Update dependency helm/chartmuseum to v0.16.0

This MR contains the following updates:

Package	Update	Change
helm/chartmuseum	minor	v0.15.0 -> v0.16.0

---

Release Notes

helm/chartmuseum

v0.16.0: ChartMuseum v0.16.0

Compare Source

v0.16.0

ChartMuseum v0.16.0 is a feature release. This release, we focused on . Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for discussing MRs, code, bugs, or just to hang out
• Hang out at the Helm Public Developer Call: Thursday, 9:30 Pacific via Zoom

Installation and Upgrading

Download ChartMuseum v0.16.0. The common platform binaries are here:

• MacOS amd64 (archive sig / checksum / checksum sig / c0fbeeb05b896ea46485079a06b53d78d18791fb9403387a393175a76aa7904e)
• Linux amd64 (archive sig / checksum / checksum sig / 97c635fcfdcd07410cf6aada42491177b9c8ac67094cdbf24da60d18de34bd44)
• Linux arm (archive sig / checksum / checksum sig / becbe4173f391c5d580fb0f6e3aa95347700ef23086dd25d6b7d5fdccba2aa17)
• Linux arm64 (archive sig / checksum / checksum sig / 1efe913d9b86a5761ce9105da801805a545a2e9f0b32d12b7fd37087592d8184)
• Linux i386 (archive sig / checksum / checksum sig / c61d2d4d79c4ea23656ff52e4a563213938bafabe78956f534f57f57b3bc9ac4)
• Linux mips64le (archive sig / checksum / checksum sig / 8d173bd05b6a0d8e8e1b23479a0d933c782f7a6a932f70c6d6b23d54f0ae8fa0)
• Linux ppc64le (archive sig / checksum / checksum sig / 66d21f0559a3eab42a746f2ae517e3ee3e697d598c1b9e95092207c9e3b613aa)
• Linux s390x (archive sig / checksum / checksum sig / ca7156be5c03baeeb244a9aaebf880fb978e06d73fe06609ed8eb3b7bb6c5ace)
• Windows amd64 (archive sig / checksum / checksum sig / 7ad73b0aa533415e024a359339a47bcf3f436e6fbcdc9accd78f02de4f7256d2)

You can download the SBOM for this release in SPDX format here.

You can use a script to install on any system with bash.

What's Next

• 0.16.1 will contain only bug fixes.
• 0.17.0 is the next feature release.

Software Bill of Materials (SBOM)

You can download the SBOM for this release in SPDX format here. You can use bom to inspect the contents:

curl -sL -o sbom.spdx https://get.helm.sh/chartmuseum-v0.16.0.spdx
bom document outline sbom.spdx

The SBOM has also been uploaded to the registry alongside the image, and can be fetched using cosign:

cosign download sbom ghcr.io/helm/chartmuseum:v0.16.0 --output-file=sbom.spdx
bom document outline sbom.spdx

Digital Signatures

In this release, we have integrated with the sigstore project to produce digital signatures of container images.

To verify these signatures, you can use cosign.

Verify the container image:

cosign verify ghcr.io/helm/chartmuseum:v0.16.0 \
  --certificate-identity=https://github.com/helm/chartmuseum/.github/workflows/build.yml@refs/tags/v0.16.0 \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com | jq

Since the install script has used gpg in the past, signatures in this format have also been added (see .asc files attached to release). These were created with E97F 9DA5 AE2E 39CF 48A1 42B7 852A 7470 A39F B81D (@​jdolitsky's GPG key) which can be found here and here.

Changelog

• build(deps): bump github.com/urfave/cli from 1.22.13 to 1.22.14 (#​695) 31cd02b (dependabot[bot])
• Update various dependencies, prep for 0.16.0 release (#​693) 34c66b7 (Josh Dolitsky)
• chore: replace github.com/ghodss/yaml with sigs.k8s.io/yaml (#​692) 6c0976f (Eng Zer Jun)
• build(deps): bump github.com/docker/distribution (#​684) dab05fc (dependabot[bot])
• build(deps): bump github.com/gin-gonic/gin from 1.9.0 to 1.9.1 (#​690) 95e4555 (dependabot[bot])
• replace io/ioutil package with os package (#​685) a238f4a (smoky)
• build(deps): bump flask from 2.2.2 to 2.3.2 in /loadtesting (#​681) 72bdd1e (dependabot[bot])
• build(deps): bump helm.sh/helm/v3 from 3.11.2 to 3.11.3 (#​679) 95e8f78 (dependabot[bot])
• build(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 (#​661) a02769a (dependabot[bot])
• build(deps): bump github.com/urfave/cli from 1.22.10 to 1.22.12 (#​662) 00017d3 (dependabot[bot])
• build(deps): bump github.com/gin-gonic/gin from 1.8.1 to 1.9.0 (#​668) 7370316 (dependabot[bot])
• build(deps): bump helm.sh/helm/v3 from 3.10.3 to 3.11.2 (#​671) b6cc2fc (dependabot[bot])
• build(deps): bump golang.org/x/net (#​669) 02aa766 (dependabot[bot])
• fix: update URLs in k8s mirror script (#​667) cff7886 (Syoc)
• ci: pin buildx version (#​664) 61fbe13 (Casey Buto)
• feat: Remove NetEase object storage provider (#​656) 5d9b509 (Casey Buto)
• build(deps): bump helm.sh/helm/v3 from 3.10.2 to 3.10.3 (#​649) f104113 (dependabot[bot])
• build(deps): bump certifi from 2021.10.8 to 2022.12.7 in /loadtesting (#​648) 7eed227 (dependabot[bot])
• build(deps): bump go.uber.org/zap from 1.23.0 to 1.24.0 (#​645) a85dc18 (dependabot[bot])
• build(deps): bump github.com/gofrs/uuid (#​637) b319ac8 (dependabot[bot])
• build(deps): bump helm.sh/helm/v3 from 3.10.1 to 3.10.2 (#​641) 0e999eb (dependabot[bot])
• action: fix cosign invalid key 4803da2 (scbizu)
• makefile: replace go get to go install 6363e95 (scbizu)
• build(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 (#​639) f1789fd (dependabot[bot])
• build(deps): bump github.com/prometheus/client_golang (#​640) 05549fc (dependabot[bot])
• mod: bump go to 1.19 and bump helm dependency (#​634) a3629ef (Nace Sc)
• Added HEAD route for index.yaml (#​630) 09dfc9c (Skiepp)
• Feat/add-golang-lint (#​623) 3b0f27a (Obinna Odirionye)
• build(deps): bump github.com/urfave/cli from 1.22.9 to 1.22.10 (#​614) 7866801 (dependabot[bot])
• build(deps): bump github.com/gofrs/uuid (#​619) 240627c (dependabot[bot])
• build(deps): bump github.com/chartmuseum/storage from 0.12.4 to 0.12.5 (#​621) ed37db2 (dependabot[bot])
• build(deps): bump github.com/spf13/viper from 1.12.0 to 1.13.0 (#​616) bfe3f29 (dependabot[bot])
• build(deps): bump go.uber.org/zap from 1.22.0 to 1.23.0 (#​613) 830ac24 (dependabot[bot])
• build(deps): bump helm.sh/helm/v3 from 3.9.2 to 3.9.3 (#​610) 64cde31 (dependabot[bot])
• build(deps): bump go.uber.org/zap from 1.21.0 to 1.22.0 (#​609) 727e919 (dependabot[bot])
• build(deps): bump github.com/prometheus/client_golang (#​608) d0d4d53 (dependabot[bot])
• pkg/chartmuseum,cmd: introduce the new keep-chart-always-up-to-date flag and the default cache interval when not set. (#​593) 3ae6ed2 (Nace Sc)
• build(deps): bump helm.sh/helm/v3 from 3.9.1 to 3.9.2 (#​606) 1ae6981 (dependabot[bot])
• build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 (#​605) a6eb57e (dependabot[bot])
• build(deps): bump helm.sh/helm/v3 from 3.9.0 to 3.9.1 (#​602) ebbc7f0 (dependabot[bot])
• build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.8.0 (#​600) a50d99d (dependabot[bot])
• build: bump cosign to v1.9.0 (#​601) 2e385ae (Casey Buto)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.