🌱 Update Builder Image group

[cluster-stack-bot]

This PR contains the following updates:

Package	Type	Update	Change
docker.io/aquasec/trivy (source)	stage	minor	0.66.0 -> 0.67.2
docker.io/hadolint/hadolint	stage	minor	v2.13.1-alpine -> v2.14.0-alpine
docker.io/library/alpine	stage	patch	3.22.1 -> 3.22.2
golangci/golangci-lint		minor	v2.4.0 -> v2.6.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

aquasecurity/trivy (docker.io/aquasec/trivy)

v0.67.2

Compare Source

Changelog

• 60c57ad release: v0.67.2 [release/v0.67] (#​9639)
• f3ee80c fix: Use fetch-level: 1 to check out trivy-repo in the release workflow [backport: release/v0.67] (#​9638)

v0.67.1

Compare Source

Changelog

• cbed239 release: v0.67.1 [release/v0.67] (#​9614)
• 1a84093 fix: restore compatibility for google.protobuf.Value [backport: release/v0.67] (#​9631)
• 3bc1490 fix: using SrcVersion instead of Version for echo detector [backport: release/v0.67] (#​9629)
• 542eee7 fix: add buildInfo for BlobInfo in rpc package [backport: release/v0.67] (#​9615)
• f65dd05 fix(vex): don't use reused BOM [backport: release/v0.67] (#​9612)

v0.67.0

Compare Source

Features

• add documentation URL for database lock errors (#​9531) (eba48af)
• cli: change --list-all-pkgs default to true (#​9510) (7b663d8)
• cloudformation: support default values and list results in Fn::FindInMap (#​9515) (42b3bf3)
• cyclonedx: preserve SBOM structure when scanning SBOM files with vulnerability updates (#​9439) (aff03eb)
• redhat: add os-release detection for RHEL-based images (#​9458) (cb25a07)
• sbom: added support for CoreOS (#​9448) (6d562a3)
• seal: add seal support (#​9370) (e4af279)

Bug Fixes

• aws: use BuildableClient insead of xhttp.Client (#​9436) (fa6f1bf)
• close file descriptors and pipes on error paths (#​9536) (a4cbd6a)
• db: Dowload database when missing but metadata still exists (#​9393) (92ebc7e)
• k8s: disable parallel traversal with fs cache for k8s images (#​9534) (c0c7a6b)
• misconf: handle tofu files in module detection (#​9486) (bfd2f6b)
• misconf: strip build metadata suffixes from image history (#​9498) (c938806)
• misconf: unmark cty values before access (#​9495) (8e40d27)
• misconf: wrap legacy ENV values in quotes to preserve spaces (#​9497) (267a970)
• nodejs: parse workspaces as objects for package-lock.json files (#​9518) (404abb3)
• nodejs: use snapshot string as Package.ID for pnpm packages (#​9330) (4517e8c)
• vex: don't suppress vulns for packages with infinity loop (#​9465) (78f0d4a)
• vuln: compare nuget package names in lower case (#​9456) (1ff9ac7)

hadolint/hadolint (docker.io/hadolint/hadolint)

v2.14.0

Compare Source

What's Changed

• Enhance INTEGRATION.md with a toc and ordering by @​jammsen in #​1118
• DL3041, DL3033: Handle RPM package epoch by @​m-ildefons in #​1121
• DL3009: Allow either cache or tmpfs mounts by @​m-ildefons in #​1123
• added new rule DL3062 to check go install by @​Danil42Russia in #​1111
• DL3041, DL3033: Handle RPM package with plus sign by @​samcranford in #​1125
• relax dependencies by @​m-ildefons in #​1128
• fixup release workflow by @​m-ildefons in #​1129

New Contributors

• @​jammsen made their first contribution in #​1118
• @​Danil42Russia made their first contribution in #​1111
• @​samcranford made their first contribution in #​1125

Full Changelog: hadolint/hadolint@v2.13.1...v2.14.0

golangci/golangci-lint (golangci/golangci-lint)

v2.6.1

Compare Source

1. Linters bug fixes
   • copyloopvar: from 1.2.1 to 1.2.2
   • go-critic: from 0.14.0 to 0.14.2

v2.6.0

Compare Source

1. New linters
   • Add modernize analyzer suite
2. Linters new features or changes
   • arangolint: from 0.2.0 to 0.3.1
   • dupword: from 0.1.6 to 0.1.7 (new option comments-only)
   • go-critic: from 0.13.0 to 0.14.0 (new rules/checkers: zeroByteRepeat, dupOption)
   • gofumpt: from 0.9.1 to 0.9.2 ("clothe" naked returns is now controlled by the extra-rules option)
   • perfsprint: from 0.9.1 to 0.10.0 (new options: concat-loop, loop-other-ops)
   • wsl: from 5.2.0 to 5.3.0
3. Linters bug fixes
   • dupword: from 0.1.6 to 0.1.7
   • durationcheck: from 0.0.10 to 0.0.11
   • exptostd: from 0.4.4 to 0.4.5
   • fatcontext: from 0.8.1 to 0.9.0
   • forbidigo: from 2.1.0 to 2.3.0
   • ginkgolinter: from 0.21.0 to 0.21.2
   • godoc-lint: from 0.10.0 to 0.10.1
   • gomoddirectives: from 0.7.0 to 0.7.1
   • gosec: from 2.22.8 to 2.22.10
   • makezero: from 2.0.1 to 2.1.0
   • nilerr: from 0.1.1 to 0.1.2
   • paralleltest: from 1.0.14 to 1.0.15
   • protogetter: from 0.3.16 to 0.3.17
   • unparam: from 0df0534 to 5beb8c8
4. Misc.
   • fix: ignore some files to hash the version for custom build

v2.5.0

Compare Source

1. New linters
   • Add godoclint linter https://github.com/godoc-lint/godoc-lint
   • Add unqueryvet linter https://github.com/MirrexOne/unqueryvet
   • Add iotamixing linter https://github.com/AdminBenni/iota-mixing
2. Linters new features or changes
   • embeddedstructfieldcheck: from 0.3.0 to 0.4.0 (new option: empty-line)
   • err113: from aea10b5 to 0.1.1 (skip internals of Is methods for error type)
   • ginkgolinter: from 0.20.0 to 0.21.0 (new option: force-tonot)
   • gofumpt: from 0.8.0 to 0.9.1 (new rule is to "clothe" naked returns for the sake of clarity)
   • ineffassign: from 0.1.0 to 0.2.0 (new option: check-escaping-errors)
   • musttag: from 0.13.1 to 0.14.0 (support interface methods)
   • revive: from 1.11.0 to 1.12.0 (new options: identical-ifelseif-branches, identical-ifelseif-conditions, identical-switch-branches, identical-switch-conditions, package-directory-mismatch, unsecure-url-scheme, use-waitgroup-go, useless-fallthrough)
   • thelper: from 0.6.3 to 0.7.1 (skip t.Helper in functions passed to synctest.Test)
   • wsl: from 5.1.1 to 5.2.0 (improvements related to subexpressions)
3. Linters bug fixes
   • asciicheck: from 0.4.1 to 0.5.0
   • errname: from 1.1.0 to 1.1.1
   • fatcontext: from 0.8.0 to 0.8.1
   • go-printf-func-name: from 0.1.0 to 0.1.1
   • godot: from 1.5.1 to 1.5.4
   • gosec: from 2.22.7 to 2.22.8
   • nilerr: from 0.1.1 to a temporary fork
   • nilnil: from 1.1.0 to 1.1.1
   • protogetter: from 0.3.15 to 0.3.16
   • tagliatelle: from 0.7.1 to 0.7.2
   • testifylint: from 1.6.1 to 1.6.4
4. Misc.
   • fix: "no export data" errors are now handled as a standard typecheck error
5. Documentation
   • Improve nolint section about syntax

---

Configuration

📅 Schedule: Branch creation - "on the first day of the month" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

[cluster-stack-bot]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: undefined

Command failed: BUILD_IMAGE_TOKEN=**redacted** BUILD_IMAGE_USER=kranurag7 CI=true ./hack/upgrade-builder-image.sh
+ set -o errexit
+ set -o nounset
+ set -o pipefail
+++ dirname ./hack/upgrade-builder-image.sh
++ realpath ./hack/..
+ REPO_ROOT=/tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator
+ cd /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator
+ source /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/hack/semver-upgrade.sh
++ set -o errexit
++ set -o nounset
++ set -o pipefail
++ set -x
+ '[' true = true ']'
+ echo **redacted**
+ docker login ghcr.io -u kranurag7 --password-stdin

WARNING! Your credentials are stored unencrypted in '/home/ubuntu/.docker/config.json'.
Configure a credential helper to remove this warning. See
https://docs.docker.com/go/credential-store/

++ git fetch --quiet origin main
++ git show origin/main:.builder-image-version.txt
+ export VERSION=1.1.34
+ VERSION=1.1.34
++ semver_upgrade patch 1.1.34
++ IFS=.
++ read -r version minor patch
++ case "$1" in
++ tag=1.1.35
++ echo 1.1.35
+ export NEW_VERSION=1.1.35
+ NEW_VERSION=1.1.35
+ echo 1.1.35
+ echo 'Wrote new version 1.1.35 to .builder-image-version.txt'
+ docker manifest inspect ghcr.io/sovereigncloudstack/cso-builder:1.1.34
+ echo 0
+ sed -i -e '/^BUILDER_IMAGE_VERSION /s/:=.*$/:= 1.1.35/' Makefile
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/build.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/kubebuilder-markers-checker.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/pr-lint.yml
+ sed -i -e '/image: ghcr\.io\/sovereigncloudstack\/cso-builder:/s/:.*$/: ghcr\.io\/sovereigncloudstack\/cso-builder:1.1.35/' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/pr-lint.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/pr-verify.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/release.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/schedule-cache-cleaner-cso-image.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/schedule-scan-image.yml
+ sed -i -e '/image: ghcr\.io\/sovereigncloudstack\/cso-builder:/s/:.*$/: ghcr\.io\/sovereigncloudstack\/cso-builder:1.1.35/' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/schedule-scan-image.yml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/schedule-update-bot.yaml
+ for FILE in ${REPO_ROOT}/.github/workflows/*
+ grep 'image: ghcr.io/sovereigncloudstack/cso-builder' /tmp/renovate/repos/github/SovereignCloudStack/cluster-stack-operator/.github/workflows/test.yml
+ docker build -t ghcr.io/sovereigncloudstack/cso-builder:1.1.35 ./images/builder
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
            Install the buildx component to build images with BuildKit:
            https://docs.docker.com/go/buildx/

The command '/bin/sh -c apk add --no-cache curl &&     curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s ${GOLANGCI_VERSION}' returned a non-zero code: 1