From 1f8e4883002ffc3956e2abf6f06cd259830a168a Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 20 Feb 2024 21:10:52 +0100
Subject: [PATCH] chore(deps): update dependency carvel-dev/vendir to v0.40.0
 (#243)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [carvel-dev/vendir](https://togithub.com/carvel-dev/vendir) | minor |
`v0.39.0` -> `v0.40.0` |

---

### Release Notes

<details>
<summary>carvel-dev/vendir (carvel-dev/vendir)</summary>

###
[`v0.40.0`](https://togithub.com/carvel-dev/vendir/releases/tag/v0.40.0)

[Compare
Source](https://togithub.com/carvel-dev/vendir/compare/v0.39.0...v0.40.0)

<details>

<summary><h2>Installation and signature verification</h2></summary>

##### Installation
##### By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

```shell

### Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.0/vendir-linux-amd64

### Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir

### Make the binary executable
chmod +x /usr/local/bin/vendir
```

##### Via Homebrew (macOS or Linux)

```shell
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
```

##### Verify checksums file signature

Install cosign on your system
https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this
release is signed using
[Cosign](https://docs.sigstore.dev/cosign/overview/) with GitHub OIDC.
To validate the signature of this file, run the following commands:

```shell

### Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.0/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.40.0/checksums.txt.sig

### Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com
```

##### Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the
checksums file after having validated its signature.

```shell

### Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing
```

</details>

### :sparkles: What's new
* Fix codegeneration
* Force usage of Basic Auth when retrieving repositories from git when a
flag is configured #&#8203;361
* Enforce timeout when retrieving tags from a registry #&#8203;329
* Normalize paths provided in the configuration file #&#8203;341
* Do not allow overlapping paths #&#8203;343

#### New Contributors
* @&#8203;alexbarbato made their first
contributi[https://github.com/carvel-dev/vendir/pull/344](https://togithub.com/carvel-dev/vendir/pull/344)ll/344

**Full Changelog**:
https://github.com/carvel-dev/vendir/compare/v0.39.0...v0.40.0

### :open_file_folder: Files Checksum

0bf3840619436908b11fce2c7015d928450b41a3b9ef19fecc6223ff2ed084a4
./vendir-darwin-amd64
1b8e5eea893f78ed04b6834f24e1a69bbc9259cd7662bd7fe11283cdf8c482d0
./vendir-windows-amd64.exe
3e076a452d88d6e3bc190d527f4d7c949ab6eccae19bf5d3cbb910d53724f2b9
./vendir-linux-amd64
b6defba97d36e26e02df8b263de17061bbbc432365c9d26070eb7a837d7e33fc
./vendir-darwin-arm64
c43469a085dd0f6cebdab97a7747710f9dafa4886dd5e0ae7c1d3f975a12756e
./vendir-linux-arm64

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log [here](https://developer.mend.io/github/mykso/myks).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMDAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjIwMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index c6ee7c46..7b5fc661 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,7 +23,7 @@ FROM downloader AS vendir
 ARG TARGETOS
 ARG TARGETARCH
 # renovate: datasource=github-releases depName=carvel-dev/vendir
-ARG VENDIR_VERSION=v0.39.0
+ARG VENDIR_VERSION=v0.40.0
 RUN curl -fsSL \
       https://github.com/carvel-dev/vendir/releases/download/${VENDIR_VERSION}/vendir-${TARGETOS}-${TARGETARCH} \
     > vendir