chore(deps): update dependency vmware-tanzu/carvel-ytt to v0.55.0

[renovate]

This PR contains the following updates:

Package	Update	Change
vmware-tanzu/carvel-ytt	minor	v0.54.0 → v0.55.0

---

Release Notes

vmware-tanzu/carvel-ytt (vmware-tanzu/carvel-ytt)

v0.55.0

Compare Source

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

# Download the binary
curl -LO https://github.com/carvel-dev/ytt/releases/download/v0.55.0/ytt-linux-amd64

# Move the binary in to your PATH
mv kapp-linux-amd64 /usr/local/bin/ytt

# Make the binary executable
chmod +x /usr/local/bin/ytt

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install ytt
$ ytt version  

Verify checksums file signature

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC(Refer this page for cosign installation). To validate the signature of this file, run the following commands:

# Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/ytt/releases/download/v0.55.0/checksums.txt
curl -LO https://github.com/carvel-dev/ytt/releases/download/v0.55.0/checksums.txt.pem
curl -LO https://github.com/carvel-dev/ytt/releases/download/v0.55.0/checksums.txt.sig

# Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

# Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

• What's Changed

• e6840e5 build(deps): update cobra to v1.10.2

Full Changelog: carvel-dev/ytt@v0.54.0...v0.55.0

📂 Files Checksum

6790107d175b226d6544e8bc4cc539c96ae34421f8814f1094ea3086856ac98d  ./ytt-windows-arm64.exe
28a965a254f2cfccbbd8f8d3235e97e236cb4f9bcb2bf962ae31801e13902095  ./ytt-linux-riscv64
14e0a83a793c04bd26b2a2328f6df169b38ddf24257a64ffde23038f4ecab0bf  ./ytt-linux-arm64
013adf9ed2fbd392b9861e5ec34015dabfcfa2e82da9e8cc0ee1e5c6a7f9b64b  ./ytt-linux-amd64
2700688d6b0de335631e518b73131c8732911f4ab372d69b912c44799954176b  ./ytt-windows-amd64.exe
76c2d8f958568ceabe927d32206d79b779bd8341450d99b78d028ae608d1348b  ./ytt-darwin-arm64
6218426752505fffce393a18eb700e7ddb2ddcc1c8ad521d02101bdb9db2f7f6  ./ytt-darwin-amd64

---

Configuration

📅 Schedule: (in timezone Europe/London)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[erikgb]

/lgtm
/approve

[cert-manager-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: erikgb

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [erikgb]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment