| CARVIEW |
Select Language
HTTP/2 200
date: Thu, 31 Jul 2025 05:56:52 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"e3186577e3fb81723ed32628e497ba4b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=%2B4pHhBl9VIIfWlCt1p2yA3w2fd9IrruKRu6aWRalXE5QTWZXqPhx31zJGdnwkWW56OpLXpDhYQeJ%2Fo3FdIEGhXc3JmkFk7q3h45nCgHDwCDLXKI8PMQQkAc0Cx2rw7mCucVzVWR1b%2BTTpRNIZc%2BuSmpdXZ3gbWEEJawUimC%2BK7i7viR4cOsSIsNzaDu59Bflk5LL0dFxbH%2FCs19GvxeYPt31mIX3eXEA2GBPtdOnsYJJczYq0XyLCwycJHViIDYIfNzMlQkAcweuGAuPk%2Bw0qw%3D%3D--OVquSA3JTfa2Uho%2F--%2FCvtj6AjpjDCoqkx5KEl3w%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.202336862.1753941411; Path=/; Domain=github.com; Expires=Fri, 31 Jul 2026 05:56:51 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Fri, 31 Jul 2026 05:56:51 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: A1CC:308C55:384284:4A740E:688B05A3
Releases · zarf-dev/zarf · GitHub
24 Jul 18:28
AustinAbro321
Austin Abro
10 Jul 19:53
Loading
10 Jul 19:04
mkcp
Kit Patella
Loading
26 Jun 19:43
brandtkeller
Brandt Keller
Loading
13 Jun 12:41
AustinAbro321
Austin Abro
Loading
29 May 20:57
Loading
22 May 21:20
AustinAbro321
Austin Abro
Loading
22 May 00:48
brandtkeller
Brandt Keller
Loading
15 May 23:20
brandtkeller
Brandt Keller
Loading
01 May 19:12
AustinAbro321
Austin Abro
Loading
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 194
Releases: zarf-dev/zarf
Releases · zarf-dev/zarf
v0.59.0
v0.59.0
This tag was signed with the committer’s verified signature.
AustinAbro321
Austin Abro
1f5272e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Compare
Note
There is a known bug in this release for users who manage custom-named init packages. If you use a custom init package and the metadata.name is not init then upgrades to v0.59.0 will fail and require manual intervention. This is due to assumptions that Zarf makes about release naming. Issue #4031 for tracking.
What's Changed
🚀 Updates
- feat(site): add Word List back into style-guide.mdx by @mkcp in #3992
- docs: update Zarfs tagline by @AustinAbro321 in #3996
- chore(docs): update open-source to open source and clean up style-guide.mdx by @mkcp in #3993
- feat: create helm chart for zarf-agent by @JeffResc in #3678
- fix: avoid injector and registry randomly landing on same nodeport by @AustinAbro321 in #4004
- feat: add checking in remote repo if manifest is a chart by @a1994sc in #3811
- feat: add logic to add image to possible list when auth is needed by @a1994sc in #4011
- feat!(connect): support for listen address on zarf connect by @brandtkeller in #3914
📦 Dependencies
- chore(deps): bump helm.sh/helm/v3 from 3.17.3 to 3.18.4 by @dependabot[bot] in #3976
- chore(deps): bump the golang group across 1 directory with 3 updates by @dependabot[bot] in #3987
- chore(deps): bump github.com/golang-cz/devslog from 0.0.13 to 0.0.15 by @dependabot[bot] in #3966
- chore(deps): bump github.com/derailed/k9s from 0.50.6 to 0.50.7 by @dependabot[bot] in #3972
- chore(deps): bump github.com/fluxcd/source-controller/api from 1.6.1 to 1.6.2 by @dependabot[bot] in #3990
- chore(deps): bump github.com/anchore/syft from 1.27.1 to 1.28.0 by @dependabot[bot] in #3973
- chore(deps): bump github.com/fluxcd/pkg/apis/meta from 1.13.0 to 1.18.0 by @dependabot[bot] in #3995
- chore(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 by @dependabot[bot] in #4000
- chore(deps): bump the k8s group across 1 directory with 5 updates by @dependabot[bot] in #3997
- chore(deps): bump github.com/mikefarah/yq/v4 from 4.45.4 to 4.46.1 by @dependabot[bot] in #3999
- chore(deps): bump github/codeql-action from 3.29.2 to 3.29.3 by @dependabot[bot] in #4013
- chore(deps): bump github.com/anchore/syft from 1.28.0 to 1.29.0 by @dependabot[bot] in #4014
- chore(deps): bump github.com/docker/docker from 28.3.0+incompatible to 28.3.2+incompatible by @dependabot[bot] in #4009
- chore(deps): bump github.com/fairwindsops/pluto/v5 from 5.22.0 to 5.22.1 by @dependabot[bot] in #4015
- chore(deps): bump sigs.k8s.io/kustomize/kyaml from 0.20.0 to 0.20.1 by @dependabot[bot] in #4020
- chore(deps): bump github/codeql-action from 3.29.3 to 3.29.4 by @dependabot[bot] in #4017
- chore(deps): bump sigs.k8s.io/kustomize/api from 0.20.0 to 0.20.1 by @dependabot[bot] in #4019
New Contributors
Full Changelog: v0.58.0-rc1...v0.59.0
Contributors
mkcp, a1994sc, and 4 other contributors
Assets 19
- sha256:fa13401dcf2a546884aed9ae4ef72fa44b29eae9a06792d461d25a692e08b69c1.52 KB
2025-07-24T18:28:24Z - sha256:280b3e98f58951d5fe743e3f8ba6afaf5e8f9ce7c2b5adf946d1a75c5bd604911.37 MB
2025-07-24T18:28:20Z - sha256:b5f806cb336811c347609731dbb4700fc94bc66e1afb687b33d20e33c79a2ad4704 KB
2025-07-24T18:28:21Z - sha256:a0dc4534937cfcc78cf79aaceddc3d0ff2b561741bcf840fb23c8b5b9232756f704 KB
2025-07-24T18:28:23Z - sha256:3dd59911422b9b4a5228055cfe81045bafa7023dc8020d2e13ed7cee803e294b703 KB
2025-07-24T18:28:21Z - sha256:9932145cba861934db3fd55b0756ea4b8f626ef264bef9737bfad07f101e9c68703 KB
2025-07-24T18:28:22Z - sha256:c26d87be324ff005a87ca977c9c1029609a996315aee0b5262ead36adace6be0721 KB
2025-07-24T18:28:22Z - sha256:13ca98d2379d656faf638d0dd977982c37453a0bf7c0849e28b02feaef944ff2721 KB
2025-07-24T18:28:24Z - sha256:ad1062d03460c596271541278096910c8d2e066a94d29ad386b1b13d6909ccfe333 MB
2025-07-24T18:28:24Z - sha256:efaa4a587d926db5b04a254ee326c3700492e48150be6001015da2511955cd94310 MB
2025-07-24T18:28:25Z -
2025-07-24T17:42:48Z -
2025-07-24T17:42:48Z - Loading
1 person reacted
v0.58.0
34b35dd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Compare
What's Changed
🚀 Updates
- chore: wrap mutex around appending to failed repository updates by @joonas in #3934
- release: fix RC release process by @AustinAbro321 in #3919
- fix(deps): resolve High OPA CVE by @brandtkeller in #3781
- fix: exempt packages from revive var-naming linter by @mkcp in #3953
- feat: track progress on image pull/push by @AustinAbro321 in #3904
- feat: optimize package OCI pulls by @AustinAbro321 in #3961
- fix!: allow creation of differential package from OCI source by @AustinAbro321 in #3963
- add webhook for argocd appprojects by @sepauli in #3962
- fix: identify file type using filename instead of mholt/archives auto detection by @AustinAbro321 in #3977
- feat!(deploy): support return of package VariableConfig by @brandtkeller in #3978
- fix(mirror): separate artifact upload by component by @AustinAbro321 in #3980
- fix(release): correct GitHub environment variable syntax for GoReleaser version by @AustinAbro321 in #3981
📦 Dependencies
- chore(deps): bump github.com/anchore/syft from 1.26.1 to 1.27.1 by @dependabot[bot] in #3941
- chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @dependabot[bot] in #3949
- chore(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by @dependabot[bot] in #3955
- chore(deps): bump github.com/mholt/archives from 0.1.2 to 0.1.3 by @dependabot[bot] in #3950
- chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.1 to 3.4.0 by @dependabot[bot] in #3958
- chore(deps): bump sigs.k8s.io/kustomize/api from 0.19.0 to 0.20.0 by @dependabot[bot] in #3957
- chore(deps): bump github.com/docker/cli from 28.2.2+incompatible to 28.3.1+incompatible by @dependabot[bot] in #3965
New Contributors
Full Changelog: v0.57.0...v0.58.0
Contributors
joonas, mkcp, and 4 other contributors
Assets 19
v0.58.0-rc1
v0.58.0-rc1
This tag was signed with the committer’s verified signature.
mkcp
Kit Patella
34b35dd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Compare
What's Changed
🚀 Updates
- chore: wrap mutex around appending to failed repository updates by @joonas in #3934
- release: fix RC release process by @AustinAbro321 in #3919
- fix(deps): resolve High OPA CVE by @brandtkeller in #3781
- fix: exempt packages from revive var-naming linter by @mkcp in #3953
- feat: track progress on image pull/push by @AustinAbro321 in #3904
- feat: optimize package OCI pulls by @AustinAbro321 in #3961
- fix!: allow creation of differential package from OCI source by @AustinAbro321 in #3963
- add webhook for argocd appprojects by @sepauli in #3962
- fix: identify file type using filename instead of mholt/archives auto detection by @AustinAbro321 in #3977
- feat!(deploy): support return of package VariableConfig by @brandtkeller in #3978
- fix(mirror): separate artifact upload by component by @AustinAbro321 in #3980
- fix(release): correct GitHub environment variable syntax for GoReleaser version by @AustinAbro321 in #3981
📦 Dependencies
- chore(deps): bump github.com/anchore/syft from 1.26.1 to 1.27.1 by @dependabot[bot] in #3941
- chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by @dependabot[bot] in #3949
- chore(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by @dependabot[bot] in #3955
- chore(deps): bump github.com/mholt/archives from 0.1.2 to 0.1.3 by @dependabot[bot] in #3950
- chore(deps): bump github.com/Masterminds/semver/v3 from 3.3.1 to 3.4.0 by @dependabot[bot] in #3958
- chore(deps): bump sigs.k8s.io/kustomize/api from 0.19.0 to 0.20.0 by @dependabot[bot] in #3957
- chore(deps): bump github.com/docker/cli from 28.2.2+incompatible to 28.3.1+incompatible by @dependabot[bot] in #3965
New Contributors
Full Changelog: v0.57.0...v0.58.0-rc1
Contributors
joonas, mkcp, and 4 other contributors
Assets 19
v0.57.0
v0.57.0
This tag was signed with the committer’s verified signature.
brandtkeller
Brandt Keller
SSH Key Fingerprint: s/4KBgluUhrxz49x4f7C2a4Mf9ScLkXxgX5hy83uY8Y
Verified
Learn about vigilant mode.
3ff91b9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Compare
What's Changed
🚀 Updates
- feat(deploy): support for package namespace override flag by @brandtkeller in #3889
- fix: properly create push auth credentials when registry address includes a repo path by @AustinAbro321 in #3943
📦 Dependencies
- chore(deps): bump github.com/sergi/go-diff from 1.3.2-0.20230802210424-5b0b94c5c0d3 to 1.4.0 by @dependabot in #3899
- chore(deps): bump the cosign-providers group across 1 directory with 3 updates by @dependabot in #3931
- chore(deps): bump the k8s group across 1 directory with 5 updates by @dependabot in #3933
- chore(deps): bump github.com/fluxcd/pkg/apis/meta from 1.12.0 to 1.13.0 by @dependabot in #3936
- chore(deps): bump github.com/derailed/k9s from 0.40.5 to 0.50.6 by @dependabot in #3820
- chore(deps): bump github.com/fluxcd/source-controller/api from 1.6.0 to 1.6.1 by @dependabot in #3939
Full Changelog: v0.56.0...v0.57.0
Contributors
dependabot, AustinAbro321, and brandtkeller
Assets 19
v0.56.0
v0.56.0
This tag was signed with the committer’s verified signature.
AustinAbro321
Austin Abro
bc926ee
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Compare
What's Changed
🚀 Updates
- docs: roadmap updates by @AustinAbro321 in #3875
- chore: lint packager2 by @AustinAbro321 in #3874
- refactor: remove packager1 references by @AustinAbro321 in #3855
- fix(archive): cleanup the archive package by @brandtkeller in #3822
- chore(docs): add community meeting documentation to project/website by @brandtkeller in #3884
- refactor: separate out create / layout to avoid cyclic dependency with zoci by @AustinAbro321 in #3872
- refactor: packager2 api cleanup by @AustinAbro321 in #3888
- fix: sign package during publish by @AustinAbro321 in #3892
- refactor: move zarf state structs from
src/types->src/pkg/stateby @AustinAbro321 in #3897 - refactor: move split file logic to it's own package by @AustinAbro321 in #3898
- refactor: standardize packager2 API and decouple CLI from SDK by @AustinAbro321 in #3894
- docs: tip to use inspect manifest command by @AustinAbro321 in #3903
- feat: live output action command logs by @AustinAbro321 in #3901
- chore!: delete packager and related dead code by @AustinAbro321 in #3902
- fix(monitor): mimic k9s init to silence klog errors by @brandtkeller in #3905
- feat: expose packager(2) as public package by @AustinAbro321 in #3906
- refactor: pass cachepath through packager functions by @AustinAbro321 in #3907
- feat: improve usability and defaults of packager SDK by @AustinAbro321 in #3908
- feat(sdk): intuitive default path when using
./zarfactions by @AustinAbro321 in #3910 - feat(sdk): return final package ref after publish by @AustinAbro321 in #3911
📦 Dependencies
- chore(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot in #3878
- chore(deps): bump github.com/fluxcd/source-controller/api from 1.5.0 to 1.6.0 by @dependabot in #3865
- chore(deps): bump github.com/goccy/go-yaml from 1.17.1 to 1.18.0 by @dependabot in #3886
- chore(deps): bump github/codeql-action from 3.28.18 to 3.28.19 by @dependabot in #3890
- chore(deps): bump github.com/go-git/go-git/v5 from 5.16.0 to 5.16.1 by @dependabot in #3891
- chore(deps): bump the golang group across 1 directory with 2 updates by @dependabot in #3895
- chore(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by @dependabot in #3909
Full Changelog: v0.55.6...v0.56.0
Contributors
dependabot, AustinAbro321, and brandtkeller
Assets 19
v0.55.6
6424a45
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Compare
What's Changed
🚀 Updates
- refactor: combine and output split files in LoadPackage by @AustinAbro321 in #3796
- chore: lint src/internal/packager by @AustinAbro321 in #3854
- refactor: deploy by @AustinAbro321 in #3738
- fix: concurrent registry auth issue by @AustinAbro321 in #3850
- fix: segfault during destroy w/o state by @Racer159 in #3864
- fix: Replace all vars and consts in
actionCmdMutationby @koendelaat in #3799 - feat: expand subcommands from
cranetoregistrycommand by @a1994sc in #3856 - refactor: dev deploy by @AustinAbro321 in #3847
- fix: unchecked err when populating variables for deploy by @AustinAbro321 in #3873
- fix(create): ensure that when given an output directory Archive creates the directory for the user by @mkcp in #3869
- fix(archive): sbom directory regression fix by @brandtkeller in #3877
📦 Dependencies
- chore(deps): bump sigs.k8s.io/controller-runtime from 0.20.4 to 0.21.0 by @dependabot in #3852
- chore(deps): bump github.com/google/go-containerregistry from 0.20.4 to 0.20.5 by @dependabot in #3853
- chore(deps): bump github.com/anchore/syft from 1.26.0 to 1.26.1 by @dependabot in #3857
- chore(deps): bump github.com/fairwindsops/pluto/v5 from 5.21.6 to 5.21.7 by @dependabot in #3866
New Contributors
- @koendelaat made their first contribution in #3799
Full Changelog: v0.55.5...v0.55.6
Contributors
mkcp, a1994sc, and 5 other contributors
Assets 19
v0.55.5
v0.55.5
This tag was signed with the committer’s verified signature.
AustinAbro321
Austin Abro
e08d944
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Compare
What's Changed
🚀 Updates
- feat(utils): support user interrupts in utils.ExecuteWait and add debug logging by @mkcp in #3846
- feat(utils): add user interrupts to wait-for on network protocols by @mkcp in #3848
- Revert "chore(deps): bump helm.sh/helm/v3 from 3.17.3 to 3.18.0" by @AustinAbro321 in #3851
📦 Dependencies
- chore(deps): bump github.com/anchore/syft from 1.23.1 to 1.26.0 by @dependabot in #3841
Full Changelog: v0.55.4...v0.55.5
Contributors
mkcp, dependabot, and AustinAbro321
Assets 19
v0.55.4
v0.55.4
This tag was signed with the committer’s verified signature.
brandtkeller
Brandt Keller
SSH Key Fingerprint: s/4KBgluUhrxz49x4f7C2a4Mf9ScLkXxgX5hy83uY8Y
Verified
Learn about vigilant mode.
40f967b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Compare
What's Changed
🚀 Updates
- chore(sustainability): document the release process by @brandtkeller in #3823
- fix(archive): replace virtualfilesystem with sequential streaming by @brandtkeller in #3831
- docs: Update 0-creating-a-zarf-package.mdx by @nevinaragam in #3832
- fix(archive): skip format autodetection for tar format by @brandtkeller in #3836
- fix(mirror-resources): add cluster nil check before loading state by @brandtkeller in #3838
- fix(release): remove grype cve report from release by @brandtkeller in #3840
📦 Dependencies
- chore(deps): bump codecov/codecov-action from 5.4.2 to 5.4.3 by @dependabot in #3812
- chore(deps): bump github.com/defenseunicorns/pkg/helpers/v2 from 2.0.1 to 2.0.4 by @dependabot in #3803
- chore(deps): bump github.com/mholt/archives from 0.1.1 to 0.1.2 by @dependabot in #3801
- chore(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot in #3818
- chore(deps): bump github.com/fairwindsops/pluto/v5 from 5.21.3 to 5.21.6 by @dependabot in #3802
- chore(deps): bump the k8s group across 1 directory with 5 updates by @dependabot in #3819
- chore(deps): bump github.com/fluxcd/pkg/apis/meta from 1.10.0 to 1.12.0 by @dependabot in #3827
- chore(deps): bump helm.sh/helm/v3 from 3.17.3 to 3.18.0 by @dependabot in #3826
- chore(deps): bump github.com/google/go-containerregistry from 0.20.4-0.20250225234217-098045d5e61f to 0.20.4 by @dependabot in #3834
- chore(deps): bump github.com/defenseunicorns/pkg/oci from 1.2.0 to 1.3.0 by @dependabot in #3833
New Contributors
- @nevinaragam made their first contribution in #3832
Full Changelog: v0.55.2...v0.55.4
Contributors
dependabot, brandtkeller, and nevinaragam
Assets 19
v0.55.2
v0.55.2
This tag was signed with the committer’s verified signature.
brandtkeller
Brandt Keller
SSH Key Fingerprint: s/4KBgluUhrxz49x4f7C2a4Mf9ScLkXxgX5hy83uY8Y
Verified
Learn about vigilant mode.
f071c12
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Compare
Release v0.55.2
This release includes improvements to the Zarf SDK and continuing iteration on the packager refactor - most of which are consumed by the CLI to-date. In the CLI you will see a few changes:
- Caching OCI layers: Improving package creation time when layers are present in the cache (while hard to represent given all conditions, our package creation of the
examples/longhornpackage saw a %62 improvement on subsequent creations. zarf package mirror-resourceswill now default to zarf state if available and other targets are not defined. Additionally--images/--reposflags were introduced to mirror a type of artifact in isolation.zarf package inspectoperations targeting packages in a registry now only pull the required layers needed for inspect to occur. This fixes inspect previously pulling the full package just to view the definition/sboms/images etc
Release Demo Video for those who want to watch these updates in action.
Note: We ran into an issue with our release process and identified a bug which resulted in releasing v0.54.0 -> v0.55.2 and have since identified improvements to testing and release to work towards more resilient zarf releases.
What's Changed
🚀 Updates
- fix: template variables in values file in
zarf package inspect value-filesby @AustinAbro321 in #3760 - feat(mirror-resources): support for State fallback without flags by @brandtkeller in #3757
- chore(docs): 2025 roadmap proposal by @brandtkeller in #3670
- feat: cache OCI packages by @AustinAbro321 in #3767
- feat: avoid using a cache in
zarf package pullis cachepath is not set by @AustinAbro321 in #3775 - fix(wait-for): return early on connection refused by @brandtkeller in #3772
- fix(docs): update mirror resources docs to include examples by @brandtkeller in #3778
- feat(packager): make packager2.Pull public by @mkcp in #3773
- refactor: lint by @AustinAbro321 in #3776
- Log out available disk space on create-release failure by @mkcp in #3698
- fix(inspect): only pull required layers for inspecting OCI packages by @brandtkeller in #3679
- fix: avoid panic during wait-for HTTP server by @AustinAbro321 in #3797
- test: run unit tests on arm64 by @AustinAbro321 in #3805
- fix: respect
.metadata.architectureon package create output to registry by @AustinAbro321 in #3806 - fix(archiver): archiver migration to archives by @brandtkeller in #3788
- fix(archiver): remaining cleanup and variables swap in #3809
- fix(CLI): migrate to Packager2 for init package downloads by @brandtkeller in #3810
📦 Dependencies
- chore(deps): bump actions/create-github-app-token from 2.0.2 to 2.0.3 by @dependabot in #3758
- chore(deps): bump vite from 6.3.3 to 6.3.4 in /site by @dependabot in #3753
- chore(deps): bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 by @dependabot in #3764
- chore(deps): bump github/codeql-action from 3.28.16 to 3.28.17 by @dependabot in #3765
- chore(deps): bump actions/create-github-app-token from 2.0.3 to 2.0.6 by @dependabot in #3763
- chore(deps): bump aws-actions/configure-aws-credentials from 4.1.0 to 4.2.0 by @dependabot in #3770
- chore(dependencies): update crane by @AustinAbro321 in #3771
- chore(deps): bump actions/dependency-review-action from 4.6.0 to 4.7.0 by @dependabot in #3779
- chore(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot in #3780
- chore(deps): bump github.com/anchore/syft from 1.19.0 to 1.23.1 by @dependabot in #3740
- chore(deps): bump github.com/golang-cz/devslog from 0.0.12 to 0.0.13 by @dependabot in #3785
- chore(deps): bump the golang group across 1 directory with 3 updates by @dependabot in #3784
- chore(deps): bump oras.land/oras-go/v2 from 2.5.0 to 2.6.0 by @dependabot in #3786
- chore(deps): bump github.com/mikefarah/yq/v4 from 4.45.1 to 4.45.4 by @dependabot in #3792
- chore(deps): bump sigs.k8s.io/controller-runtime from 0.20.2 to 0.20.4 by @dependabot in #3791
- chore(deps): bump actions/dependency-review-action from 4.7.0 to 4.7.1 by @dependabot in #3795
- chore(deps): bump aws-actions/configure-aws-credentials from 4.2.0 to 4.2.1 by @dependabot in #3804
Full Changelog: v0.54.0...v0.55.2
Contributors
mkcp, dependabot, and 2 other contributors
Assets 19
v0.54.0
v0.54.0
This tag was signed with the committer’s verified signature.
AustinAbro321
Austin Abro
90460ae
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Compare
What's Changed
🚀 Updates
- refactor(cluster,state,types)!: migrate types.ZarfState to state.State by @mkcp in #3682
- fix(images): support for insecure skip tls verify on image push/pull by @brandtkeller in #3725
- feat: add timeout to image operations by @AustinAbro321 in #3731
- feat: remove user submitted digest from OCI pull log by @AustinAbro321 in #3743
- chore: remove invopop/jsonschema dependency from root go.mod by @AustinAbro321 in #3744
- test: avoid dockerhub flake in agent ignore test by @AustinAbro321 in #3742
- test: improve archive test by @Noxsios in #3739
- fix: retry on images and components by @Noxsios in #3746
- feat: respect context during HTTP file downloads by @AustinAbro321 in #3751
- test: improve http pull test by @Noxsios in #3748
- fix: set default user for git and registry state during
zarf package deployby @AustinAbro321 in #3754
📦 Dependencies
- chore(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot in #3727
- chore(deps): bump the k8s group across 1 directory with 5 updates by @dependabot in #3728
- chore(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot in #3735
- chore(deps): bump the cosign-providers group across 1 directory with 3 updates by @dependabot in #3733
- chore(deps): bump vite from 5.4.14 to 5.4.18 in /site by @dependabot in #3692
- chore(deps): bump prismjs from 1.29.0 to 1.30.0 in /site by @dependabot in #3695
- chore(deps): bump @babel/helpers from 7.26.0 to 7.27.0 in /site by @dependabot in #3694
- chore(deps): bump esbuild, @astrojs/starlight and astro in /site by @dependabot in #3697
- fix: resolve CVE-2025-3445 in cmd/archiver with pkg/archive by @mkcp in #3732
Full Changelog: v0.53.0...v0.54.0
Contributors
mkcp, dependabot, and 3 other contributors
Assets 19
Previous Next
You can’t perform that action at this time.