Sourced from k8s.io/release's releases.

v0.9.0

Changes by Kind

Deprecation

• Remove hyperkube references (#2018, @​justaugustus) [SIG Release]

Feature

• Added i386 crossbuild toolchain to kube-cross. (#2086, @​saschagrunert) [SIG Release]

• Bump k8s-cloud-builder to version v1.16.4-2 (#2093, @​puerco) [SIG Release]

• Debian-base: Build buster-v1.6.0 image (#1991, @​justaugustus) [SIG Release]

• Debian-base: Build buster-v1.7.0 image (#2080, @​justaugustus) [SIG Release]

• Debian-iptables: Build buster-v1.6.0 image (#1983, @​wespanther) [SIG Release]

• Debian-iptables: Build buster-v1.6.1 image

  • setcap: Build buster-v2.0.1 image (#2082, @​justaugustus) [SIG Release]

• Dependency updates:

  • github.com/spf13/cobra from 1.1.1 to 1.1.3
  • github.com/go-git/go-git/v5 from 5.2.0 to 5.3.0
  • github.com/google/uuid from 1.1.4 to 1.2.0
  • github.com/sendgrid/rest from from 2.6.2 to 2.6.3
  • github.com/cheggaaa/pb/v3 from 3.0.5 to 3.0.8 (#2042, @​justaugustus) [SIG Release]

• Deps: Update sigs.k8s.io/release-utils to v0.2.1 (#2052, @​justaugustus) [SIG Release]

• Hack: Allow verify-dependencies to succeed when GOBIN is missing

  • [go] go1.16.4 and go1.15.12 updates
  • kube-cross: Build v1.16.4-1 and v1.15.12-1 images
  • go-runner: Build v2.3.1-go1.16.4-buster.0 and v2.3.1-go1.15.12-buster.0
  • releng-ci: Build v0.5.2 image using go1.16.4 (#2059, @​justaugustus) [SIG Release]

• K8s-cloud-builder: Build v1.15.12-legacy-1/v1.15.12-1 image

  • k8s-ci-builder: Build image variants using go1.15.12 (#2063, @​cpanato) [SIG Release]

• Kube-cross: Adds mingw-w64 for Windows binary compilation

  • kube-cross: Build v1.16.1-2 image (#1978, @​claudiubelu) [SIG Release and Windows]

• Kube-cross: Build v1.15.11-1 / v1.15.11-legacy-1 image

  • go-runner: Build v2.3.1-go1.15.11-buster.0 image (#1985, @​cpanato)

• New SPDX package for generating SPDX compliant manifests of artifacts.

  • The license package now includes a new Catalog object to interact with spdx license data
  • First set of image analyzers to enrich the BOM generated for the go-runner and distroless base images
  • Corrects a bug with the license downloader where license data was not available when first downloaded. (#2064, @​puerco) [SIG Release]

• New bom utility allows software authors to generate spdx manifests for projects. Allows adding files and images to the manifest. (#2066, @​puerco) [SIG Release]

• New krel cve subcommand to handle CVE data information in the release bucket. Allow a release manager to upload, delete and edit CVE data files that publish vulnerability information in the changelog. (#1995, @​puerco) [SIG Release]

• Releng-ci: Enable building multiple image variants (#2089, @​justaugustus) [SIG Release]

• Setcap: Build buster-v2.0.0 image

  Uses debian-base:buster-v1.6.0.

  Note: the image major version is arbitrarily bumped here to dissuade any inferences that it must match the debian-base image tag (#1992, @​justaugustus) [SIG Release]

• The SPDX package can now index the contents of a directory and produce a Package listing all contents. Directories can be specified by -d/--directory

  • go.mod support: We now recognize directories that are golang modules. If a go.mod file is found, the spdx object will now download, scan them for licensing data and create packages which are then linked to the directory package as dependencies
  • Full support for .gitignore exclusions: WHen indexing a directory, the spdx object will detect a .gitignore file and honor the files excluded by patterns in it.

... (truncated)

• b713f2d Merge pull request #2102 from justaugustus/cip
• 3cbcfcb go.mod: Run go mod tidy
• f8c7fd7 Merge pull request #2101 from justaugustus/cip
• ee36821 pkg/cip: Migrate packages back to k-sigs/cip
• 7a8c739 Merge pull request #2091 from xmudrii/debian-base-symlink-rm
• af82e19 Bump debian-base to buster-v1.7.1
• c6c13d5 Merge pull request #2085 from puerco/deep-mods
• c1fff76 debian-base: symlink rm to /usr/sbin/rm
• 8ea90f6 Merge pull request #2100 from kubernetes/dependabot/go_modules/github.com/cen...
• 7d146c6 build(deps): bump github.com/cenkalti/backoff/v4 from 4.1.0 to 4.1.1
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)