-- py3-google-pasta.yaml | 4 ++-- py3-google-resumable-media.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/py3-glom.yaml b/py3-glom.yaml index d56e2f5add6..e3ceb446daa 100644 --- a/py3-glom.yaml +++ b/py3-glom.yaml @@ -1,7 +1,7 @@ package: name: py3-glom version: 24.11.0 - epoch: 0 + epoch: 1 description: Python's nested data operator (and CLI), for all your declarative restructuring needs. Got data? Glom it! copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-glpk.yaml b/py3-glpk.yaml index 4cefeea95ac..1517bd80c92 100644 --- a/py3-glpk.yaml +++ b/py3-glpk.yaml @@ -1,7 +1,7 @@ package: name: py3-glpk version: 0.4.8 - epoch: 1 + epoch: 2 description: PyGLPK, a Python module encapsulating GLPK. copyright: - license: GPL-3.0-or-later @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-google-api-core.yaml b/py3-google-api-core.yaml index e79f1c3e35e..c76025a5289 100644 --- a/py3-google-api-core.yaml +++ b/py3-google-api-core.yaml @@ -1,7 +1,7 @@ package: name: py3-google-api-core version: 2.24.0 - epoch: 0 + epoch: 1 description: Google API client core library copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-google-auth-httplib2.yaml b/py3-google-auth-httplib2.yaml index 17b74243d6c..564e020cfd3 100644 --- a/py3-google-auth-httplib2.yaml +++ b/py3-google-auth-httplib2.yaml @@ -1,7 +1,7 @@ package: name: py3-google-auth-httplib2 version: 0.2.0 - epoch: 3 + epoch: 4 description: 'Google Authentication Library: httplib2 transport' copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-google-auth-oauthlib.yaml b/py3-google-auth-oauthlib.yaml index 24a69c4e50b..4d9af7f0862 100644 --- a/py3-google-auth-oauthlib.yaml +++ b/py3-google-auth-oauthlib.yaml @@ -1,7 +1,7 @@ package: name: py3-google-auth-oauthlib version: 1.2.1 - epoch: 2 + epoch: 3 description: Google Authentication Library copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-google-auth.yaml b/py3-google-auth.yaml index c2140b4a803..8581fd78d2f 100644 --- a/py3-google-auth.yaml +++ b/py3-google-auth.yaml @@ -1,7 +1,7 @@ package: name: py3-google-auth version: 2.37.0 - epoch: 0 + epoch: 1 description: Google Authentication Library copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-google-cloud-core.yaml b/py3-google-cloud-core.yaml index 2428fb546e5..59340456743 100644 --- a/py3-google-cloud-core.yaml +++ b/py3-google-cloud-core.yaml @@ -1,7 +1,7 @@ package: name: py3-google-cloud-core version: 2.4.1 - epoch: 4 + epoch: 5 description: Google Cloud API client core library copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-google-cloud-spanner.yaml b/py3-google-cloud-spanner.yaml index c608fc703d2..0c32d0f94f4 100644 --- a/py3-google-cloud-spanner.yaml +++ b/py3-google-cloud-spanner.yaml @@ -1,7 +1,7 @@ package: name: py3-google-cloud-spanner version: 3.51.0 - epoch: 0 + epoch: 1 description: Google Cloud Spanner API client library copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-google-crc32c.yaml b/py3-google-crc32c.yaml index cb1c0df0cb0..ea3f24de3da 100644 --- a/py3-google-crc32c.yaml +++ b/py3-google-crc32c.yaml @@ -1,7 +1,7 @@ package: name: py3-google-crc32c version: 1.6.0 - epoch: 1 + epoch: 2 description: A python wrapper of the C library 'Google CRC32C' copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-google-pasta.yaml b/py3-google-pasta.yaml index b8f2b0db7e8..810ea62cbd4 100644 --- a/py3-google-pasta.yaml +++ b/py3-google-pasta.yaml @@ -1,7 +1,7 @@ package: name: py3-google-pasta version: 0.2.0 - epoch: 3 + epoch: 4 description: pasta is an AST-based Python refactoring library copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-google-resumable-media.yaml b/py3-google-resumable-media.yaml index fc9c21f5472..159b4175fed 100644 --- a/py3-google-resumable-media.yaml +++ b/py3-google-resumable-media.yaml @@ -1,7 +1,7 @@ package: name: py3-google-resumable-media version: 2.7.2 - epoch: 2 + epoch: 3 description: Utilities for Google Media Downloads and Resumable Uploads copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From fdf2611ce8290d7299158324ed8b0710b11db744 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:19:31 -0500 Subject: [PATCH 47/72] Make python 3.13 version of virtual packages the default. batch 1.3 (#36943) --- py3-argon2-cffi-bindings.yaml | 4 ++-- py3-argon2-cffi.yaml | 4 ++-- py3-asgiref.yaml | 4 ++-- py3-asn1crypto.yaml | 4 ++-- py3-astroid.yaml | 4 ++-- py3-asttokens.yaml | 4 ++-- py3-astunparse.yaml | 4 ++-- py3-async-generator.yaml | 4 ++-- py3-async-lru.yaml | 4 ++-- py3-async-timeout.yaml | 4 ++-- py3-attrs.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/py3-argon2-cffi-bindings.yaml b/py3-argon2-cffi-bindings.yaml index 74f6e76e709..27aa7d131b7 100644 --- a/py3-argon2-cffi-bindings.yaml +++ b/py3-argon2-cffi-bindings.yaml @@ -1,7 +1,7 @@ package: name: py3-argon2-cffi-bindings version: 21.2.0 - epoch: 4 + epoch: 5 description: Low-level CFFI bindings for Argon2 copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-argon2-cffi.yaml b/py3-argon2-cffi.yaml index 34a7c0d30ee..62ee9095b40 100644 --- a/py3-argon2-cffi.yaml +++ b/py3-argon2-cffi.yaml @@ -1,7 +1,7 @@ package: name: py3-argon2-cffi version: 23.1.0 - epoch: 2 + epoch: 3 description: Argon2 for Python copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-asgiref.yaml b/py3-asgiref.yaml index 5a9f478e491..e64947527d1 100644 --- a/py3-asgiref.yaml +++ b/py3-asgiref.yaml @@ -1,7 +1,7 @@ package: name: py3-asgiref version: 3.8.1 - epoch: 1 + epoch: 2 description: ASGI specs, helper code, and adapters copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-asn1crypto.yaml b/py3-asn1crypto.yaml index fd7eaa910ab..b1e0ef17c24 100644 --- a/py3-asn1crypto.yaml +++ b/py3-asn1crypto.yaml @@ -1,7 +1,7 @@ package: name: py3-asn1crypto version: 1.5.1 - epoch: 1 + epoch: 2 description: Python ASN.1 library with a focus on performance and a pythonic API copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-astroid.yaml b/py3-astroid.yaml index c2b5e56d951..a3b18946d34 100644 --- a/py3-astroid.yaml +++ b/py3-astroid.yaml @@ -1,7 +1,7 @@ package: name: py3-astroid version: 3.3.6 - epoch: 0 + epoch: 1 description: A common base representation of python source code for pylint and other projects copyright: - license: LGPL-2.1-or-later @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-asttokens.yaml b/py3-asttokens.yaml index ca46c8846a4..8260c3d9dad 100644 --- a/py3-asttokens.yaml +++ b/py3-asttokens.yaml @@ -1,7 +1,7 @@ package: name: py3-asttokens version: 3.0.0 - epoch: 0 + epoch: 1 description: Annotate AST trees with source code positions copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-astunparse.yaml b/py3-astunparse.yaml index b2cd0666693..5f1f7a4cd23 100644 --- a/py3-astunparse.yaml +++ b/py3-astunparse.yaml @@ -1,7 +1,7 @@ package: name: py3-astunparse version: 1.6.3 - epoch: 4 + epoch: 5 description: An AST unparser for Python copyright: - license: BSD-3-Clause @@ -27,7 +27,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' pipeline: - uses: git-checkout diff --git a/py3-async-generator.yaml b/py3-async-generator.yaml index eb89589d23b..9a71bfff654 100644 --- a/py3-async-generator.yaml +++ b/py3-async-generator.yaml @@ -1,7 +1,7 @@ package: name: py3-async-generator version: 1.10 - epoch: 2 + epoch: 3 description: Async generators and context managers for Python 3.5+ copyright: - license: MIT OR Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-async-lru.yaml b/py3-async-lru.yaml index 1f6e8394f30..2d2d815afb0 100644 --- a/py3-async-lru.yaml +++ b/py3-async-lru.yaml @@ -1,7 +1,7 @@ package: name: py3-async-lru version: 2.0.4 - epoch: 3 + epoch: 4 description: Simple LRU cache for asyncio copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-async-timeout.yaml b/py3-async-timeout.yaml index 4af83269f9d..4fa56a71604 100644 --- a/py3-async-timeout.yaml +++ b/py3-async-timeout.yaml @@ -1,7 +1,7 @@ package: name: py3-async-timeout version: 4.0.3 - epoch: 5 + epoch: 6 description: Timeout context manager for asyncio programs copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-attrs.yaml b/py3-attrs.yaml index c3678c9ed88..be01188bf0f 100644 --- a/py3-attrs.yaml +++ b/py3-attrs.yaml @@ -2,7 +2,7 @@ package: name: py3-attrs version: 24.2.0 - epoch: 2 + epoch: 3 description: Classes Without Boilerplate copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From c47ad2819d7754da070ea1a54c04675210788556 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Zemczak?= Date: Fri, 13 Dec 2024 21:23:07 +0100 Subject: [PATCH 48/72] bluez: workaround permission issue to enable test runs. (#36931) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Łukasz 'sil2100' Zemczak --- bluez.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/bluez.yaml b/bluez.yaml index 184ee44056b..5a3a6eaf84d 100644 --- a/bluez.yaml +++ b/bluez.yaml @@ -2,7 +2,7 @@ package: name: bluez version: "5.79" - epoch: 1 + epoch: 2 description: Tools for the Bluetooth protocol stack copyright: - license: GPL-2.0-or-later AND BSD-2-Clause AND MIT @@ -59,6 +59,12 @@ pipeline: install -Dm644 obexd/src/org.bluez.obex.service \ "${{targets.destdir}}"/usr/share/dbus-1/services/org.bluez.obex.service + # Workaround permission issue. Fixed upstream, but pulling in patch requires + # running autoreconf which seems to generate issues. + # https://github.com/bluez/bluez/commit/b1fd409960001a77cda2a09ecc00147ebd9c3667 + # Fixes: https://github.com/wolfi-dev/os/issues/31026 + chmod 0755 "${{targets.destdir}}"/etc/bluetooth + - uses: strip subpackages: From 1568a5c3cb74471525dcd6b9c767013e4b4eee6d Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:26:35 -0500 Subject: [PATCH 49/72] Make python 3.13 version of virtual packages the default. - batch 02.02 (#36955) --- py3-fasteners.yaml | 4 ++-- py3-fastjsonschema.yaml | 4 ++-- py3-ffwd.yaml | 4 ++-- py3-filelock.yaml | 4 ++-- py3-flask-cors.yaml | 4 ++-- py3-flask-opentracing.yaml | 4 ++-- py3-flask.yaml | 4 ++-- py3-flit-core.yaml | 4 ++-- py3-flit-scm.yaml | 4 ++-- py3-fonttools.yaml | 4 ++-- py3-forestci.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/py3-fasteners.yaml b/py3-fasteners.yaml index 496c018938e..a7f70db89ee 100644 --- a/py3-fasteners.yaml +++ b/py3-fasteners.yaml @@ -1,7 +1,7 @@ package: name: py3-fasteners version: '0.19' - epoch: 2 + epoch: 3 description: A python package that provides useful locks copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-fastjsonschema.yaml b/py3-fastjsonschema.yaml index caa3ec6eff1..30e199075d8 100644 --- a/py3-fastjsonschema.yaml +++ b/py3-fastjsonschema.yaml @@ -1,7 +1,7 @@ package: name: py3-fastjsonschema version: 2.21.1 - epoch: 0 + epoch: 1 description: Fastest Python implementation of JSON schema copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-ffwd.yaml b/py3-ffwd.yaml index a8899135518..ea33159d557 100644 --- a/py3-ffwd.yaml +++ b/py3-ffwd.yaml @@ -1,7 +1,7 @@ package: name: py3-ffwd version: 0.0.2 - epoch: 3 + epoch: 4 description: A Python client for FFWD copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-filelock.yaml b/py3-filelock.yaml index dae6c684625..5175e21476a 100644 --- a/py3-filelock.yaml +++ b/py3-filelock.yaml @@ -2,7 +2,7 @@ package: name: py3-filelock version: 3.16.1 - epoch: 1 + epoch: 2 description: A platform independent file lock. copyright: - license: Unlicense @@ -30,7 +30,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' pipeline: - uses: git-checkout diff --git a/py3-flask-cors.yaml b/py3-flask-cors.yaml index adf9f4a4667..e244b4ed719 100644 --- a/py3-flask-cors.yaml +++ b/py3-flask-cors.yaml @@ -1,7 +1,7 @@ package: name: py3-flask-cors version: 5.0.0 - epoch: 1 + epoch: 2 description: A Flask extension adding a decorator for CORS support copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-flask-opentracing.yaml b/py3-flask-opentracing.yaml index e99a78635ca..e7c3e2f040f 100644 --- a/py3-flask-opentracing.yaml +++ b/py3-flask-opentracing.yaml @@ -1,7 +1,7 @@ package: name: py3-flask-opentracing version: 2.0.0 - epoch: 3 + epoch: 4 description: OpenTracing support for Flask applications copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-flask.yaml b/py3-flask.yaml index 271e1484bea..6832d9c1872 100644 --- a/py3-flask.yaml +++ b/py3-flask.yaml @@ -1,7 +1,7 @@ package: name: py3-flask version: 3.1.0 - epoch: 0 + epoch: 1 description: A simple framework for building complex web applications. copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-flit-core.yaml b/py3-flit-core.yaml index d34a86c77b1..4413c23d8fb 100644 --- a/py3-flit-core.yaml +++ b/py3-flit-core.yaml @@ -1,7 +1,7 @@ package: name: py3-flit-core version: 3.10.1 - epoch: 0 + epoch: 1 description: "simple packaging tool for simple packages (core)" copyright: - license: BSD-3-Clause @@ -17,7 +17,7 @@ data: 3.10: "310" 3.11: "311" 3.12: "312" - 3.13: "300" + 3.13: "313" environment: contents: diff --git a/py3-flit-scm.yaml b/py3-flit-scm.yaml index f4bd68d60f0..9e93bfeccb4 100644 --- a/py3-flit-scm.yaml +++ b/py3-flit-scm.yaml @@ -1,7 +1,7 @@ package: name: py3-flit-scm version: 1.7.0 - epoch: 2 + epoch: 3 description: A PEP 518 build backend that uses setuptools_scm and flit_core copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-fonttools.yaml b/py3-fonttools.yaml index 1ed84f2e53e..484e58a6210 100644 --- a/py3-fonttools.yaml +++ b/py3-fonttools.yaml @@ -1,7 +1,7 @@ package: name: py3-fonttools version: 4.55.3 - epoch: 0 + epoch: 1 description: Tools to manipulate font files copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-forestci.yaml b/py3-forestci.yaml index 9e0cc8d2b6a..9e4376e1add 100644 --- a/py3-forestci.yaml +++ b/py3-forestci.yaml @@ -1,7 +1,7 @@ package: name: py3-forestci version: '0.7' - epoch: 1 + epoch: 2 description: 'forestci: confidence intervals for scikit-learn forest algorithms' copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From 6b57819e7325c251f673eadd76080c167b35ded9 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:29:03 -0500 Subject: [PATCH 50/72] Make python 3.13 version of virtual packages the default. - batch 02.08 (#36961) --- py3-iniconfig.yaml | 4 ++-- py3-installer.yaml | 4 ++-- py3-invoke.yaml | 4 ++-- py3-ipaddress.yaml | 4 ++-- py3-ipykernel.yaml | 4 ++-- py3-ipython-genutils.yaml | 4 ++-- py3-ipython.yaml | 4 ++-- py3-ipywidgets.yaml | 4 ++-- py3-isodate.yaml | 4 ++-- py3-isort.yaml | 4 ++-- py3-itables.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/py3-iniconfig.yaml b/py3-iniconfig.yaml index 831ce8794c9..f5e36e7cc7b 100644 --- a/py3-iniconfig.yaml +++ b/py3-iniconfig.yaml @@ -1,7 +1,7 @@ package: name: py3-iniconfig version: 2.0.0 - epoch: 4 + epoch: 5 description: brain-dead simple parsing of ini files copyright: - license: MIT @@ -17,7 +17,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-installer.yaml b/py3-installer.yaml index d03d54d19aa..4761a7b73a8 100644 --- a/py3-installer.yaml +++ b/py3-installer.yaml @@ -1,7 +1,7 @@ package: name: py3-installer version: 0.7.0 - epoch: 9 + epoch: 10 description: A library for installing Python wheels. copyright: - license: "MIT" @@ -17,7 +17,7 @@ data: 3.10: "310" 3.11: "311" 3.12: "312" - 3.13: "300" + 3.13: "313" environment: contents: diff --git a/py3-invoke.yaml b/py3-invoke.yaml index 0e702e4aec1..a9215bb80ab 100644 --- a/py3-invoke.yaml +++ b/py3-invoke.yaml @@ -1,7 +1,7 @@ package: name: py3-invoke version: 2.2.0 - epoch: 2 + epoch: 3 description: Pythonic task management & command execution. copyright: - license: BSD-2-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-ipaddress.yaml b/py3-ipaddress.yaml index e4482b7c1a1..74ad3a395d5 100644 --- a/py3-ipaddress.yaml +++ b/py3-ipaddress.yaml @@ -1,7 +1,7 @@ package: name: py3-ipaddress version: 1.0.23 - epoch: 3 + epoch: 4 description: IPv4/IPv6 manipulation library copyright: - license: PSF-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-ipykernel.yaml b/py3-ipykernel.yaml index 5828458de6c..96f0fed386c 100644 --- a/py3-ipykernel.yaml +++ b/py3-ipykernel.yaml @@ -1,7 +1,7 @@ package: name: py3-ipykernel version: 6.29.5 - epoch: 2 + epoch: 3 description: IPython Kernel for Jupyter copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-ipython-genutils.yaml b/py3-ipython-genutils.yaml index cf9fef473cc..3579d82a636 100644 --- a/py3-ipython-genutils.yaml +++ b/py3-ipython-genutils.yaml @@ -1,7 +1,7 @@ package: name: py3-ipython-genutils version: 0.2.0 - epoch: 3 + epoch: 4 description: Vestigial utilities from IPython copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-ipython.yaml b/py3-ipython.yaml index 23e44d73cc8..b3758eff024 100644 --- a/py3-ipython.yaml +++ b/py3-ipython.yaml @@ -1,7 +1,7 @@ package: name: py3-ipython version: 8.16.0 - epoch: 2 + epoch: 3 description: 'IPython: Productive Interactive Computing' copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-ipywidgets.yaml b/py3-ipywidgets.yaml index 1a5b1498a6c..541c27fe0e9 100644 --- a/py3-ipywidgets.yaml +++ b/py3-ipywidgets.yaml @@ -1,7 +1,7 @@ package: name: py3-ipywidgets version: 8.1.5 - epoch: 1 + epoch: 2 description: Jupyter interactive widgets copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-isodate.yaml b/py3-isodate.yaml index 09f616e4191..79d36c70553 100644 --- a/py3-isodate.yaml +++ b/py3-isodate.yaml @@ -1,7 +1,7 @@ package: name: py3-isodate version: 0.7.2 - epoch: 1 + epoch: 2 description: An ISO 8601 date/time/duration parser and formatter copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-isort.yaml b/py3-isort.yaml index 839012d2b04..33a6bdccd99 100644 --- a/py3-isort.yaml +++ b/py3-isort.yaml @@ -1,7 +1,7 @@ package: name: py3-isort version: 5.13.2 - epoch: 2 + epoch: 3 description: A Python utility / library to sort imports. copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-itables.yaml b/py3-itables.yaml index 755b7f4f278..da6f735a0aa 100644 --- a/py3-itables.yaml +++ b/py3-itables.yaml @@ -1,7 +1,7 @@ package: name: py3-itables version: 2.2.4 - epoch: 0 + epoch: 1 description: Interactive Tables in Jupyter copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From cd2d9fffe191bef7a50074211361681086b12278 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:29:19 -0500 Subject: [PATCH 51/72] Make python 3.13 version of virtual packages the default. - batch 02.06 (#36959) --- py3-hatch-fancy-pypi-readme.yaml | 4 ++-- py3-hatch-jupyter-builder.yaml | 4 ++-- py3-hatch-nodejs-version.yaml | 4 ++-- py3-hatch-requirements-txt.yaml | 4 ++-- py3-hatch-vcs.yaml | 4 ++-- py3-hatch.yaml | 4 ++-- py3-hatchling.yaml | 4 ++-- py3-hdfs.yaml | 4 ++-- py3-hologram.yaml | 4 ++-- py3-html5lib.yaml | 4 ++-- py3-httpcore.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/py3-hatch-fancy-pypi-readme.yaml b/py3-hatch-fancy-pypi-readme.yaml index 7bef50169c4..550adab72b0 100644 --- a/py3-hatch-fancy-pypi-readme.yaml +++ b/py3-hatch-fancy-pypi-readme.yaml @@ -2,7 +2,7 @@ package: name: py3-hatch-fancy-pypi-readme version: 24.1.0 - epoch: 1 + epoch: 2 description: Fancy PyPI READMEs with Hatch copyright: - license: MIT @@ -19,7 +19,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-hatch-jupyter-builder.yaml b/py3-hatch-jupyter-builder.yaml index 553c25e2be6..db47eeedf53 100644 --- a/py3-hatch-jupyter-builder.yaml +++ b/py3-hatch-jupyter-builder.yaml @@ -1,7 +1,7 @@ package: name: py3-hatch-jupyter-builder version: 0.9.1 - epoch: 1 + epoch: 2 description: A hatch plugin to help build Jupyter packages copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-hatch-nodejs-version.yaml b/py3-hatch-nodejs-version.yaml index 996fbaa15aa..f6ca94d3e08 100644 --- a/py3-hatch-nodejs-version.yaml +++ b/py3-hatch-nodejs-version.yaml @@ -1,7 +1,7 @@ package: name: py3-hatch-nodejs-version version: 0.3.2 - epoch: 1 + epoch: 2 description: Reads PEP 621 metadata from the Node.js package.json file. copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-hatch-requirements-txt.yaml b/py3-hatch-requirements-txt.yaml index ab99be8e469..c0c9cf9a405 100644 --- a/py3-hatch-requirements-txt.yaml +++ b/py3-hatch-requirements-txt.yaml @@ -2,7 +2,7 @@ package: name: py3-hatch-requirements-txt version: 0.4.1 - epoch: 1 + epoch: 2 description: Hatchling plugin to read project dependencies from requirements.txt copyright: - license: MIT @@ -25,7 +25,7 @@ data: 3.10: "310" 3.11: "311" 3.12: "312" - 3.13: "310" + 3.13: "313" pipeline: - uses: git-checkout diff --git a/py3-hatch-vcs.yaml b/py3-hatch-vcs.yaml index abc99c0b1ce..25e583f710c 100644 --- a/py3-hatch-vcs.yaml +++ b/py3-hatch-vcs.yaml @@ -2,7 +2,7 @@ package: name: py3-hatch-vcs version: 0.4.0 - epoch: 1 + epoch: 2 description: Hatch plugin for versioning with your preferred VCS copyright: - license: MIT @@ -23,7 +23,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-hatch.yaml b/py3-hatch.yaml index 4b044ca537d..801f0e06943 100644 --- a/py3-hatch.yaml +++ b/py3-hatch.yaml @@ -1,7 +1,7 @@ package: name: py3-hatch version: 1.13.0 - epoch: 0 + epoch: 1 description: Modern, extensible Python project management copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-hatchling.yaml b/py3-hatchling.yaml index 992fc1fbb7e..1fbad38782a 100644 --- a/py3-hatchling.yaml +++ b/py3-hatchling.yaml @@ -1,7 +1,7 @@ package: name: py3-hatchling version: 1.26.3 - epoch: 0 + epoch: 1 description: Modern, extensible Python build backend copyright: - license: BSD-3-Clause @@ -17,7 +17,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-hdfs.yaml b/py3-hdfs.yaml index 59374abaee8..d20151c98fc 100644 --- a/py3-hdfs.yaml +++ b/py3-hdfs.yaml @@ -1,7 +1,7 @@ package: name: py3-hdfs version: 2.7.3 - epoch: 1 + epoch: 2 description: 'HdfsCLI: API and command line interface for HDFS.' copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-hologram.yaml b/py3-hologram.yaml index dc28cfd6041..113b42f864e 100644 --- a/py3-hologram.yaml +++ b/py3-hologram.yaml @@ -1,7 +1,7 @@ package: name: py3-hologram version: 0.0.16 - epoch: 2 + epoch: 3 description: JSON schema generation from dataclasses copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-html5lib.yaml b/py3-html5lib.yaml index d6305512939..a2964ff71ac 100644 --- a/py3-html5lib.yaml +++ b/py3-html5lib.yaml @@ -1,7 +1,7 @@ package: name: py3-html5lib version: "1.1" - epoch: 3 + epoch: 4 description: HTML parser based on the WHATWG HTML specification copyright: - license: MIT @@ -14,7 +14,7 @@ data: "3.10": "310" "3.11": "311" "3.12": "312" - "3.13": "300" + "3.13": "313" vars: module_name: html5lib diff --git a/py3-httpcore.yaml b/py3-httpcore.yaml index fe70928aa0d..aefcffd5a56 100644 --- a/py3-httpcore.yaml +++ b/py3-httpcore.yaml @@ -2,7 +2,7 @@ package: name: py3-httpcore version: 1.0.7 - epoch: 0 + epoch: 1 description: A minimal low-level HTTP client. copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From bd15d28b88162ae71c9e137f6e23762cacf78d89 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:33:14 -0500 Subject: [PATCH 52/72] Make python 3.13 version of virtual packages the default. - batch 02.03 (#36956) --- py3-fromager.yaml | 8 ++++---- py3-frozenlist.yaml | 4 ++-- py3-fsspec.yaml | 4 ++-- py3-future.yaml | 4 ++-- py3-gast.yaml | 4 ++-- py3-gcloud-aio-auth.yaml | 4 ++-- py3-gcloud-aio-storage.yaml | 4 ++-- py3-gcovr.yaml | 4 ++-- py3-geomet.yaml | 4 ++-- py3-gevent.yaml | 4 ++-- py3-git-filter-repo.yaml | 4 ++-- 11 files changed, 24 insertions(+), 24 deletions(-) diff --git a/py3-fromager.yaml b/py3-fromager.yaml index ee9d89b7458..b1bc241a13f 100644 --- a/py3-fromager.yaml +++ b/py3-fromager.yaml @@ -1,7 +1,7 @@ package: name: py3-fromager - version: 0.36.0 - epoch: 0 + version: 0.35.0 + epoch: 1 description: Wheel maker copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: items: "3.11": "311" "3.12": "312" - "3.13": "300" + "3.13": "313" environment: contents: @@ -36,7 +36,7 @@ pipeline: - uses: git-checkout with: repository: https://github.com/python-wheel-build/fromager - expected-commit: 34c79b3f37dd9fd136ce598102f2e1374520ce5a + expected-commit: 2f76a2601c2092975822a4ac653c1c4a4116b260 tag: ${{package.version}} subpackages: diff --git a/py3-frozenlist.yaml b/py3-frozenlist.yaml index a7d71cbb10d..8bf98b62093 100644 --- a/py3-frozenlist.yaml +++ b/py3-frozenlist.yaml @@ -1,7 +1,7 @@ package: name: py3-frozenlist version: 1.5.0 - epoch: 0 + epoch: 1 description: A list-like structure which implements collections.abc.MutableSequence copyright: - license: Apache-2.0 @@ -17,7 +17,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-fsspec.yaml b/py3-fsspec.yaml index 7cb253d3fcf..1d0828eef23 100644 --- a/py3-fsspec.yaml +++ b/py3-fsspec.yaml @@ -2,7 +2,7 @@ package: name: py3-fsspec version: 2024.10.0 - epoch: 0 + epoch: 1 description: File-system specification copyright: - license: BSD-3-Clause @@ -32,7 +32,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' pipeline: - uses: git-checkout diff --git a/py3-future.yaml b/py3-future.yaml index bace3bb267e..a9679946858 100644 --- a/py3-future.yaml +++ b/py3-future.yaml @@ -1,7 +1,7 @@ package: name: py3-future version: 1.0.0 - epoch: 1 + epoch: 2 description: Clean single-source support for Python 3 and 2 copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-gast.yaml b/py3-gast.yaml index 386e149e9a1..ccb86b6fe14 100644 --- a/py3-gast.yaml +++ b/py3-gast.yaml @@ -1,7 +1,7 @@ package: name: py3-gast version: 0.6.0 - epoch: 2 + epoch: 3 description: Python AST that abstracts the underlying Python version copyright: - license: BSD-3-Clause @@ -17,7 +17,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-gcloud-aio-auth.yaml b/py3-gcloud-aio-auth.yaml index 5bc5ab1d4f3..4a87eafd9de 100644 --- a/py3-gcloud-aio-auth.yaml +++ b/py3-gcloud-aio-auth.yaml @@ -1,7 +1,7 @@ package: name: py3-gcloud-aio-auth version: 5.3.2 - epoch: 2 + epoch: 3 description: Python Client for Google Cloud Auth copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-gcloud-aio-storage.yaml b/py3-gcloud-aio-storage.yaml index 944941e16ee..f91af436b27 100644 --- a/py3-gcloud-aio-storage.yaml +++ b/py3-gcloud-aio-storage.yaml @@ -1,7 +1,7 @@ package: name: py3-gcloud-aio-storage version: 9.3.0 - epoch: 3 + epoch: 4 description: Python Client for Google Cloud Storage copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-gcovr.yaml b/py3-gcovr.yaml index ea3123b746d..96d23b9aa33 100644 --- a/py3-gcovr.yaml +++ b/py3-gcovr.yaml @@ -1,7 +1,7 @@ package: name: py3-gcovr version: "8.2" - epoch: 0 + epoch: 1 description: Generate C/C++ code coverage reports with gcov copyright: - license: BSD-3-Clause # according to https://github.com/gcovr/gcovr/tree/master#license @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-geomet.yaml b/py3-geomet.yaml index 86dc6e13fd0..6d06bb3bddf 100644 --- a/py3-geomet.yaml +++ b/py3-geomet.yaml @@ -2,7 +2,7 @@ package: name: py3-geomet version: 1.1.0 - epoch: 4 + epoch: 5 description: Pure Python conversion library for common geospatial data formats copyright: - license: Apache-2.0 @@ -28,7 +28,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' pipeline: - uses: fetch diff --git a/py3-gevent.yaml b/py3-gevent.yaml index 9c031305854..c21c2315275 100644 --- a/py3-gevent.yaml +++ b/py3-gevent.yaml @@ -1,7 +1,7 @@ package: name: py3-gevent version: 24.11.1 - epoch: 0 + epoch: 1 description: Coroutine-based network library copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-git-filter-repo.yaml b/py3-git-filter-repo.yaml index 3177894c02e..64f612af277 100644 --- a/py3-git-filter-repo.yaml +++ b/py3-git-filter-repo.yaml @@ -1,7 +1,7 @@ package: name: py3-git-filter-repo version: 2.47.0 - epoch: 0 + epoch: 1 description: Quickly rewrite git repository history copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From 18b0738cf6a09198bf6b7d30f60feb31fff66ad3 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:38:41 -0500 Subject: [PATCH 53/72] Make python 3.13 version of virtual packages the default. - batch 02.00 (#36953) --- py3-distlib.yaml | 4 ++-- py3-distro.yaml | 4 ++-- py3-django.yaml | 4 ++-- py3-dnspython.yaml | 4 ++-- py3-docker-squash.yaml | 4 ++-- py3-docker.yaml | 4 ++-- py3-docopt.yaml | 4 ++-- py3-docutils.yaml | 4 ++-- py3-dulwich.yaml | 4 ++-- py3-durationpy.yaml | 4 ++-- py3-editables.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/py3-distlib.yaml b/py3-distlib.yaml index 62b93a59fa4..fb898504fb8 100644 --- a/py3-distlib.yaml +++ b/py3-distlib.yaml @@ -1,7 +1,7 @@ package: name: py3-distlib version: 0.3.9 - epoch: 0 + epoch: 1 description: Distribution utilities copyright: - license: PSF-2.0 @@ -17,7 +17,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-distro.yaml b/py3-distro.yaml index 96c33cae450..2936373f436 100644 --- a/py3-distro.yaml +++ b/py3-distro.yaml @@ -1,7 +1,7 @@ package: name: py3-distro version: 1.9.0 - epoch: 3 + epoch: 4 description: A Linux OS platform information API copyright: - license: Apache-2.0 @@ -17,7 +17,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-django.yaml b/py3-django.yaml index daa604fd98d..83fb0adb946 100644 --- a/py3-django.yaml +++ b/py3-django.yaml @@ -1,7 +1,7 @@ package: name: py3-django version: 5.1.4 - epoch: 0 + epoch: 1 description: A high-level Python Web framework that encourages rapid development and clean, pragmatic design. copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-dnspython.yaml b/py3-dnspython.yaml index 8c0d817de05..29c841882c9 100644 --- a/py3-dnspython.yaml +++ b/py3-dnspython.yaml @@ -1,7 +1,7 @@ package: name: py3-dnspython version: 2.7.0 - epoch: 1 + epoch: 2 description: DNS toolkit copyright: - license: ISC @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-docker-squash.yaml b/py3-docker-squash.yaml index e1a57a614c3..55fe5f10eee 100644 --- a/py3-docker-squash.yaml +++ b/py3-docker-squash.yaml @@ -4,7 +4,7 @@ package: # if https://github.com/goldmann/docker-squash/pull/234 was merged # and released. version: 1.2.2 - epoch: 0 + epoch: 1 description: Docker layer squashing tool copyright: - license: MIT @@ -21,7 +21,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-docker.yaml b/py3-docker.yaml index e6b56ce5aa0..18710895fa5 100644 --- a/py3-docker.yaml +++ b/py3-docker.yaml @@ -1,7 +1,7 @@ package: name: py3-docker version: 7.1.0 - epoch: 2 + epoch: 3 description: A Python library for the Docker Engine API. copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-docopt.yaml b/py3-docopt.yaml index 0d821d3f013..ecdef9b01e0 100644 --- a/py3-docopt.yaml +++ b/py3-docopt.yaml @@ -1,7 +1,7 @@ package: name: py3-docopt version: 0.6.2 - epoch: 2 + epoch: 3 description: Pythonic argument parser, that will make you smile copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-docutils.yaml b/py3-docutils.yaml index 16ea61b6e3d..862ea19b571 100644 --- a/py3-docutils.yaml +++ b/py3-docutils.yaml @@ -1,7 +1,7 @@ package: name: py3-docutils version: 0.21.2 - epoch: 2 + epoch: 3 description: Documentation Utilities for Python3 copyright: - license: BSD-2-Clause AND GPL-3.0-or-later AND Python-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-dulwich.yaml b/py3-dulwich.yaml index 932c1166bbd..f3577725e6d 100644 --- a/py3-dulwich.yaml +++ b/py3-dulwich.yaml @@ -2,7 +2,7 @@ package: name: py3-dulwich version: 0.22.5 - epoch: 0 + epoch: 1 description: Python Git Library copyright: - license: Apache-2.0 AND GPL-2.0-or-later @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-durationpy.yaml b/py3-durationpy.yaml index 361cea928f1..64d18e91738 100644 --- a/py3-durationpy.yaml +++ b/py3-durationpy.yaml @@ -1,7 +1,7 @@ package: name: py3-durationpy version: "0.9" - epoch: 0 + epoch: 1 description: Module for converting between datetime.timedelta and Go's time.Duration strings. copyright: - license: MIT @@ -17,7 +17,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-editables.yaml b/py3-editables.yaml index 949b7dd7650..09023b7b55f 100644 --- a/py3-editables.yaml +++ b/py3-editables.yaml @@ -1,7 +1,7 @@ package: name: py3-editables version: '0.5' - epoch: 3 + epoch: 4 description: Editable installations copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From 9e90b2b96a3be1649441d8c6c313426644f5cc82 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 15:39:31 -0500 Subject: [PATCH 54/72] pulumi-kubernetes-operator/1.16.0-r2: cve remediation (#36832) pulumi-kubernetes-operator/1.16.0-r2: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/pulumi-kubernetes-operator.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- pulumi-kubernetes-operator.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pulumi-kubernetes-operator.yaml b/pulumi-kubernetes-operator.yaml index e721b3e0209..f11e49dbe65 100644 --- a/pulumi-kubernetes-operator.yaml +++ b/pulumi-kubernetes-operator.yaml @@ -1,7 +1,7 @@ package: name: pulumi-kubernetes-operator version: 1.16.0 - epoch: 2 + epoch: 3 description: A Kubernetes Operator that automates the deployment of Pulumi Stacks copyright: - license: Apache-2.0 @@ -23,7 +23,7 @@ pipeline: - uses: go/bump with: - deps: github.com/hashicorp/go-retryablehttp@v0.7.7 github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/hashicorp/go-retryablehttp@v0.7.7 github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 replaces: github.com/whilp/git-urls=github.com/chainguard-dev/git-urls@v1.0.2 - runs: | From fa1446e456f1dfe06310b47cc3a0e57af4e56f07 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 15:46:29 -0500 Subject: [PATCH 55/72] argo-workflows/3.6.2-r0: cve remediation (#36481) argo-workflows/3.6.2-r0: fix GHSA-v778-237x-gjrc/CVE-2024-34158/ Advisory data: https://github.com/wolfi-dev/advisories/blob/main/argo-workflows.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- argo-workflows.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/argo-workflows.yaml b/argo-workflows.yaml index a298afef625..cc11ae0c9b0 100644 --- a/argo-workflows.yaml +++ b/argo-workflows.yaml @@ -1,7 +1,7 @@ package: name: argo-workflows version: 3.6.2 - epoch: 0 + epoch: 1 description: Workflow engine for Kubernetes. copyright: - license: Apache-2.0 @@ -40,6 +40,10 @@ pipeline: # Pack yarn UI into go binary /home/build/.cache/go/bin/staticfiles -o server/static/files.go ui/dist/app + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + - uses: go/build with: packages: ./cmd/argo From 07636bbac4f786bcd974aa2078b8818ecbeda37c Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 15:50:33 -0500 Subject: [PATCH 56/72] kubernetes-1.32/1.32.0 package update (#36770)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- kubernetes-1.32.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubernetes-1.32.yaml b/kubernetes-1.32.yaml index 85483329e09..a003ef994b6 100644 --- a/kubernetes-1.32.yaml +++ b/kubernetes-1.32.yaml @@ -1,7 +1,7 @@ package: name: kubernetes-1.32 version: 1.32.0 - epoch: 0 + epoch: 1 description: Production-Grade Container Scheduling and Management copyright: - license: Apache-2.0 @@ -41,7 +41,7 @@ pipeline: with: repository: https://github.com/kubernetes/kubernetes tag: v${{package.version}} - expected-commit: 7e247d1acd3bd293fd854a8e4a408e4af010af32 + expected-commit: 70d3cc986aa8221cd1dfb1121852688902d3bf53 - runs: | export GOWORK=off From 781834a2f11b02eaf111d540c44753d5b74ac445 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 15:58:12 -0500 Subject: [PATCH 57/72] Make python 3.13 version of virtual packages the default. batch 1.9 (#36949) --- py3-crashtest.yaml | 4 ++-- py3-crcmod.yaml | 4 ++-- py3-cryptography.yaml | 4 ++-- py3-cxxfilt.yaml | 4 ++-- py3-cycler.yaml | 4 ++-- py3-cython.yaml | 4 ++-- py3-datadog.yaml | 4 ++-- py3-debugpy.yaml | 4 ++-- py3-decorator.yaml | 4 ++-- py3-defusedxml.yaml | 4 ++-- py3-deprecated.yaml | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/py3-crashtest.yaml b/py3-crashtest.yaml index e9e54ec7faf..51329e660d5 100644 --- a/py3-crashtest.yaml +++ b/py3-crashtest.yaml @@ -2,7 +2,7 @@ package: name: py3-crashtest version: 0.4.1 - epoch: 4 + epoch: 5 description: Manage Python errors with ease copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-crcmod.yaml b/py3-crcmod.yaml index 80f6dc12e6f..7039d11191e 100644 --- a/py3-crcmod.yaml +++ b/py3-crcmod.yaml @@ -1,7 +1,7 @@ package: name: py3-crcmod version: '1.7' - epoch: 5 + epoch: 6 description: Cyclic Redundancy Check (CRC) implementation in Python copyright: - license: MIT @@ -17,7 +17,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-cryptography.yaml b/py3-cryptography.yaml index b3a738d0437..75940efd3d6 100644 --- a/py3-cryptography.yaml +++ b/py3-cryptography.yaml @@ -2,7 +2,7 @@ package: name: py3-cryptography version: 44.0.0 - epoch: 1 + epoch: 2 description: cryptography is a package which provides cryptographic recipes and primitives to Python developers. copyright: - license: Apache-2.0 OR BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-cxxfilt.yaml b/py3-cxxfilt.yaml index 05783393621..ea32a43328e 100644 --- a/py3-cxxfilt.yaml +++ b/py3-cxxfilt.yaml @@ -1,7 +1,7 @@ package: name: py3-cxxfilt version: 0.3.0 - epoch: 2 + epoch: 3 description: Python interface to c++filt / abi::__cxa_demangle copyright: - license: BSD-2-Clause @@ -17,7 +17,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-cycler.yaml b/py3-cycler.yaml index f1a4a57a21c..386c028309e 100644 --- a/py3-cycler.yaml +++ b/py3-cycler.yaml @@ -1,7 +1,7 @@ package: name: py3-cycler version: 0.12.1 - epoch: 2 + epoch: 3 description: Composable style cycles copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-cython.yaml b/py3-cython.yaml index f15f2dc8047..f9ef54823b6 100644 --- a/py3-cython.yaml +++ b/py3-cython.yaml @@ -1,7 +1,7 @@ package: name: py3-cython version: 3.0.11 - epoch: 2 + epoch: 3 description: Cython is an optimising static compiler for both the Python & the extended Cython programming languages. copyright: - license: Apache-2.0 @@ -17,7 +17,7 @@ data: 3.10: "310" 3.11: "311" 3.12: "312" - 3.13: "300" + 3.13: "313" environment: contents: diff --git a/py3-datadog.yaml b/py3-datadog.yaml index 19528f54741..2db37a8a7e8 100644 --- a/py3-datadog.yaml +++ b/py3-datadog.yaml @@ -1,7 +1,7 @@ package: name: py3-datadog version: 0.50.2 - epoch: 0 + epoch: 1 description: The Datadog Python library copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-debugpy.yaml b/py3-debugpy.yaml index c7aa65f5c7f..689cf7bee8c 100644 --- a/py3-debugpy.yaml +++ b/py3-debugpy.yaml @@ -1,7 +1,7 @@ package: name: py3-debugpy version: 1.8.11 - epoch: 0 + epoch: 1 description: An implementation of the Debug Adapter Protocol for Python copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-decorator.yaml b/py3-decorator.yaml index 45773707a41..fb28be91ad2 100644 --- a/py3-decorator.yaml +++ b/py3-decorator.yaml @@ -2,7 +2,7 @@ package: name: py3-decorator version: 5.1.1 - epoch: 5 + epoch: 6 description: Decorators for Humans copyright: - license: BSD-2-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-defusedxml.yaml b/py3-defusedxml.yaml index 44de7e72030..e34de694dab 100644 --- a/py3-defusedxml.yaml +++ b/py3-defusedxml.yaml @@ -1,7 +1,7 @@ package: name: py3-defusedxml version: 0.7.1 - epoch: 3 + epoch: 4 description: XML bomb protection for Python stdlib modules copyright: - license: PSF-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-deprecated.yaml b/py3-deprecated.yaml index b003ed6b850..171d0140678 100644 --- a/py3-deprecated.yaml +++ b/py3-deprecated.yaml @@ -1,7 +1,7 @@ package: name: py3-deprecated version: 1.2.15 - epoch: 1 + epoch: 2 description: Python @deprecated decorator to deprecate old python classes, functions or methods. copyright: - license: MIT @@ -18,7 +18,7 @@ data: "3.10": "310" "3.11": "311" "3.12": "312" - "3.13": "300" + "3.13": "313" environment: contents: From 06f2be1f11900ee311a4a4a884ed1bb0aa7d3b82 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 16:02:57 -0500 Subject: [PATCH 58/72] Make python 3.13 version of virtual packages the default. - batch 02.05 (#36958) --- py3-googleapis-common-protos.yaml | 4 ++-- py3-gpep517.yaml | 4 ++-- py3-greenlet.yaml | 4 ++-- py3-grpc-google-iam-v1.yaml | 4 ++-- py3-grpc-interceptor.yaml | 4 ++-- py3-grpcio-gcp.yaml | 6 +++--- py3-grpcio-tools.yaml | 4 ++-- py3-gunicorn.yaml | 4 ++-- py3-gyp-next.yaml | 4 ++-- py3-h11.yaml | 4 ++-- py3-h5py.yaml | 4 ++-- 11 files changed, 23 insertions(+), 23 deletions(-) diff --git a/py3-googleapis-common-protos.yaml b/py3-googleapis-common-protos.yaml index 00b3106958f..bb03d679acd 100644 --- a/py3-googleapis-common-protos.yaml +++ b/py3-googleapis-common-protos.yaml @@ -1,7 +1,7 @@ package: name: py3-googleapis-common-protos version: 1.66.0 - epoch: 0 + epoch: 1 description: Common protobufs used in Google APIs copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-gpep517.yaml b/py3-gpep517.yaml index d21319be37a..0dcb6620c56 100644 --- a/py3-gpep517.yaml +++ b/py3-gpep517.yaml @@ -1,7 +1,7 @@ package: name: py3-gpep517 version: '16' - epoch: 3 + epoch: 4 description: PEP517 build system support for distros copyright: - license: MIT @@ -17,7 +17,7 @@ data: 3.10: "310" 3.11: "311" 3.12: "312" - 3.13: "300" + 3.13: "313" environment: contents: diff --git a/py3-greenlet.yaml b/py3-greenlet.yaml index 7aec3bc8dbc..119de92f95c 100644 --- a/py3-greenlet.yaml +++ b/py3-greenlet.yaml @@ -1,7 +1,7 @@ package: name: py3-greenlet version: 3.1.1 - epoch: 2 + epoch: 3 description: Lightweight in-process concurrent programming copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-grpc-google-iam-v1.yaml b/py3-grpc-google-iam-v1.yaml index 0c284f8359d..3b8169ed6ab 100644 --- a/py3-grpc-google-iam-v1.yaml +++ b/py3-grpc-google-iam-v1.yaml @@ -1,7 +1,7 @@ package: name: py3-grpc-google-iam-v1 version: 0.13.1 - epoch: 3 + epoch: 4 description: IAM API client library copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-grpc-interceptor.yaml b/py3-grpc-interceptor.yaml index cb87d2242cf..ded66bcf3c4 100644 --- a/py3-grpc-interceptor.yaml +++ b/py3-grpc-interceptor.yaml @@ -2,7 +2,7 @@ package: name: py3-grpc-interceptor version: 0.15.4 - epoch: 1 + epoch: 2 description: Simplifies gRPC interceptors copyright: - license: MIT @@ -15,7 +15,7 @@ data: "3.10": "310" "3.11": "311" "3.12": "312" - "3.13": "300" + "3.13": "313" vars: import: grpc_interceptor diff --git a/py3-grpcio-gcp.yaml b/py3-grpcio-gcp.yaml index 6c7a267b134..9670edb952c 100644 --- a/py3-grpcio-gcp.yaml +++ b/py3-grpcio-gcp.yaml @@ -1,7 +1,7 @@ package: name: py3-grpcio-gcp version: 0.2.2 - epoch: 4 + epoch: 5 description: gRPC extensions for Google Cloud Platform copyright: - license: Apache-2.0 @@ -18,13 +18,13 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: packages: - - py3-grpcio-tools - py3-supported-build-base + - py3-supported-grpcio-tools - py3-supported-setuptools - python3 diff --git a/py3-grpcio-tools.yaml b/py3-grpcio-tools.yaml index 46f783d413b..ddef9cd8ba7 100644 --- a/py3-grpcio-tools.yaml +++ b/py3-grpcio-tools.yaml @@ -1,7 +1,7 @@ package: name: py3-grpcio-tools version: 1.68.2 - epoch: 0 + epoch: 1 description: Protobuf code generator for gRPC copyright: - license: Apache-2.0 @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-gunicorn.yaml b/py3-gunicorn.yaml index df38c32d6c4..839d6ad2b5d 100644 --- a/py3-gunicorn.yaml +++ b/py3-gunicorn.yaml @@ -1,7 +1,7 @@ package: name: py3-gunicorn version: 23.0.0 - epoch: 1 + epoch: 2 description: WSGI HTTP Server for UNIX copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-gyp-next.yaml b/py3-gyp-next.yaml index 6204ae976fb..1141b03fe6e 100644 --- a/py3-gyp-next.yaml +++ b/py3-gyp-next.yaml @@ -1,7 +1,7 @@ package: name: py3-gyp-next version: 0.19.1 - epoch: 0 + epoch: 1 description: A fork of the GYP build system for use in the Node.js projects copyright: - license: BSD-3-Clause @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-h11.yaml b/py3-h11.yaml index 60cb18cbcab..4fd3c9f3324 100644 --- a/py3-h11.yaml +++ b/py3-h11.yaml @@ -2,7 +2,7 @@ package: name: py3-h11 version: 0.14.0 - epoch: 5 + epoch: 6 description: A pure-Python, bring-your-own-I/O implementation of HTTP/1.1 copyright: - license: MIT @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: diff --git a/py3-h5py.yaml b/py3-h5py.yaml index c77d86f4776..ad6ceeb0622 100644 --- a/py3-h5py.yaml +++ b/py3-h5py.yaml @@ -3,7 +3,7 @@ package: description: Read and write HDF5 files from Python url: https://www.h5py.org version: 3.12.1 - epoch: 2 + epoch: 3 copyright: - license: BSD-3-Clause dependencies: @@ -18,7 +18,7 @@ data: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' + 3.13: '313' environment: contents: From ac01d2c9f491eadac5ef278016015537a154a018 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 21:03:26 +0000 Subject: [PATCH 59/72] aws-efs-csi-driver/2.1.2 package update (#36980)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- aws-efs-csi-driver.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws-efs-csi-driver.yaml b/aws-efs-csi-driver.yaml index b36f95f7c64..ff870c2234d 100644 --- a/aws-efs-csi-driver.yaml +++ b/aws-efs-csi-driver.yaml @@ -1,6 +1,6 @@ package: name: aws-efs-csi-driver - version: 2.1.1 + version: 2.1.2 epoch: 0 description: CSI driver for Amazon EFS. copyright: @@ -20,7 +20,7 @@ pipeline: with: repository: https://github.com/kubernetes-sigs/aws-efs-csi-driver tag: v${{package.version}} - expected-commit: 28144460b084dd4a1bd5d81ad75ae41c55e84a65 + expected-commit: b141622fe6b19c7d8c3d8b10289788a5994ffef0 - uses: go/build with: From ffbb72961d19ace4880c62fbd3b9b0527639c6a0 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 21:03:43 +0000 Subject: [PATCH 60/72] kine/0.13.7 package update (#36975)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- kine.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kine.yaml b/kine.yaml index 178afd9acf5..7f13e7f9111 100644 --- a/kine.yaml +++ b/kine.yaml @@ -1,7 +1,7 @@ package: name: kine - version: 0.13.6 - epoch: 1 + version: 0.13.7 + epoch: 0 description: Run Kubernetes on MySQL, Postgres, sqlite, dqlite, not etcd. copyright: - license: Apache-2.0 @@ -22,13 +22,13 @@ pipeline: - uses: git-checkout with: destination: kine - expected-commit: c8e68ac5a5d7cea4959aad7d66200d50cbbd06d1 + expected-commit: 872c9d923036556cb9a312ebeb452d55b36d76b3 repository: https://github.com/k3s-io/kine tag: v${{package.version}} - uses: go/bump with: - deps: go.opentelemetry.io/otel/sdk@v1.21.0 golang.org/x/crypto@v0.31.0 + deps: go.opentelemetry.io/otel/sdk@v1.21.0 modroot: kine - runs: | From 5c9cf492c3318a14e4045ae87a0869a292901567 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 21:03:56 +0000 Subject: [PATCH 61/72] keycloak/26.0.7-r0: cve remediation (#36967) keycloak/26.0.7-r0: fix GHSA-cxrx-q234-m22m Advisory data: https://github.com/wolfi-dev/advisories/blob/main/keycloak.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- keycloak.yaml | 2 +- keycloak/pombump-deps.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/keycloak.yaml b/keycloak.yaml index fcce89ecf17..fbbce769eff 100644 --- a/keycloak.yaml +++ b/keycloak.yaml @@ -1,7 +1,7 @@ package: name: keycloak version: 26.0.7 - epoch: 0 + epoch: 1 description: Open Source Identity and Access Management For Modern Applications and Services copyright: - license: Apache-2.0 diff --git a/keycloak/pombump-deps.yaml b/keycloak/pombump-deps.yaml index ce63616cb30..465a0e23171 100644 --- a/keycloak/pombump-deps.yaml +++ b/keycloak/pombump-deps.yaml @@ -6,3 +6,6 @@ patches: - groupId: io.netty artifactId: netty-common version: 4.1.115.Final + - groupId: io.quarkus.http + artifactId: quarkus-http-core + version: 5.3.4 From e72ece860ee2a21762928c28e59260aebe52b33c Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 21:04:11 +0000 Subject: [PATCH 62/72] ruby3.3-activesupport/8.0.1 package update (#36974)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- ruby3.3-activesupport.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ruby3.3-activesupport.yaml b/ruby3.3-activesupport.yaml index f932254a29b..1e6a01bd789 100644 --- a/ruby3.3-activesupport.yaml +++ b/ruby3.3-activesupport.yaml @@ -1,6 +1,6 @@ package: name: ruby3.3-activesupport - version: 8.0.0.1 + version: 8.0.1 epoch: 0 description: A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. copyright: @@ -30,7 +30,7 @@ pipeline: with: repository: https://github.com/rails/rails tag: v${{package.version}} - expected-commit: a993c27a50395e727872600b5669976ff0a272e7 + expected-commit: cf6ff17e9a3c6c1139040b519a341f55f0be16cf - uses: ruby/build with: From 219827aea2a754e81e2faaca95b76f7ad1a930ad Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 21:04:22 +0000 Subject: [PATCH 63/72] syft/1.18.1 package update (#36963)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- syft.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/syft.yaml b/syft.yaml index 63cec52ae15..d61a660ea3a 100644 --- a/syft.yaml +++ b/syft.yaml @@ -1,7 +1,7 @@ package: name: syft - version: 1.18.0 - epoch: 1 + version: 1.18.1 + epoch: 0 description: CLI tool and library for generating a Software Bill of Materials from container images and filesystems copyright: - license: Apache-2.0 @@ -15,11 +15,7 @@ pipeline: with: repository: https://github.com/anchore/syft tag: v${{package.version}} - expected-commit: d38efb0b7fb7106909bc532a4efc68b78a917a34 - - - uses: go/bump - with: - deps: golang.org/x/crypto@v0.31.0 + expected-commit: 5e16e5031a13f8a11057feb8544decebfc43b4ed - uses: go/build with: From 7f2021fc8b95d86a0e692bdb6581a665bc983c47 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 21:04:37 +0000 Subject: [PATCH 64/72] kubevela/1.9.13-r2: cve remediation (#36968) kubevela/1.9.13-r2: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/kubevela.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- kubevela.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubevela.yaml b/kubevela.yaml index 2ef327ceb4c..95cc9e6194e 100644 --- a/kubevela.yaml +++ b/kubevela.yaml @@ -1,7 +1,7 @@ package: name: kubevela version: 1.9.13 - epoch: 2 + epoch: 3 description: KubeVela is a modern application delivery platform that makes deploying and operating applications across today's hybrid, multi-cloud environments easier, faster and more reliable copyright: - license: Apache-2.0 @@ -31,7 +31,7 @@ pipeline: - uses: go/bump with: - deps: github.com/containerd/containerd@v1.7.11 github.com/cloudflare/circl@v1.3.7 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.46.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.21.0 github.com/fluxcd/source-controller/api@v0.30.0 oras.land/oras-go@v1.2.5 golang.org/x/net@v0.23.0 github.com/hashicorp/go-retryablehttp@v0.7.7 github.com/moby/moby@v26.1.0 + deps: github.com/containerd/containerd@v1.7.11 github.com/cloudflare/circl@v1.3.7 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.46.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.21.0 github.com/fluxcd/source-controller/api@v0.30.0 oras.land/oras-go@v1.2.5 golang.org/x/net@v0.23.0 github.com/hashicorp/go-retryablehttp@v0.7.7 github.com/moby/moby@v26.1.0 golang.org/x/crypto@v0.31.0 replaces: github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.11.0 github.com/docker/docker=github.com/moby/moby@v26.1.0+incompatible - uses: go/build From 06d6821494d5e662f5be164bb8aa5d22e1db737b Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 21:04:53 +0000 Subject: [PATCH 65/72] grype/0.86.1 package update (#36964)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- grype.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/grype.yaml b/grype.yaml index a874c4b3838..86a7421708a 100644 --- a/grype.yaml +++ b/grype.yaml @@ -1,7 +1,7 @@ package: name: grype - version: 0.86.0 - epoch: 1 + version: 0.86.1 + epoch: 0 description: Vulnerability scanner for container images, filesystems, and SBOMs copyright: - license: Apache-2.0 @@ -15,11 +15,7 @@ pipeline: with: repository: https://github.com/anchore/grype tag: v${{package.version}} - expected-commit: 486b5b3d25f00006c84a13e3dacdc468aeef2ddb - - - uses: go/bump - with: - deps: golang.org/x/crypto@v0.31.0 + expected-commit: 5c4fee7b1170976ab435de052fc3611bc955f1f1 - uses: go/build with: From a50a28297abf5906ed621c34902ade7060068251 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Fri, 13 Dec 2024 16:05:06 -0500 Subject: [PATCH 66/72] Update python 3.13 priority in 4 packages. (#36419) These packages did not "just work" with some sed changes to move 3.13 as the highest priority python packages. py3-build - update python 3.13 version, fix test, improve test py3-cairo - need multiple versions of the py3-cairo-dev libmamba - drop python test from base package py3-google-apitools - do not build 3.13, does not work See similar changes #36330 --- libmamba.yaml | 8 ++------ py3-build.yaml | 30 +++++++++++++++++++++++++----- py3-cairo.yaml | 23 +++-------------------- py3-google-apitools.yaml | 19 ++++--------------- 4 files changed, 34 insertions(+), 46 deletions(-) diff --git a/libmamba.yaml b/libmamba.yaml index 8db97002a88..5eedfd9fed2 100644 --- a/libmamba.yaml +++ b/libmamba.yaml @@ -1,7 +1,7 @@ package: name: libmamba version: 2024.10.02 - epoch: 1 + epoch: 2 description: Cross-Platform Package Manager copyright: - license: BSD-3-Clause @@ -16,7 +16,7 @@ data: 3.10: "310" 3.11: "311" 3.12: "312" - 3.13: "300" + 3.13: "313" environment: contents: @@ -173,13 +173,9 @@ test: environment: contents: packages: - - py3-libmambapy - - python3 - micromamba - mamba-package pipeline: - - runs: | - python3 -c "import libmambapy; print(libmambapy.Context)" - runs: | micromamba --help bash -c "micromamba shell init -s bash -p ~/micromamba; source ~/.bashrc; micromamba activate; micromamba install python=3.11 requests -c conda-forge" diff --git a/py3-build.yaml b/py3-build.yaml index 2c8b1d58b4a..dc8bb7874db 100644 --- a/py3-build.yaml +++ b/py3-build.yaml @@ -1,7 +1,7 @@ package: name: py3-build version: 1.2.2 - epoch: 1 + epoch: 2 description: A simple, correct Python build frontend copyright: - license: MIT @@ -9,6 +9,7 @@ package: provider-priority: 0 vars: + import: build pypi-package: build data: @@ -17,7 +18,7 @@ data: 3.10: "310" 3.11: "311" 3.12: "312" - 3.13: "300" + 3.13: "313" environment: contents: @@ -42,8 +43,6 @@ subpackages: description: ${{vars.pypi-package}} installed for python${{range.key}} dependencies: provider-priority: ${{range.value}} - provides: - - py3-${{vars.pypi-package}} runtime: - py${{range.key}}-packaging - py${{range.key}}-pyproject-hooks @@ -52,6 +51,12 @@ subpackages: - uses: py/pip-build-install with: python: python${{range.key}} + test: + pipeline: + - uses: python/import + with: + python: python${{range.key}} + import: ${{vars.import}} - range: py-versions name: py${{range.key}}-${{vars.pypi-package}}-bin @@ -66,6 +71,18 @@ subpackages: - runs: | mkdir -p ${{targets.contextdir}}/usr mv ${{targets.contextdir}}/../py${{range.key}}-${{vars.pypi-package}}/usr/bin ${{targets.contextdir}}/usr + test: + pipeline: + - runs: | + set +x + fail() { echo "FAIL:" "$@"; exit 1; } + + set -- pyproject-build --version + ver=${{package.version}} + out=$("$@") || fail "$* exited $?" + echo "$out" | grep -q -wF "$ver" || + fail "FAIL: '$*' did not contain '$ver': $out" + echo "PASS: '$*' contained '$ver'" - name: py3-supported-${{vars.pypi-package}} description: meta package providing ${{vars.pypi-package}} for supported python versions. @@ -78,7 +95,10 @@ subpackages: test: pipeline: - - runs: python3.12 -c "import ${{vars.pypi-package}}" + - uses: python/import + with: + imports: | + import ${{vars.import}} update: enabled: true diff --git a/py3-cairo.yaml b/py3-cairo.yaml index 18d674d6077..1223ea44047 100644 --- a/py3-cairo.yaml +++ b/py3-cairo.yaml @@ -1,7 +1,7 @@ package: name: py3-cairo version: 1.27.0 - epoch: 2 + epoch: 3 description: Python3 bindings for the cairo graphics library copyright: - license: LGPL-2.0-or-later @@ -18,7 +18,7 @@ data: 3.10: "310" 3.11: "311" 3.12: "312" - 3.13: "300" + 3.13: "313" environment: contents: @@ -80,7 +80,7 @@ subpackages: python: python${{range.key}} import: ${{vars.import}} - runs: | - include="$(python${{range.key}} -c 'import ${{vars.import}}; print(${{vars.import}}.get_include())')" + include="$(python${{range.key}} -c 'import cairo; print(cairo.get_include())')" test -f "$include/py3cairo.h" environment: contents: @@ -114,23 +114,6 @@ subpackages: python: python3.13 import: ${{vars.import}} - - name: py3-cairo-dev - description: py3-cairo dev - dependencies: - runtime: - - cairo-dev - - py3-cairo - pipeline: - - uses: split/dev - test: - pipeline: - - uses: test/pkgconf - - uses: py/one-python - with: - content: | - include="$(python3 -c 'import ${{vars.import}}; print(${{vars.import}}.get_include())')" - test -f "$include/py3cairo.h" - update: enabled: true github: diff --git a/py3-google-apitools.yaml b/py3-google-apitools.yaml index 9ccf2af3fa7..e66729983e0 100644 --- a/py3-google-apitools.yaml +++ b/py3-google-apitools.yaml @@ -1,7 +1,7 @@ package: name: py3-google-apitools version: 0.5.33 - epoch: 3 + epoch: 4 description: client libraries for humans copyright: - license: Apache-2.0 @@ -14,11 +14,12 @@ vars: data: - name: py-versions + ## 3.13 does not work in 0.5.33. + ## https://github.com/google/apitools/issues/327 items: 3.10: '310' 3.11: '311' 3.12: '312' - 3.13: '300' environment: contents: @@ -75,21 +76,9 @@ subpackages: mkdir -p ${{targets.contextdir}}/usr/ mv ./cleanup/${{range.key}}/bin ${{targets.contextdir}}/usr/ test: - environment: - contents: - packages: - - apk-tools pipeline: - runs: | - apk info -L py${{range.key}}-${{vars.pypi-package}}-bin > "pkg.list" - echo "Please write a test for these:" - grep usr/bin/ pkg.list > bins.list - sed 's,^,> ,' bins.list - - while read line; do - echo == /$line == - /$line --help && echo exited 0 || echo "exited $?" - done < bins.list + gen_client --help - name: py3-supported-${{vars.pypi-package}} description: meta package providing ${{vars.pypi-package}} for supported python versions. From 4beda90403f4ca5ed3dbf6edc5130da5c6d75951 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 21:05:22 +0000 Subject: [PATCH 67/72] cloud-provider-aws-1.31/1.31.4-r0: cve remediation (#36970) cloud-provider-aws-1.31/1.31.4-r0: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/cloud-provider-aws-1.31.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- cloud-provider-aws-1.31.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cloud-provider-aws-1.31.yaml b/cloud-provider-aws-1.31.yaml index d1a6f59b9dc..2bcbfdec22a 100644 --- a/cloud-provider-aws-1.31.yaml +++ b/cloud-provider-aws-1.31.yaml @@ -1,7 +1,7 @@ package: name: cloud-provider-aws-1.31 version: 1.31.4 - epoch: 0 + epoch: 1 description: The AWS cloud provider provides the interface between a Kubernetes cluster and AWS service APIs. copyright: - license: Apache-2.0 @@ -16,6 +16,10 @@ pipeline: tag: v${{package.version}} expected-commit: 32e9f8236057aa0d5118800fcacf222dfab45a2f + - uses: go/bump + with: + deps: golang.org/x/crypto@v0.31.0 + subpackages: - name: ${{package.name}}-cloud-controller-manager description: The AWS Cloud Controller Manager is the controller that is primarily responsible for creating and updating AWS loadbalancers (classic and NLB) and node lifecycle management. From 638f4f13dcfbfddadcd1f85f1249383e8aa3f97e Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 21:05:38 +0000 Subject: [PATCH 68/72] ruby3.2-activesupport/8.0.1 package update (#36973)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- ruby3.2-activesupport.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ruby3.2-activesupport.yaml b/ruby3.2-activesupport.yaml index ee129f68cd0..a6c67f71f9b 100644 --- a/ruby3.2-activesupport.yaml +++ b/ruby3.2-activesupport.yaml @@ -1,6 +1,6 @@ package: name: ruby3.2-activesupport - version: 8.0.0.1 + version: 8.0.1 epoch: 0 description: A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. copyright: @@ -30,7 +30,7 @@ pipeline: with: repository: https://github.com/rails/rails tag: v${{package.version}} - expected-commit: a993c27a50395e727872600b5669976ff0a272e7 + expected-commit: cf6ff17e9a3c6c1139040b519a341f55f0be16cf - uses: ruby/build with: From 419bcc6f67868996b242abcd2d8aa6aed1d95d39 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 21:06:03 +0000 Subject: [PATCH 69/72] prometheus-operator/0.79.0 package update (#36965)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> --- prometheus-operator.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/prometheus-operator.yaml b/prometheus-operator.yaml index efcdfad2424..566afd7ac29 100644 --- a/prometheus-operator.yaml +++ b/prometheus-operator.yaml @@ -1,7 +1,7 @@ package: name: prometheus-operator - version: 0.78.2 - epoch: 1 + version: 0.79.0 + epoch: 0 description: Prometheus Operator creates/configures/manages Prometheus clusters atop Kubernetes copyright: - license: Apache-2.0 @@ -22,11 +22,7 @@ pipeline: with: repository: https://github.com/prometheus-operator/prometheus-operator.git tag: v${{package.version}} - expected-commit: 9efea40e09ee6d80627c40b0ef208af200ecd7d5 - - - uses: go/bump - with: - deps: golang.org/x/crypto@v0.31.0 + expected-commit: 85ac658b93b2aa172ab641b91a03182b5a93c2eb - uses: autoconf/make with: From 23a938b7ad1c079df5188abfb228fa3a97aace8f Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 21:06:23 +0000 Subject: [PATCH 70/72] src-fingerprint/0.19.0-r18: cve remediation (#36969) src-fingerprint/0.19.0-r18: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/src-fingerprint.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- src-fingerprint.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src-fingerprint.yaml b/src-fingerprint.yaml index 484ff8cf0b1..973bef8b1b8 100644 --- a/src-fingerprint.yaml +++ b/src-fingerprint.yaml @@ -1,7 +1,7 @@ package: name: src-fingerprint version: 0.19.0 - epoch: 18 + epoch: 19 description: Extract git related information (file shas, commit shas) from your hosted source version control system copyright: - license: Apache-2.0 @@ -19,7 +19,7 @@ pipeline: - uses: go/bump with: - deps: golang.org/x/net@v0.23.0 github.com/hashicorp/go-retryablehttp@v0.7.7 + deps: golang.org/x/net@v0.23.0 github.com/hashicorp/go-retryablehttp@v0.7.7 golang.org/x/crypto@v0.31.0 - uses: go/build with: From 13bbcffd3dac0ce044c6147cd0529ecc0ae6cd40 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 16:07:13 -0500 Subject: [PATCH 71/72] kubernetes-1.32/1.32.0 package update (#36977)

Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> Co-authored-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com> From cd8f91a62ae012310e800f5dba63f198e4455896 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 16:11:37 -0500 Subject: [PATCH 72/72] boring-registry/0.15.4-r1: cve remediation (#36462) boring-registry/0.15.4-r1: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/boring-registry.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> Co-authored-by: hbh7 --- boring-registry.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boring-registry.yaml b/boring-registry.yaml index 361dcacb2f6..4ca95350c06 100644 --- a/boring-registry.yaml +++ b/boring-registry.yaml @@ -1,7 +1,7 @@ package: name: boring-registry version: 0.15.4 - epoch: 1 + epoch: 2 description: Terraform Provider and Module Registry copyright: - license: MIT @@ -25,7 +25,7 @@ pipeline: - uses: go/bump with: - deps: github.com/golang-jwt/jwt/v4@v4.5.1 + deps: github.com/golang-jwt/jwt/v4@v4.5.1 golang.org/x/crypto@v0.31.0 - uses: go/build with: