2.35.0

What's Changed

• fix(ci): handle release builds in GHA CI workflow by @BradLugo in #1561
• fix(ci): one more place needs release build tag by @dcaravel in #1563
• build(deps): bump golang.org/x/sys from 0.21.0 to 0.22.0 by @dependabot in #1566
• build(deps): bump google.golang.org/grpc from 1.64.0 to 1.65.0 by @dependabot in #1558
• fix(e2e): update fixedBy versions by @RTann in #1567
• build(deps): bump google.golang.org/api from 0.186.0 to 0.188.0 by @dependabot in #1565
• fix(ci): fallback to previous release when attempting unreleased version by @RTann in #1568
• build(deps): bump cloud.google.com/go/storage from 1.42.0 to 1.43.0 by @dependabot in #1569
• fix: add tag resolution for jobs missing it by @dcaravel in #1570
• chore(deps): Bump stackrox version and fix usage of removed package by @mtodor in #1572
• ROX-25321: convert konflux builds to OCI artifacts by @Stringy in #1573
• ROX-22019: Protobuf v2 migration by @mtodor in #1500
• ROX-22019: Set correct stackrox dependency with protobuf V2 by @mtodor in #1576
• build: Add "appstudio" to the PR branch name filter for Konflux CI by @msugakov in #1577
• build(deps): bump google.golang.org/api from 0.188.0 to 0.189.0 by @dependabot in #1578
• build(deps): bump google.golang.org/grpc/cmd/protoc-gen-go-grpc from 1.1.0 to 1.4.0 by @dependabot in #1579
• build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.19.1 to 2.20.0 by @dependabot in #1580
• ROX-20757 scanner multi arch builds by @Stringy in #1574
• build(deps): bump google.golang.org/grpc/cmd/protoc-gen-go-grpc from 1.4.0 to 1.5.1 by @dependabot in #1582
• build(deps): bump github.com/containers/image/v5 from 5.31.1 to 5.32.0 by @dependabot in #1583
• build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.20.0 to 2.21.0 by @dependabot in #1584
• chore: Add ^release- branches for on-push Konflux builds by @msugakov in #1586
• chore: Update oci-ta tasks, add Renovate config by @red-hat-konflux in #1575
• build(deps): bump google.golang.org/api from 0.189.0 to 0.190.0 by @dependabot in #1590
• build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0 by @dependabot in #1591
• build: Add Konflux pipeline activation through a label by @msugakov in #1593
• ROX-25620: Switch to new Konflux task repos by @msugakov in #1588
• chore(deps): update konflux references by @red-hat-konflux in #1592
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to af6f06e by @red-hat-konflux in #1598
• chore(ci): use UBI 8 based rox-ci-image by @RTann in #1589
• build(deps): bump google.golang.org/api from 0.190.0 to 0.192.0 by @dependabot in #1599
• build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0 by @dependabot in #1601
• build(deps): bump github.com/containers/image/v5 from 5.32.0 to 5.32.1 by @dependabot in #1600
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to 39cfac4 by @red-hat-konflux in #1603
• chore(deps): update konflux references by @red-hat-konflux in #1602
• chore(deps): update konflux references by @red-hat-konflux in #1604
• ROX-25715: Add Slack notifications for Konflux builds by @tommartensen in #1605
• fix: validate digest prior to layer download by @RTann in #1597
• fix: increase image poll timeout by @RTann in #1609
• chore(deps): update konflux references by @red-hat-konflux in #1611
• ROX-25623: reduce deprecated-image-check by feeding manifest by @tommartensen in #1612
• Update apollo-ci image to 0.4.2 by @dvail in #1606
• chore(deps): update konflux references by @red-hat-konflux in #1615
• build: Upload SAST results by @msugakov in #1614
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to af3f156 by @red-hat-konflux in #1619
• build(deps): bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 by @dependabot in #1616
• build(deps): bump github.com/containers/image/v5 from 5.32.1 to 5.32.2 by @dependabot in #1617
• build(deps): bump google.golang.org/api from 0.192.0 to 0.193.0 by @dependabot in #1618
• chore(deps): update konflux references by @red-hat-konflux in #1620
• build(deps): bump google.golang.org/api from 0.193.0 to 0.194.0 by @dependabot in #1622
• build(deps): bump github.com/prometheus/client_golang from 1.20.1 to 1.20.2 by @dependabot in #1623
• build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.21.0 to 2.22.0 by @dependabot in #1624
• chore: swap mathutil with builtin by @RTann in #1626
• chore(deps): update konflux references by @red-hat-konflux in #1621
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to 260b28e by @red-hat-konflux in #1627
• rhel: update sec data location by @RTann in #1625
• e2e: account for RHSA-2024:6162 by @RTann in #1632
• build(deps): bump google.golang.org/api from 0.194.0 to 0.196.0 by @dependabot in #1629
• ROX-25723: add ecosystem preflight check by @tommartensen in #1633
• chore: go1.22.5 by @RTann in #1634
• chore: go 1.22 konflux by @RTann in #1636
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to d6f57d9 by @red-hat-konflux in #1631
• chore(deps): update konflux references by @red-hat-konflux in #1630
• chore(deps): update konflux references by @red-hat-konflux in #1637
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to a390d28 by @red-hat-konflux in #1641
• build(deps): bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 by @dependabot in #1638
• chore(deps): update konflux references by @red-hat-konflux in #1642
• build(deps): bump google.golang.org/grpc from 1.66.0 to 1.66.1 by @dependabot in #1639
• build(deps): bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 by @dependabot in #1646
• chore: remove github.com/golang/protobuf direct dep by @RTann in #1635
• ROX-25565: Fail Konflux builds if required ARGs aren't provided by @msugakov in #1644
• chore(deps): update konflux references by @red-hat-konflux in #1647
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to c91de17 by @red-hat-konflux in #1648
• chore(deps): update konflux references by @red-hat-konflux in #1650
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to e0e457b by @red-hat-konflux in #1653
• fix(e2e): Bump fixed by due to RHSA-2024:6783 by @jvdm in #1649
• fix e2e test compile error by @RTann in #1654
• build(deps): bump google.golang.org/grpc from 1.66.1 to 1.67.0 by @dependabot in #1652
• build(deps): bump golang.org/x/sys from 0.24.0 to 0.25.0 by @dependabot in #1640
• build(deps): bump google.golang.org/api from 0.196.0 to 0.199.0 by @dependabot in https://github.com/stackrox/s...

2.34.2

Full Changelog: 2.34.1...2.34.2

2.33.6

What's Changed

• fix(ci): reorder gke tags and labels variable expansions by @BradLugo in #1522
• chore: Update docker dep to fix CVE-2024-41110 by @dcaravel in #1607
• fix(e2e): update fixedBy versions (#1567) by @dcaravel in #1608

Full Changelog: 2.33.5...2.33.6

2.34.1

Full Changelog: 2.34.0...2.34.1

2.34.0

What's Changed

• chore(deps): update rhtap references (master) by @red-hat-konflux in #1423
• chore(deps): update rhtap references (master) by @red-hat-konflux in #1431
• Red Hat Konflux update scanner-db-slim by @red-hat-konflux in #1437
• build(deps): bump github.com/containers/image/v5 from 5.29.2 to 5.30.0 by @dependabot in #1435
• e2e: migrate GCR image to Quay by @RTann in #1441
• build(deps): bump cloud.google.com/go/storage from 1.38.0 to 1.39.0 by @dependabot in #1433
• ROX-20752: scanner-slim konflux onboarding by @tommartensen in #1429
• chore: Override cpu requests for bad days in Konflux by @msugakov in #1401
• build(deps): bump cloud.google.com/go/storage from 1.39.0 to 1.39.1 by @dependabot in #1442
• build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 by @dependabot in #1434
• build(deps): bump go.uber.org/ratelimit from 0.3.0 to 0.3.1 by @dependabot in #1443
• build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.33.0 in /tools/linters by @dependabot in #1444
• chore(deps): use stackrox fork of gogo by @janisz in #1447
• ROX-22044: postgresql 15 by @RTann in #1416
• chore(deps): update rhtap references (master) by @red-hat-konflux in #1438
• chore: add expiry label to images by @RTann in #1446
• build(deps): bump the actions group with 1 update by @dependabot in #1448
• build(deps): bump github.com/golang/protobuf from 1.5.3 to 1.5.4 by @dependabot in #1449
• build(deps): bump github.com/PuerkitoBio/goquery from 1.9.0 to 1.9.1 by @dependabot in #1450
• build(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible by @dependabot in #1451
• chore(go): go1.21.8 by @RTann in #1452
• use custom bolthelper package by @RTann in #1455
• build(deps): bump the actions group with 1 update by @dependabot in #1459
• build(deps): bump github.com/distribution/reference from 0.5.0 to 0.6.0 by @dependabot in #1457
• build(deps): bump google.golang.org/api from 0.167.0 to 0.171.0 by @dependabot in #1458
• chore(go): bump go.mod to go1.21 by @RTann in #1456
• chore(deps): bump stackrox/rox dep by @RTann in #1454
• chore(deps): update rhtap references (master) by @red-hat-konflux in #1453
• build(deps): bump cloud.google.com/go/storage from 1.39.1 to 1.40.0 by @dependabot in #1460
• build(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 by @dependabot in #1461
• build(deps): bump google.golang.org/api from 0.171.0 to 0.172.0 by @dependabot in #1462
• chore(deps): update rhtap references (master) by @red-hat-konflux in #1463
• ROX-19862: Add manual entry for CVE-2023-32697 by @dcaravel in #1464
• build(deps): bump golang.org/x/sys from 0.18.0 to 0.19.0 by @dependabot in #1470
• chore: Expand RHACS in Konflux Dockerfile labels by @msugakov in #1473
• chore(deps): update rhtap references by @red-hat-konflux in #1466
• chore(ci): move docker image to quay by @RTann in #1474
• ROX-18606: Add multi-arch support for s390x and ppc64le using docker buildx by @kcrane in #1469
• build(deps): bump actions/add-to-project from 1.0.0 to 1.0.1 in the actions group by @dependabot in #1479
• build(deps): bump google.golang.org/api from 0.172.0 to 0.173.0 by @dependabot in #1480
• build(deps): bump google.golang.org/grpc from 1.62.1 to 1.63.2 by @dependabot in #1471
• ROX-23563: Add diff-dumps to GHA artifacts by @BradLugo in #1468
• ROX-21744: allow sensor/scanner comms in non-ocp (2/2) by @dcaravel in #1478
• chore(deps): bump docker-registry-client by @RTann in #1481
• build(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #1482
• build(deps): bump google.golang.org/api from 0.173.0 to 0.176.1 by @dependabot in #1485
• ROX-22889: Create new genesis dump by @dcaravel in #1486
• ROX-23848, ROX-23849, ROX-23853: update alpine and ubuntu support by @RTann in #1465
• chore(deps): update rhtap references by @red-hat-konflux in #1475
• chore: go1.21.9 by @RTann in #1491
• build(deps): bump github.com/PuerkitoBio/goquery from 1.9.1 to 1.9.2 by @dependabot in #1494
• chore(deps): update rhtap references by @red-hat-konflux in #1493
• fix: update external-contributor triaging workflow by @tommartensen in #1496
• build(deps): bump google.golang.org/api from 0.176.1 to 0.178.0 by @dependabot in #1498
• build(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0 by @dependabot in #1499
• Fix RHSA-2022:7288 test case by @daynewlee in #1501
• ROX-18606, ROX-24135: add arm64, s390x, and ppc64le support to scanner ci builds by @kcrane in #1490
• chore(deps): update rhtap references to 2d39df1 by @red-hat-konflux in #1504
• ROX-24081: use make tag result in image names on Konflux by @tommartensen in #1503
• ROX-22474: push Konflux images to quay.io/rhacs-eng by @tommartensen in #1509
• chore(deps): update rhtap references to 1f62eaf by @red-hat-konflux in #1505
• ROX-23123: Verifying File Integrity while updating offline bundle by @daynewlee in #1497
• chore: stop logging pings by @RTann in #1511
• build(deps): bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 by @dependabot in #1507
• build(deps): bump github.com/containers/image/v5 from 5.30.0 to 5.30.1 by @dependabot in #1514
• ROX-20232: Reduce duplication in Scanner Konflux pipelines by @msugakov in #1492
• build(deps): bump cloud.google.com/go/storage from 1.40.0 to 1.41.0 by @dependabot in #1506
• fix(ci): account for CVE-2023-42366 by @RTann in #1516
• build(deps): bump google.golang.org/grpc from 1.63.2 to 1.64.0 by @dependabot in #1508
• style: Adjust YAML IDE formatting and reformat .tekton/*.yaml by @msugakov in #1515
• build(deps): bump github.com/containers/image/v5 from 5.30.1 to 5.31.0 by @dependabot in #1524
• build(deps): bump google.golang.org/api from 0.178.0 to 0.181.0 by @dependabot in #1525
• chore(deps): update rhtap references by @red-hat-konflux in #1510
• ROX-20232: Unify PR and push PipelineRun-s by @msugakov in #1526
• build(deps): bump google.golang.org/api from 0.181.0 to 0.182.0 by @dependabot in #1528
• ROX-24116: Fix tags for init and other cleanups by @msugakov in #1527
• chore(deps): update rhtap references by @red-hat-konflux in #1530
• fix(ROX-23707): scanner-db-slim must have an initdb entrypoint directory by @tommartensen in #1536
• chore: Swap TAG_SUFFIX for SCANNER_TAG by @msugakov in #1532
• fix(ci): reorder gke tags and labels variable expansions by @BradLugo in #1513
• build(deps): bump golang.org/x/sys from 0.20.0 to 0.21.0 by @dependabot in #1537
• build(deps): bump google.golang.org/api from 0.182.0 to 0.183.0 by @dependabot in #1538
• ROX-20230: Let images on Konflux expire after 1 year by @tommartensen in https://github.com/stackrox/scann...

2.32.4

What's Changed

• Bump containers/image/v5 targeting ACS 4.3.8 by @dcaravel in #1533
• Bump docker/docker targeting ACS 4.3.8 (scanner 2.32.4) by @dcaravel in #1535

Full Changelog: 2.32.3...2.32.4

2.33.5

What's Changed

• Bump containers/image/v5 targeting ACS 4.4.3 by @dcaravel in #1531
• Bump docker/docker targeting ACS 4.4.3 (scanner 2.33.5) by @dcaravel in #1534

Full Changelog: 2.33.4...2.33.5

2.32.3

What's Changed

• ROX-22889: Cherry pick new genesis dump into 2.32 (targeting ACS 4.3.7) by @dcaravel in #1489

Full Changelog: 2.32.2...2.32.3

2.33.4

What's Changed

• ROX-22889: Cherry pick new genesis dump into 2.33 (targeting ACS 4.4.2) by @dcaravel in #1488

Full Changelog: 2.33.3...2.33.4

2.33.3

What's Changed

• added new dump info by @daynewlee in #1309
• build(deps): bump go.uber.org/goleak from 1.2.1 to 1.3.0 by @dependabot in #1305
• build(deps): bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible by @dependabot in #1312
• chore: account for OpenShift 4.14 by @RTann in #1313
• build(deps): bump github.com/go-git/go-git/v5 from 5.9.0 to 5.10.0 by @dependabot in #1316
• build(deps): bump google.golang.org/api from 0.148.0 to 0.149.0 by @dependabot in #1315
• build(deps): bump cloud.google.com/go/storage from 1.33.0 to 1.34.0 by @dependabot in #1314
• chore(e2e): update tests by @RTann in #1317
• build(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 by @dependabot in #1320
• build(deps): bump github.com/gorilla/mux from 1.8.0 to 1.8.1 by @dependabot in #1319
• build(deps): bump cloud.google.com/go/storage from 1.34.0 to 1.34.1 by @dependabot in #1321
• fix(e2e): CVE-2023-28708 description by @RTann in #1322
• build(deps): bump google.golang.org/api from 0.149.0 to 0.150.0 by @dependabot in #1323
• build(deps): bump golang.org/x/sys from 0.13.0 to 0.14.0 by @dependabot in #1324
• build(deps): bump cloud.google.com/go/storage from 1.34.1 to 1.35.1 by @dependabot in #1325
• chore(nvd): use NVD API v2 by @RTann in #1318
• fix(nvd): slow down API requests by @RTann in #1326
• revert NVD API changes by @RTann in #1327
• build(deps): bump github.com/containers/image/v5 from 5.28.0 to 5.29.0 by @dependabot in #1330
• build(deps): bump google.golang.org/api from 0.150.0 to 0.151.0 by @dependabot in #1331
• chore(e2e): fix tests by @RTann in #1333
• build(deps): bump golang.org/x/sys from 0.14.0 to 0.15.0 by @dependabot in #1337
• build(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 by @dependabot in #1335
• chore: fix shellcheck 1091 for all scripts by @BradLugo in #1338
• build(deps): bump google.golang.org/api from 0.151.0 to 0.152.0 by @dependabot in #1336
• chore(nvd): use NVD API v2 by @RTann in #1329
• chore(e2e): account for CVE-2023-46589 by @RTann in #1340
• build(deps): bump google.golang.org/api from 0.152.0 to 0.153.0 by @dependabot in #1341
• chore(nvd): add more retries by @RTann in #1348
• ROX-21387: batch insert vulns by @RTann in #1345
• fix test on package jackson-databind 2.9.10.4 by @daynewlee in #1350
• ROX-21319: Increase DB connection retries by @dcaravel in #1349
• build(deps): bump google.golang.org/grpc from 1.59.0 to 1.60.0 by @dependabot in #1351
• build(deps): bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 by @dependabot in #1353
• build(deps): bump google.golang.org/api from 0.153.0 to 0.154.0 by @dependabot in #1352
• build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 by @dependabot in #1355
• chore: renew certs by @RTann in #1354
• build(deps): bump google.golang.org/grpc from 1.60.0 to 1.60.1 by @dependabot in #1356
• build(deps): bump cloud.google.com/go/storage from 1.35.1 to 1.36.0 by @dependabot in #1357
• build(deps): bump github.com/prometheus/client_golang from 1.17.0 to 1.18.0 by @dependabot in #1358
• chore(scanner-db): update GPG key link by @RTann in #1364
• chore: set GOMEMLIMIT to 95% configured limit by @RTann in #1363
• chore(e2e): fix .NET Core Runtime tests by @RTann in #1365
• build(deps): bump golang.org/x/sys from 0.15.0 to 0.16.0 by @dependabot in #1367
• build(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 by @dependabot in #1362
• build(deps): bump google.golang.org/api from 0.154.0 to 0.155.0 by @dependabot in #1366
• ROX-21124: Move non-e2e testing OSCI jobs to GitHub Actions by @BradLugo in #1347
• chore(e2e): fix dotnet tests by @BradLugo in #1368
• ROX-21124: Fix upload-dumps-for-downstream GHA job by @BradLugo in #1371
• ROX-21124: Fix sanity-check-vuln-updates GHA job by @BradLugo in #1372
• ROX-21124: Increase image pull timeout in OSCI to match stackrox/stackrox by @BradLugo in #1377
• build(deps): bump google.golang.org/api from 0.155.0 to 0.157.0 by @dependabot in #1378
• Update artifact actions in GHA by @BradLugo in #1379
• fix(dependabot): group actions update by @BradLugo in #1380
• Fix image scanning e2e test by @daynewlee in #1382
• build(deps): bump google.golang.org/grpc from 1.60.1 to 1.61.0 by @dependabot in #1384
• build(deps): bump cloud.google.com/go/storage from 1.36.0 to 1.37.0 by @dependabot in #1388
• build(deps): bump google.golang.org/api from 0.157.0 to 0.161.0 by @dependabot in #1389
• build(deps): bump github.com/containers/image/v5 from 5.29.0 to 5.29.2 by @dependabot in #1390
• ROX-20751: Add Konflux build pipeline for scanner-db by @kylape in #1387
• (chore): Setup CODEOWNERS for .tekton directory by @msugakov in #1396
• ROX-20753: Add scanner RHTAP build pipeline by @kylape in #1334
• chore(deps): update rhtap references (master) by @red-hat-konflux in #1397
• (chore): Unify downloader script for rhtap scanner by @msugakov in #1395
• build(deps): bump google.golang.org/api from 0.161.0 to 0.162.0 by @dependabot in #1399
• chore(deps): update rhtap references by @red-hat-konflux in #1398
• Fix E2E test by @daynewlee in #1402
• build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0 by @dependabot in #1405
• build(deps): bump google.golang.org/grpc from 1.61.0 to 1.61.1 by @dependabot in #1407
• fix(e2e): update test by @RTann in #1408
• chore(deps): update rhtap references by @red-hat-konflux in #1404
• build(deps): bump google.golang.org/api from 0.162.0 to 0.165.0 by @dependabot in #1409
• chore(deps): update rhtap references by @red-hat-konflux in #1410
• build(deps): bump cloud.google.com/go/storage from 1.37.0 to 1.38.0 by @dependabot in #1412
• Include latest v4 vulnerability by @daynewlee in #1400
• Update v4 file download URL by @daynewlee in #1414
• chore(deps): update rhtap references by @red-hat-konflux in #1413
• Bump Genesis Dump by @RTann in #1417
• build(deps): bump the actions group with 1 update by @dependabot in #1419
• build(deps): bump github.com/PuerkitoBio/goquery from 1.8.1 to 1.9.0 by @dependabot in #1420
• build(deps): bump google.golang.org/grpc from 1.61.1 to 1.62.0 by @dependabot in #1421
• build(deps): bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 by @dependabot in #1422

New Contributors

• @BradLugo made their first contribution in #1338
• @kylape made their first contribution in #1387

Full Changelog: 2.32.0...2.33.3