Skip to content

chore(deps): update dependency carvel-dev/vendir to v0.45.2 (master)#54

Merged
renovate[bot] merged 1 commit into
masterfrom
renovate/master-carvel-dev-vendir-0.x
Feb 25, 2026
Merged

chore(deps): update dependency carvel-dev/vendir to v0.45.2 (master)#54
renovate[bot] merged 1 commit into
masterfrom
renovate/master-carvel-dev-vendir-0.x

Conversation

@renovate
Copy link
Copy Markdown

@renovate renovate Bot commented Feb 25, 2026

This PR contains the following updates:

Package Type Update Change
carvel-dev/vendir uses-with patch v0.45.0v0.45.2

Release Notes

carvel-dev/vendir (carvel-dev/vendir)

v0.45.2

Compare Source

Installation and signature verification
Installation
By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.45.2/vendir-linux-amd64

# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir

# Make the binary executable
chmod +x /usr/local/bin/vendir
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.45.2/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.45.2/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.45.2/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

Full Changelog: carvel-dev/vendir@v0.45.1...v0.45.2

📂 Files Checksum

01b3e5b922e8771cbc0bdb4c75acb3933327f7a63779bb8923f05de18b49fab6  ./vendir-darwin-arm64
8fc36145ca85712f1d6d6b959d6240a7d1d5f6a6dd3850bad9ae848c65e42c56  ./vendir-linux-arm64
c75abeca04cb9b0fabcb084b87fb465b3eb462a85bab1baab4853bf9a4c7ccc3  ./vendir-darwin-amd64
d2ee280d4688695885f73f00b4c7777c66df7500f3fb6f7dd74d72c6e126ca2a  ./vendir-windows-amd64.exe
ecd053b031fdebfe0486b263a7071320b033f60b6d9e6c6b74ad681f2d7068b5  ./vendir-linux-amd64

v0.45.1

Compare Source

Installation and signature verification
Installation
By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.45.1/vendir-linux-amd64

# Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir

# Make the binary executable
chmod +x /usr/local/bin/vendir
Via Homebrew (macOS or Linux)
$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version
Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.45.1/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.45.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.45.1/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

What's Changed

New Contributors

Full Changelog: carvel-dev/vendir@v0.45.0...v0.45.1

📂 Files Checksum

1c2911750ac774d2806d67694788c55e66dad39b38761ea10da0a86283e9ae96  ./vendir-linux-amd64
56649836666d3749ad5b47f6a8ce8a7c6e6089e07238517b3c0efb46cad00ba5  ./vendir-windows-amd64.exe
9aaba37eeff49a819ab6fba832e184c41069af6ce5e5817d63691a240fda6fdf  ./vendir-linux-arm64
a859539a021affa7962459556f57e2d8c8e353a9bff1e6673410d292d10033a2  ./vendir-darwin-arm64
ea3e5091b983b79a09f9a0c1fc911d65a2eec4cd7ed86d96735ad2ec129bba40  ./vendir-darwin-amd64

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot merged commit 7518335 into master Feb 25, 2026
1 check passed
@renovate renovate Bot deleted the renovate/master-carvel-dev-vendir-0.x branch February 25, 2026 20:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

auto-merged datasource/github-releases depName/carvel-dev-vendir manager/github-actions

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants