Skip to content

chore(deps): update dependency aquaproj/aqua-registry to v4.531.0#1642

Open
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/aquaproj-aqua-registry-4.x
Open

chore(deps): update dependency aquaproj/aqua-registry to v4.531.0#1642
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/aquaproj-aqua-registry-4.x

Conversation

@renovate

@renovate renovate Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change
aquaproj/aqua-registry minor v4.530.0v4.531.0

Release Notes

aquaproj/aqua-registry (aquaproj/aqua-registry)

v4.531.0

Compare Source

Issues | Pull Requests | aquaproj/aqua-registry@v4.530.0...v4.531.0

🎉 New Packages

#​56317 kayac/lamvms - lamvms is a deployment and lifecycle management tool for AWS Lambda MicroVMs @​mashiike
#​56284 whisper-sec/whisper-cli - Official CLI to give your agent a real, routable Whisper IPv6 identity @​kakooch
#​56222 Mic92/nixfmt-rs - Rust reimplementation of nixfmt with byte-identical output @​TyceHerrman
#​56221 colbymchenry/codegraph - Pre-indexed code knowledge graph for coding agents @​TyceHerrman

Security

#​56351 kubescape/kubescape: GitHub artifact attestations config @​scop
#​56350 alibaba/open-code-review: GitHub artifact attestations config @​scop
#​56349 nao1215/sqly: cosign config @​scop

Fixes

#​56254 microsoft/vscode: Use zip format on Darwin @​motoish


Configuration

📅 Schedule: (in timezone Asia/Tokyo)

  • Branch creation
    • Between 09:00 AM and 06:59 PM, Monday through Friday (* 9-18 * * 1-5)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from a team as a code owner July 3, 2026 01:20
@changeset-bot

changeset-bot Bot commented Jul 3, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: b0d9c25

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

🤖 Claude Dependency Review

📦 Update Summary

  • Library: aquaproj/aqua-registry
  • Version: v4.530.0 → v4.531.0
  • Change Type: Minor

📝 Release Notes

https://github.com/aquaproj/aqua-registry/releases/tag/v4.531.0

🔐 Security Assessment

  • Risk: 🟢 Low
  • Known vulnerabilities: None found. No CVEs or GitHub Security Advisories are reported for either the old (v4.530.0) or new (v4.531.0) version.
  • Supply-chain notes: None. This is a regular minor version update from the established aqua-registry project. The release actually includes three security enhancements (GitHub artifact attestations for kubescape/kubescape and alibaba/open-code-review, plus cosign configuration for nao1215/sqly). No maintainer changes, suspicious lifecycle scripts, or unexpected dependencies detected.

✨ Main Changes

This release updates the aqua-registry catalog with the following changes:

🎉 New Packages (4 additions)

  • kayac/lamvms - Deployment and lifecycle management tool for AWS Lambda MicroVMs
  • whisper-sec/whisper-cli - Official CLI for giving agents real, routable Whisper IPv6 identities
  • Mic92/nixfmt-rs - Rust reimplementation of nixfmt with byte-identical output
  • colbymchenry/codegraph - Pre-indexed code knowledge graph for coding agents

🔒 Security Enhancements (3 updates)

  • Added GitHub artifact attestations configuration for kubescape/kubescape
  • Added GitHub artifact attestations configuration for alibaba/open-code-review
  • Added cosign configuration for nao1215/sqly

🐛 Bug Fixes

  • microsoft/vscode: Now uses zip format on Darwin (macOS) instead of the previous format

Context: aqua-registry is a catalog/registry of package definitions for the aqua CLI version manager. This update adds new tool definitions and enhances security verification for existing packages in the catalog. It does not affect the tools currently used by this project (actionlint, ghalint, buf, zizmor), which remain at their pinned versions.

🔍 Impact Analysis

📁 Usage Locations

aquaproj/aqua-registry is referenced in the following 7 files:

  1. aqua.yaml

    registries:
      - type: standard
        ref: v4.531.0 # renovate: depName=aquaproj/aqua-registry
    • Feature used: Registry reference for aqua package manager configuration
    • Impact: This is the primary configuration file that specifies which registry version aqua should use to resolve package definitions. The update changes the registry version reference.
  2. aqua-checksums.json

    {
      "id": "registries/github_content/github.com/aquaproj/aqua-registry/v4.530.0/registry.yaml",
      "checksum": "43CC45E1A514E4375608A8614CC44987EC04A5865980404D3DADBC245CF9006D",
      "algorithm": "sha256"
    }
    • Feature used: Checksum verification for the registry file to ensure integrity
    • Impact: The checksum value and version reference are updated to match v4.531.0.
  3. .github/actions/install-aqua/action.yml

    - name: Install aqua
      uses: aquaproj/aqua-installer@​96a9bc20066c5bf5e275b41019cfc165b25f4e2e # v4.0.5
      with:
        aqua_version: ${{ inputs.aqua_version }}
    • Feature used: GitHub Actions reusable action that installs aqua and reads from aqua.yaml
    • Impact: This action installs aqua, which then uses the registry version specified in aqua.yaml to install tools like actionlint, ghalint, buf, and zizmor.
  4. .github/workflows/github-actions-lint.yml

    paths:
      - aqua.yaml
      - aqua-checksums.json
    • Feature used: Workflow trigger configuration that monitors changes to aqua configuration files
    • Impact: This workflow runs linters (actionlint, ghalint, zizmor) when aqua configuration changes. The registry update triggers this workflow.
  5. .github/workflows/ci.yml

    - name: Install aqua
      uses: ./.github/actions/install-aqua
    • Feature used: CI workflow that installs aqua tools for linting and building
    • Impact: Uses aqua to install buf and other tools. The registry update does not affect the pinned versions of these tools.
  6. .github/workflows/migration.yml

    - name: Install aqua
      uses: ./.github/actions/install-aqua
    • Feature used: Migration test workflow that uses aqua for tool management
    • Impact: Uses aqua during migration tests. The registry update does not affect functionality.
  7. .github/workflows/deploy.yml

    # (Referenced in grep results; uses install-aqua action)
    • Feature used: Deploy workflow that uses aqua for tool management
    • Impact: Uses aqua during deployment tests. The registry update does not affect functionality.

Tools Managed by aqua (defined in aqua.yaml)

The project uses aqua to manage these 4 development tools, all at pinned versions:

  • actionlint v1.7.12 - GitHub Actions workflow linter
  • ghalint v1.5.6 - GitHub Actions workflow security linter
  • buf v1.71.0 - Protocol buffer tool
  • zizmor v1.26.1 - GitHub Actions security auditor

Important: These tool versions are explicitly pinned in aqua.yaml and are not affected by the registry update. The registry update only adds new package definitions to the catalog and enhances security verification for other packages not used by this project.

✅ Recommended Actions

None - This is a low-risk minor registry update that can be merged safely.

Rationale:

  • The update only affects the aqua-registry catalog, adding new package definitions and security enhancements
  • All tools used by this project (actionlint, ghalint, buf, zizmor) remain at their pinned versions in aqua.yaml
  • The registry update includes security improvements (artifact attestations and cosign configuration)
  • No breaking changes or functionality changes for existing packages
  • The checksum file will be automatically updated by the update_aqua_checksum.yml workflow

Merge Safety: ✅ Safe to merge after CI passes


@renovate

renovate Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants