chore(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Update	Change
anchore/grype	patch	0.65.0 -> 0.65.1
awscli	patch	2.13.5 -> 2.13.9
defenseunicorns/build-harness	patch	1.10.1 -> 1.10.2
defenseunicorns/zarf	minor	0.28.3 -> 0.29.0
golang	minor	1.20.7 -> 1.21.0
golangci-lint	minor	1.53.3 -> 1.54.1
helm	patch	3.12.2 -> 3.12.3
https://github.com/bridgecrewio/checkov.git	minor	2.3.234 -> 2.4.1
k3d-io/k3d	patch	5.5.1 -> 5.5.2
kubectl	minor	1.27.4 -> 1.28.0
rebuy-de/aws-nuke	minor	2.23.0 -> 2.24.1
terraform	patch	1.5.4 -> 1.5.5

---

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

---

Release Notes

anchore/grype (anchore/grype)

v0.65.1

Compare Source

v0.65.1 (2023-08-04)

Full Changelog

Bug Fixes

• Grype cannot read SPDX documents generated by SPDX-maven-plugin [Issue #​1306]

aws/aws-cli (awscli)

v2.13.9

Compare Source

v2.13.8

Compare Source

v2.13.7

Compare Source

v2.13.6

Compare Source

defenseunicorns/build-harness (defenseunicorns/build-harness)

v1.10.2

Compare Source

Miscellaneous Chores

• deps: update golang to 1.20.7 (#​86) (18854c6)
• deps: update internal use of build-harness to 1.10.1 (#​86) (18854c6)

defenseunicorns/zarf (defenseunicorns/zarf)

v0.29.0

Compare Source

What's Changed

Features

    

• Add support for mutating repository information in ArgoCD Application CRDs and Repositories by @​dgershman in https://github.com/defenseunicorns/zarf/pull/1875
• Introduce zarf tools update-creds to roll credentials for Zarf managed git, registry and artifact services by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1898
• Introduce zarf tools registry prune to cleanup old images not referenced by currently deployed Zarf packages by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1966
• Add the --no-color option to disable ANSI color code output by @​caesarshift in https://github.com/defenseunicorns/zarf/pull/1889

Rollup From v0.28 Patch Releases

• Add Zarf Agent support for Prometheus Metrics by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1915
• Support --output on zarf version to return more detailed version information by @​Noxsios in https://github.com/defenseunicorns/zarf/pull/1916
• Introduce backwards compatibility validation on package deploy by @​lucasrod16 in https://github.com/defenseunicorns/zarf/pull/1909
• Add a template for ###ZARF_COMPONENT_NAME### to be used during component import by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1923
• Add additional flux patch override support to the Big Bang extension by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1910
• Add the ability to specify Zarf variables as filepaths by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1906
• Add support for appending @ git refs to Helm chart git URLs by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1892
• Add support for building chart sub-dependencies by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1892
• Add jsonpath support to wait actions and zarf tools wait-for by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1873
• Add support for named ports on Services in zarf connect by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1894
• Enable more key managers for signing packages with cosign by @​YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1879
• Allow for zarf crane pulls and zarf crane pushes without an explicit tunnel or auth for internal registries by @​dgershman in https://github.com/defenseunicorns/zarf/pull/1851
• Add only filter support and full init package support to zarf package remove by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1855
• Add source file info to SBOM viewer to better track nested files and dataInjections by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1865
• Add package version to the zarf package list output by @​YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1858

Fixes

• Change to podAntiAffinity when using the ReadWriteMany access mode for the registry to assist with rolling K8s Nodes by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1898
• No longer rotate credentials on zarf init to assist with disaster recovery where a re-init is required @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1898
• Update Big Bang extension Flux GitRepository API version to remove deprecation warning by @​mjnagel in https://github.com/defenseunicorns/zarf/pull/1933
• Fix deploying packages w/no explicit component contents (i.e. actions only) by @​Noxsios in https://github.com/defenseunicorns/zarf/pull/1973

Rollup From v0.28 Patch Releases

• Use UID and GID for USER in Dockerfile instead of a named user by @​flickerfly in https://github.com/defenseunicorns/zarf/pull/1922
• Fix the error return for building helm dependencies by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1911
• Fix a bug with registry push/pull on detected but invalid clusters by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1930
• Fix simple repos causing an 'Already Up to Date' error by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1942
• Fix registry injector failures for generic images (i.e. the one from Iron Bank) by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1896
• Properly catch user interrupts when using Zarf commands by @​caesarshift in https://github.com/defenseunicorns/zarf/pull/1891
• Correctly create all namespaces when in YOLO mode by @​YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1878
• Only verify authentication to registry if creds exist and better handle registry scopes by @​Noxsios in https://github.com/defenseunicorns/zarf/pull/1893
• Fix inclusion of empty files on package creation by @​YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1860
• Fix inline-oci:// create + publish using --output on zarf package create by @​Noxsios in https://github.com/defenseunicorns/zarf/pull/1857
• Better detection of when to create state in custom init packages without the zaf-seed-registry by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1855

Docs

• Refactor docs paths, standardize admonition syntax and in preparation for Hugo move by @​bdfinst in https://github.com/defenseunicorns/zarf/pull/1944, https://github.com/defenseunicorns/zarf/pull/1947 and https://github.com/defenseunicorns/zarf/pull/1948

Rollup From v0.28 Patch Releases

• Improve Config File documentation by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1912
• Fix grammar within the k8s types package by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1937
• Update Git example to reference the Flux example instead of having it's own explanation by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1935
• Update the Zarf definition of Generally Available ADR to be more clear by @​Madeline-UX in https://github.com/defenseunicorns/zarf/pull/1905
• Fix rendering of the local file and manifests examples by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1874

Dependencies

• Update all non-major dependencies by @​renovate in https://github.com/defenseunicorns/zarf/pull/1866
• Update typescript-eslint monorepo to v6 (major) by @​renovate in https://github.com/defenseunicorns/zarf/pull/1955
• Update dependency nodemon to v3 by @​renovate in https://github.com/defenseunicorns/zarf/pull/1951
• Update dependency eslint-config-prettier to v9 by @​renovate in https://github.com/defenseunicorns/zarf/pull/1950

Rollup From v0.28 Patch Releases

• Update dependency prettier to v3 by @​renovate in https://github.com/defenseunicorns/zarf/pull/1880
• Update github.com/anchore/stereoscope digest to d1f3d76 by @​renovate in https://github.com/defenseunicorns/zarf/pull/1919
• Update github.com/anchore/stereoscope digest to cd49355 by @​renovate in https://github.com/defenseunicorns/zarf/pull/1680
• Update aws-actions/configure-aws-credentials digest to 5fd3084 by @​renovate in https://github.com/defenseunicorns/zarf/pull/1825
• Update module github.com/fluxcd/source-controller/api to v1 by @​renovate in https://github.com/defenseunicorns/zarf/pull/1877
• Update Terraform aws module in the variables example to v5 by @​renovate in https://github.com/defenseunicorns/zarf/pull/1850
• Update svelte to v4 for deployment web UI by @​renovate in https://github.com/defenseunicorns/zarf/pull/1840
• Update all non-major dependencies by @​renovate in https://github.com/defenseunicorns/zarf/pull/1790

Development

• Refactor utils.DoHostnamesMatch to be more usable as a library by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1953
• Reduce test disk usage and normalize git tests by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1958 and https://github.com/defenseunicorns/zarf/pull/1967
• Add copy commands to the example package publish workflow to allow for uname -m by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1959
• Add unit tests for validatePackageArchitecture() method by @​lucasrod16 in https://github.com/defenseunicorns/zarf/pull/1957
• Add a text section to the slack json that notifies of nightly test failures by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1964
• Disable grafana in the values file for BB tests to reduce test resource utilization by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1971
• Refactor and add library functions to support UDS bundles and other library usage of Zarf by @​Noxsios in https://github.com/defenseunicorns/zarf/pull/1770
• Combine all e2e tests into a single multi stage workflow to optimize resource utilization by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1968

Rollup From v0.28 Patch Releases

• Add a pending ADR for how to maintain the Zarf transform code for a Pepr Zarf Agent by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1900
• Introduce a workflow for publishing an example application package as OCI to GHCR by @​YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1856 and https://github.com/defenseunicorns/zarf/pull/1926
• Update CODEOWNERS to replace @​YrrepNoj with @​cmwylie19 by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1924
• Return images as an array of strings for all components in packager.FindImages by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1927
• Add a slack webhook that triggers when nightly tests fail by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1941
• Allow for the injector to be built in docker and uploaded to S3 by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1917
• Reduce the size of the transform package for easier reuse as a library by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1883
• Create Pending zarf bundle ADR to start work on multi-package orchestration by @​Noxsios in https://github.com/defenseunicorns/zarf/pull/1820
• Create Pending Zarf hooks ADR to start work on handling environment prerequisites for components by @​YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1813
• Refactor large workflows into multiple jobs and fix the release workflow by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1901, https://github.com/defenseunicorns/zarf/pull/1902, and https://github.com/defenseunicorns/zarf/pull/1903

Full Changelog: zarf-dev/zarf@v0.28.4...v0.29.0

v0.28.4

Compare Source

What's Changed

Features

• Add Zarf Agent support for Prometheus Metrics by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1915
• Support --output on zarf version to return more detailed version information by @​Noxsios in https://github.com/defenseunicorns/zarf/pull/1916
• Introduce backwards compatibility validation on package deploy by @​lucasrod16 in https://github.com/defenseunicorns/zarf/pull/1909
• Add a template for ###ZARF_COMPONENT_NAME### to be used during component import by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1923

Fixes

• Use UID and GID for USER in Dockerfile instead of a named user by @​flickerfly in https://github.com/defenseunicorns/zarf/pull/1922
• Fix the error return for building helm dependencies by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1911
• Fix a bug with registry push/pull on detected but invalid clusters by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1930
• Fix simple repos causing an 'Already Up to Date' error by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1942

Docs

• Improve Config File documentation by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1912
• Fix grammar within the k8s types package by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1937
• Update Git example to reference the Flux example instead of having it's own explanation by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1935

Dependencies

• Update dependency prettier to v3 by @​renovate in https://github.com/defenseunicorns/zarf/pull/1880
• Update github.com/anchore/stereoscope digest to d1f3d76 by @​renovate in https://github.com/defenseunicorns/zarf/pull/1919

Developement

• Add a pending ADR for how to maintain the Zarf transform code for a Pepr Zarf Agent by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1900
• Introduce a workflow for publishing an example application package as OCI to GHCR by @​YrrepNoj in https://github.com/defenseunicorns/zarf/pull/1856 and https://github.com/defenseunicorns/zarf/pull/1926
• Update CODEOWNERS to replace @​YrrepNoj with @​cmwylie19 by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1924
• Return images as an array of strings for all components in packager.FindImages by @​cmwylie19 in https://github.com/defenseunicorns/zarf/pull/1927
• Add a slack webhook that triggers when nightly tests fail by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1941
• Allow for the injector to be built in docker and uploaded to S3 by @​Racer159 in https://github.com/defenseunicorns/zarf/pull/1917

New Contributors

• @​flickerfly made their first contribution in https://github.com/defenseunicorns/zarf/pull/1922

Full Changelog: zarf-dev/zarf@v0.28.3...v0.28.4

golang/go (golang)

v1.21.0

Compare Source

golangci/golangci-lint (golangci-lint)

v1.54.1

Compare Source

1. updated linters:
   • go-critic: from 0.8.2 to 0.9.0
2. misc.
   • plugin: temporarily hide warning about using plugins using the old API

v1.54.0

Compare Source

1. updated linters:
   • decorder: from 0.2.3 to 0.4.0
   • dupword: from 0.0.11 to 0.0.12
   • errorlint: from 1.4.2 to 1.4.3
   • exhaustruct: from 2.3.0 to 3.1.0
   • forbidigo: from 1.5.3 to 1.6.0
   • funlen: from 0.0.3 to 0.1.0
   • gci: from 0.10.1 to 0.11.0
   • ginkgolinter: from 0.12.1 to 0.13.3
   • go-critic: from 0.8.1 to 0.8.2
   • go-errorlint: from 1.4.2 to 1.4.3
   • go-exhaustruct: from 2.3.0 to 3.1.0
   • gocognit: from 1.0.6 to 1.0.7
   • gocritic: from 0.8.1 to 0.8.2
   • gofmt: autofix missing newline at EOF
   • misspell: 0.4.0 to 0.4.1
   • musttag: from 0.7.0 to 0.7.1
   • paralleltest: from 1.0.7 to 1.0.8
   • tagalign: from 1.2.2 to 1.3.2
   • typecheck: explain it and remove it from the linter list
   • zerologlint: from 0.1.2 to 0.1.3
2. misc.
   • 🎉 go1.21 support
   • plugin: include custom linters in enable-all
   • plugin: allow to use settings for plugins
3. Documentation
   • Add linter descriptions.

Important

ruleguard (a "rule" inside gocritic) was disabled in this release (v1.54.0) and was enabled again in the next release (v1.54.1).

exhaustruct has breaking changes with regular expressions, more details here.

helm/helm (helm)

v3.12.3: Helm v3.12.3

Compare Source

Helm v3.12.3 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.12.3. The common platform binaries are here:

• MacOS amd64 (checksum / 1bdbbeec5a12dd0c1cd4efd8948a156d33e1e2f51140e2a51e1e5e7b11b81d47)
• MacOS arm64 (checksum / 240b0a7da9cae208000eff3d3fb95e0fa1f4903d95be62c3f276f7630b12dae1)
• Linux amd64 (checksum / 1b2313cd198d45eab00cc37c38f6b1ca0a948ba279c29e322bdf426d406129b5)
• Linux arm (checksum / 6b67cf5fc441c1fcb4a860629b2ec613d0e6c8ac536600445f52a033671e985e)
• Linux arm64 (checksum / 79ef06935fb47e432c0c91bdefd140e5b543ec46376007ca14a52e5ed3023088)
• Linux i386 (checksum / cb789c4753bf66c8426f6be4091349c0780aaf996af0a1de48318f9f8d6b7bc8)
• Linux ppc64le (checksum / 8f2182ae53dd129a176ee15a09754fa942e9e7e9adab41fd60a39833686fe5e6)
• Linux s390x (checksum / f5d5c7a4e831dedc8dac5913d4c820e0da10e904debb59dec65bde203fad1af0)
• Windows amd64 (checksum / f3e2e9d69bb0549876aef6e956976f332e482592494874d254ef49c4862c5712)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.13.0 is the next feature release and be on September 13, 2023.

Changelog

• bump kubernetes modules to v0.27.3 3a31588 (Joe Julian)
• Add priority class to kind sorter fb74155 (Stepan Dohnal)

bridgecrewio/checkov (https://github.com/bridgecrewio/checkov.git)

v2.4.1

Compare Source

v2.4.0

Compare Source

v2.3.366

Compare Source

v2.3.365

Compare Source

Feature

• terraform: Removed most usages of enable_nested_modules - #​5415

v2.3.364

Compare Source

v2.3.363

Compare Source

v2.3.362

Compare Source

v2.3.361

Compare Source

v2.3.360

Compare Source

v2.3.359

Compare Source

v2.3.358

Compare Source

Feature

• secrets: Make non-entropy signatures take precedence over entropy signatures - #​5412

Bug Fix

• terraform: Remove DMS S3 check CKV_AWS_299 - #​5413

v2.3.357

Compare Source

v2.3.356

Compare Source

Feature

• terraform: Github Actions OIDC trust policy check - #​5402

v2.3.355

Compare Source

v2.3.354

Compare Source

Feature

• general: allow --var-file to be passed as environment variable - #​5406
• terraform: Add new policy to ensure AWS Transfer server only allows secure protocols - #​5409

Platform

• general: remove obsolete run config fallback API call - #​5404

Documentation

• gha: Update setup-python version in GitHub Actions.md - #​5393

v2.3.353

Compare Source

v2.3.352

Compare Source

v2.3.351

Compare Source

Feature

• terraform: new serialization methods for module and block - #​5391

Bug Fix

• terraform: pr for upgrade-checkov - #​5400

v2.3.350

Compare Source

v2.3.349

Compare Source

Bug Fix

• terraform: add TFDefinitionKey to get_entity_context_and_evaluations - #​5392
• terraform: consider new domain attribute in CKV2_AWS_19 - #​5383

v2.3.348

Compare Source

v2.3.347

Compare Source

Feature

• sca: support composer.json - #​5382
• terraform: Use new function to create multi graph instead of single graph - #​5375

Platform

• general: Implement SSO Relay State Parameter in Checkov Output Links - #​5217

v2.3.346

Compare Source

v2.3.345

Compare Source

v2.3.344

Compare Source

v2.3.343

Compare Source

Feature

• sca: fix package line numbers - #​5376

Bug Fix

• terraform: Fix CKV_AWS_104 to support new values - #​5377

v2.3.342

Compare Source

v2.3.341

Compare Source

v2.3.340

Compare Source

Feature

• general: enrich terraform definitions context key - #​5350

Bug Fix

• terraform: fix get module name - foreach or count - #​5373

v2.3.339

Compare Source

v2.3.338

Compare Source

Feature

• terraform: add new function to create module and definitions with tests - #​5362
• terraform: GCP Ensure IAM Workload identity is restricted - #​5369

Bug Fix

• general: fix inline suppression collection inside lists - #​5370

v2.3.337

Compare Source

v2.3.336

Compare Source

v2.3.335

Compare Source

Bug Fix

• terraform: leverage read_file_with_any_encoding to safely look for modules - #​5360

v2.3.334

Compare Source

Feature

• general: Add resource code filter to all checkov loggers - #​5356
• general: Infrastructure for custom code logger filter - #​5346

Bug Fix

• kustomize: Avoid index error when calculating file path - #​5357

v2.3.333

Compare Source

v2.3.332

Compare Source

v2.3.331

Compare Source

Feature

• openapi: Add CKV_OPENAPI_21 - #​5268

Bug Fix

• secrets: handle regex error in custom secrets gracefully - #​5355

Documentation

• general: update docs about installation guidelines - #​5352

v2.3.330

Compare Source

v2.3.329

Compare Source

Feature

• github: Add ability for External checks with git branch - #​5337
• sca: add fix command and code for indirect deps - #​5347

Bug Fix

• kubernetes: No dups when extracting images - #​5339

v2.3.328

Compare Source

v2.3.327

Compare Source

v2.3.326

Compare Source

Feature

• sca: add fix code and command to cve report - #​5333
• sca: fix code block array structure - #​5338

Bug Fix

• general: properly encode non supported chars in SARIF uri field - #​5336

Documentation

• sca: Add SCA skip comments to docs - #​5330

v2.3.325

Compare Source

v2.3.324

Compare Source

Bug Fix

• kustomize: Added support for case where no parents are found for the relative fie path - #​5332
• terraform: Update CKV2_AWS_12 for the new defaults - #​5203

v2.3.323

Compare Source

v2.3.322

Compare Source

v2.3.321

Compare Source

Feature

• kustomize: Support child k8s resources inside kustomize origin annotations - #​5328

v2.3.320

Compare Source

Bug Fix

• kustomize: Checked for existence of caller_file_path in definitions_raw - #​5324
• openapi: Fix ws for CKV_OPENAPI_20 - #​5317
• terraform: CKV_AWS_342 - managed rules have predefined actions - #​5322

v2.3.319

Compare Source

v2.3.318

Compare Source

Feature

• general: support UTF-16 and other encodings in multiple frameworks - #​5308
• kustomize: add back reverted kustomize annotations and update build github action to use github runners - #​5316
• kustomize: Add origin annotations to calculate bases of kustomize checks - #​5298

v2.3.317

Compare Source

v2.3.316

Compare Source

Feature

• secrets: Improve the entropy keyword combinator secret scanner - #​5307

Bug Fix

• openapi: Fix CKV_OpenAPI_20 - #​5302
• terraform: fix invalid value in CKV_AWS_304 - #​5301
• terraform: support new field in CKV2_AWS_3 - #​5304

v2.3.315

Compare Source

v2.3.314

Compare Source

Feature

• dockerfile: add ARM build for K8s container image - #​5293
• general: Add checkov.spec to enable PyInstaller - #​5281

Bug Fix

• terraform: remove CKV2_AZURE_18 check and improve CKV2_AZURE_1 - #​5294

v2.3.313

Compare Source

v2.3.312

Compare Source

Platform

• general: use sca inline suppressions - #​5285

v2.3.311

Compare Source

Feature

• openapi: New OpenAPI check CKV_OPENAPI_20 - #​5253

v2.3.310

Compare Source

Bug Fix

• terraform: remove deprecated check CKV_GCP_67 - #​5275

Documentation

• general: Add csv to output - #​5273

v2.3.309

Compare Source

Feature

• graph: add experimental debug output for graph check evaluation - #​5257

Bug Fix

• general: revert add composer files to supported package files - #​5269

Platform

• general: add composer files to supported package files - #​5263

v2.3.308

Compare Source

v2.3.307

Compare Source

v2.3.306

Compare Source

Feature

• terraform: add module check for commit hash revision usage - #​5261

Bug Fix

• openapi: add security definition type validation into CKV_OPENAPI_9 - #​5262
• secrets: fix secrets omit crash when value is not string - #​5260
• terraform: ignore local modules in CKV_TF_1 - #​5264

v2.3.305

Compare Source

v2.3.304

Compare Source

v2.3.303

Compare Source

Bug Fix

• arm: consider encryption property in CKV_AZURE_2 - #​5254

v2.3.302

Compare Source

Bug Fix

• terraform: add missing AWS RDS CA certificate identifiers for aws_db_instance resource - #​5247

v2.3.301

Compare Source

Feature

• general: remove log from parallel common - #​5244

Platform

• general: Fix local repo generated name if ends with / - #​5243

v2.3.300

Compare Source

v2.3.299

Compare Source

Feature

• terraform: ensure kms key policy is defined - #​5235

Bug Fix

• sca: fix wrongly invoked Image Referencer scanning when scanning a single file - #​5237
• terraform_plan: add terraform plan vertices to terraform graph if not exist - #​5230

v2.3.298

Compare Source

v2.3.297

Compare Source

v2.3.296

Compare Source

Bug Fix

• dockerfile: negative is_dockerfile() lookup on .dockerignore suffix - #​5219
• terraform: fix empty value issue for CKV_GIT_4 - #​5222

Documentation

• graph: add jsonpath custom policy example - #​5221

v2.3.295

Compare Source

v2.3.294

[Compare Source](https://togithub.com/bridgecrewio/ch

---

Configuration

📅 Schedule: Branch creation - "after 9am and before 5pm every weekday" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

BEGIN_COMMIT_OVERRIDE
chore(deps): update anchore/grype from 0.65.0 to 0.65.1

chore(deps): update awscli from 2.13.5 to 2.13.9

chore(deps): update defenseunicorns/build-harness from 1.10.1 to 1.10.2

chore(deps): update defenseunicorns/zarf from 0.28.3 to 0.29.0

chore(deps): update golang from 1.20.7 to 1.21.0

chore(deps): update golangci-lint from 1.53.3 to 1.54.1

chore(deps): update helm from 3.12.2 to 3.12.3

chore(deps): update bridgecrewio/checkov from 2.3.234 to 2.4.1

chore(deps): update k3d-io/k3d from 5.5.1 to 5.5.2

chore(deps): update kubectl from 1.27.4 to 1.28.0

chore(deps): update rebuy-de/aws-nuke from 2.23.0 to 2.24.1

chore(deps): update terraform from 1.5.4 to 1.5.5
END_COMMIT_OVERRIDE