2.36.0

What's Changed

• E2E: Fix one CVE description that changed on the source by @jvdm in #1688
• ROX-26765: Rename pipelineruns to enable on-push rerunning by @msugakov in #1690
• chore(deps): update konflux references by @red-hat-konflux in #1689
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to 81c4864 by @red-hat-konflux in #1667
• fix(e2e): updated description by @RTann in #1693
• build(deps): bump google.golang.org/api from 0.202.0 to 0.204.0 by @dependabot in #1696
• build: Update Konflux pipelines by @msugakov in #1695
• ROX-26026: Make determine-image-tag recognize git tags by @msugakov in #1692
• build(deps): bump cloud.google.com/go/storage from 1.45.0 to 1.46.0 by @dependabot in #1701
• chore(deps): update konflux references (master) by @red-hat-konflux in #1694
• ROX-26094: variable blob location for Konflux by @tommartensen in #1684
• chore(deps): update konflux references (master) by @red-hat-konflux in #1707
• fix e2e by @daynewlee in #1708
• ROX-26784: Don't trigger Konflux builds against release branches by @kylape in #1705
• chore(deps): update konflux references (master) by @red-hat-konflux in #1710
• build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.22.0 to 2.23.0 by @dependabot in #1702
• chore(deps): update konflux references (master) by @red-hat-konflux in #1712
• chore(deps): update konflux references (master) by @red-hat-konflux in #1717
• chore: Update Renovate config by @msugakov in #1729
• chore(deps): update konflux references (master) by @red-hat-konflux in #1728
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to 52f1391 (master) by @red-hat-konflux in #1735
• chore(deps): update konflux references (master) by @red-hat-konflux in #1733
• build(deps): bump cloud.google.com/go/storage from 1.46.0 to 1.48.0 by @dependabot in #1738
• build(deps): bump golang.org/x/crypto from 0.29.0 to 0.31.0 by @dependabot in #1739
• chore(deps): update konflux references (master) by @red-hat-konflux in #1736
• yearly cert bump by @RTann in #1748
• fix(ci): NVD data and test issues by @dcaravel in #1737
• ROX-27350: Use trusted tasks by @msugakov in #1742
• ROX-27480: Use new revision of the fetch task by @msugakov in #1751
• build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @dependabot in #1747
• build(deps): bump github.com/mailru/easyjson from 0.7.7 to 0.9.0 by @dependabot in #1746
• Bump golang.org/x/net to v0.33.0 by @Stringy in #1749
• ROX-27485: Add comment not to delete source-location LABEL from Konflux Dockerfiles by @tommartensen in #1753
• fix(ci): qa:apache-server-scannerci by @dcaravel in #1750
• chore(deps): Bump github.com/go-git/go-git/v5 from v5.12.0 to v5.13.1 by @RTann in #1755
• chore: Kill Java mentions from Konflux pipelines by @msugakov in #1762
• chore(deps): update konflux references (master) by @red-hat-konflux in #1745
• ROX-24530: let Konflux images expire after 13w by @tommartensen in #1763
• chore(deps): update konflux references (master) by @red-hat-konflux in #1765
• ROX-24283: enable strictfipsruntime in the Konflux build by @BradLugo in #1709
• ROX-26604: Add layer lineage to RHEL v2 data model by @dcaravel in #1720
• ROX-27618: Add env var to disable RHEL lineage usage by @dcaravel in #1764
• chore(deps): update quay.io/rhacs-eng/konflux-tasks:latest docker digest to 098fb3f (master) by @red-hat-konflux in #1754
• build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0 by @dependabot in #1760
• fix(e2e): account for RHSA-2025:0083 by @RTann in #1767
• chore(deps): update konflux references (master) by @red-hat-konflux in #1769
• fix: Add additional deps to the notification job by @jvdm in #1677
• ROX-27384: Use the updated determine-image-tag task by @msugakov in #1771
• chore(deps): update quay.io/rhacs-eng/konflux-tasks:latest docker digest to 433e2a1 (master) by @red-hat-konflux in #1770
• chore(deps): update konflux references (master) by @red-hat-konflux in #1774
• ci: replace docker with quay by @RTann in #1730
• build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.23.0 to 2.25.1 by @dependabot in #1761
• build(deps): bump google.golang.org/grpc from 1.67.2 to 1.69.4 by @dependabot in #1768
• build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.25.1 to 2.26.0 by @dependabot in #1777
• Bump max known OCP version by @dcaravel in #1784
• chore(e2e): fix FixedBy dates by @RTann in #1782
• build(deps): bump github.com/golang/glog from 1.2.2 to 1.2.4 by @dependabot in #1789
• remove aptsources namespace detector by @RTann in #1786
• chore(deps): update konflux references by @red-hat-konflux in #1779
• build(deps): bump github.com/go-git/go-git/v5 from 5.13.1 to 5.13.2 by @dependabot in #1791
• chore: go1.23 by @RTann in #1776
• build(deps): bump google.golang.org/api from 0.210.0 to 0.219.0 by @dependabot in #1790
• chore(deps): update konflux references by @red-hat-konflux in #1796
• build(deps): bump cloud.google.com/go/storage from 1.48.0 to 1.50.0 by @dependabot in #1798
• build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0 by @dependabot in #1800
• hardcode OpenShift CPEs by @RTann in #1795
• build(deps): bump github.com/containers/image/v5 from 5.32.2 to 5.34.0 by @dependabot in #1799
• build(deps): bump google.golang.org/api from 0.219.0 to 0.220.0 by @dependabot in #1802
• chore(deps): update konflux references by @red-hat-konflux in #1801
• chore(ci): bump actions/cache to v4 by @RTann in #1808
• build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.26.0 to 2.26.1 by @dependabot in #1804
• build(deps): bump google.golang.org/api from 0.220.0 to 0.221.0 by @dependabot in #1809
• fix(e2e): update test by @RTann in #1810
• chore: bump genesis by @RTann in #1811

Full Changelog: 2.35.0...2.36.0

2.35.3

Full Changelog: 2.35.2...2.35.3

2.34.4

Full Changelog: 2.34.3...2.34.4

2.34.3

What's Changed

• Update deps 2.34 by @daynewlee in #1775

Full Changelog: 2.34.2...2.34.3

2.35.2

What's Changed

• ROX-26604: Backport lineage fix to ACS 4.6.x (Scanner 2.35.x) by @dcaravel in #1766
• Update various deps by @RTann in #1772

Full Changelog: 2.35.1...2.35.2

2.35.1

What's Changed

• ROX-26784: Configure tekton pipelines for release branch by @kylape in #1703
• chore(deps): bump golang.org/x/crypto from 0.28.0 to 0.31.0 (release-2.35) by @rhybrillou in #1741

New Contributors

• @rhybrillou made their first contribution in #1741

Full Changelog: 2.35.0...2.35.1

2.35.0

What's Changed

• fix(ci): handle release builds in GHA CI workflow by @BradLugo in #1561
• fix(ci): one more place needs release build tag by @dcaravel in #1563
• build(deps): bump golang.org/x/sys from 0.21.0 to 0.22.0 by @dependabot in #1566
• build(deps): bump google.golang.org/grpc from 1.64.0 to 1.65.0 by @dependabot in #1558
• fix(e2e): update fixedBy versions by @RTann in #1567
• build(deps): bump google.golang.org/api from 0.186.0 to 0.188.0 by @dependabot in #1565
• fix(ci): fallback to previous release when attempting unreleased version by @RTann in #1568
• build(deps): bump cloud.google.com/go/storage from 1.42.0 to 1.43.0 by @dependabot in #1569
• fix: add tag resolution for jobs missing it by @dcaravel in #1570
• chore(deps): Bump stackrox version and fix usage of removed package by @mtodor in #1572
• ROX-25321: convert konflux builds to OCI artifacts by @Stringy in #1573
• ROX-22019: Protobuf v2 migration by @mtodor in #1500
• ROX-22019: Set correct stackrox dependency with protobuf V2 by @mtodor in #1576
• build: Add "appstudio" to the PR branch name filter for Konflux CI by @msugakov in #1577
• build(deps): bump google.golang.org/api from 0.188.0 to 0.189.0 by @dependabot in #1578
• build(deps): bump google.golang.org/grpc/cmd/protoc-gen-go-grpc from 1.1.0 to 1.4.0 by @dependabot in #1579
• build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.19.1 to 2.20.0 by @dependabot in #1580
• ROX-20757 scanner multi arch builds by @Stringy in #1574
• build(deps): bump google.golang.org/grpc/cmd/protoc-gen-go-grpc from 1.4.0 to 1.5.1 by @dependabot in #1582
• build(deps): bump github.com/containers/image/v5 from 5.31.1 to 5.32.0 by @dependabot in #1583
• build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.20.0 to 2.21.0 by @dependabot in #1584
• chore: Add ^release- branches for on-push Konflux builds by @msugakov in #1586
• chore: Update oci-ta tasks, add Renovate config by @red-hat-konflux in #1575
• build(deps): bump google.golang.org/api from 0.189.0 to 0.190.0 by @dependabot in #1590
• build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0 by @dependabot in #1591
• build: Add Konflux pipeline activation through a label by @msugakov in #1593
• ROX-25620: Switch to new Konflux task repos by @msugakov in #1588
• chore(deps): update konflux references by @red-hat-konflux in #1592
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to af6f06e by @red-hat-konflux in #1598
• chore(ci): use UBI 8 based rox-ci-image by @RTann in #1589
• build(deps): bump google.golang.org/api from 0.190.0 to 0.192.0 by @dependabot in #1599
• build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0 by @dependabot in #1601
• build(deps): bump github.com/containers/image/v5 from 5.32.0 to 5.32.1 by @dependabot in #1600
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to 39cfac4 by @red-hat-konflux in #1603
• chore(deps): update konflux references by @red-hat-konflux in #1602
• chore(deps): update konflux references by @red-hat-konflux in #1604
• ROX-25715: Add Slack notifications for Konflux builds by @tommartensen in #1605
• fix: validate digest prior to layer download by @RTann in #1597
• fix: increase image poll timeout by @RTann in #1609
• chore(deps): update konflux references by @red-hat-konflux in #1611
• ROX-25623: reduce deprecated-image-check by feeding manifest by @tommartensen in #1612
• Update apollo-ci image to 0.4.2 by @dvail in #1606
• chore(deps): update konflux references by @red-hat-konflux in #1615
• build: Upload SAST results by @msugakov in #1614
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to af3f156 by @red-hat-konflux in #1619
• build(deps): bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1 by @dependabot in #1616
• build(deps): bump github.com/containers/image/v5 from 5.32.1 to 5.32.2 by @dependabot in #1617
• build(deps): bump google.golang.org/api from 0.192.0 to 0.193.0 by @dependabot in #1618
• chore(deps): update konflux references by @red-hat-konflux in #1620
• build(deps): bump google.golang.org/api from 0.193.0 to 0.194.0 by @dependabot in #1622
• build(deps): bump github.com/prometheus/client_golang from 1.20.1 to 1.20.2 by @dependabot in #1623
• build(deps): bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.21.0 to 2.22.0 by @dependabot in #1624
• chore: swap mathutil with builtin by @RTann in #1626
• chore(deps): update konflux references by @red-hat-konflux in #1621
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to 260b28e by @red-hat-konflux in #1627
• rhel: update sec data location by @RTann in #1625
• e2e: account for RHSA-2024:6162 by @RTann in #1632
• build(deps): bump google.golang.org/api from 0.194.0 to 0.196.0 by @dependabot in #1629
• ROX-25723: add ecosystem preflight check by @tommartensen in #1633
• chore: go1.22.5 by @RTann in #1634
• chore: go 1.22 konflux by @RTann in #1636
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to d6f57d9 by @red-hat-konflux in #1631
• chore(deps): update konflux references by @red-hat-konflux in #1630
• chore(deps): update konflux references by @red-hat-konflux in #1637
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to a390d28 by @red-hat-konflux in #1641
• build(deps): bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 by @dependabot in #1638
• chore(deps): update konflux references by @red-hat-konflux in #1642
• build(deps): bump google.golang.org/grpc from 1.66.0 to 1.66.1 by @dependabot in #1639
• build(deps): bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 by @dependabot in #1646
• chore: remove github.com/golang/protobuf direct dep by @RTann in #1635
• ROX-25565: Fail Konflux builds if required ARGs aren't provided by @msugakov in #1644
• chore(deps): update konflux references by @red-hat-konflux in #1647
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to c91de17 by @red-hat-konflux in #1648
• chore(deps): update konflux references by @red-hat-konflux in #1650
• chore(deps): update quay.io/redhat-appstudio/build-trusted-artifacts:latest docker digest to e0e457b by @red-hat-konflux in #1653
• fix(e2e): Bump fixed by due to RHSA-2024:6783 by @jvdm in #1649
• fix e2e test compile error by @RTann in #1654
• build(deps): bump google.golang.org/grpc from 1.66.1 to 1.67.0 by @dependabot in #1652
• build(deps): bump golang.org/x/sys from 0.24.0 to 0.25.0 by @dependabot in #1640
• build(deps): bump google.golang.org/api from 0.196.0 to 0.199.0 by @dependabot in https://github.com/stackrox/s...

2.34.2

Full Changelog: 2.34.1...2.34.2

2.33.6

What's Changed

• fix(ci): reorder gke tags and labels variable expansions by @BradLugo in #1522
• chore: Update docker dep to fix CVE-2024-41110 by @dcaravel in #1607
• fix(e2e): update fixedBy versions (#1567) by @dcaravel in #1608

Full Changelog: 2.33.5...2.33.6

2.34.1

Full Changelog: 2.34.0...2.34.1