Bump github.com/buildpacks/lifecycle from 0.9.3 to 0.16.0

[dependabot]

Bumps github.com/buildpacks/lifecycle from 0.9.3 to 0.16.0.

Release notes

Sourced from github.com/buildpacks/lifecycle's releases.

lifecycle v0.16.0

Welcome to v0.16.0, a beta release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build stack base image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.16.0.

Breaking Changes

• Platform and buildpack APIs less than 0.7 are considered deprecated and will become unsupported as of July 1, 2023 (buildpacks/lifecycle#974 by @​natalieparellano)
  • The lifecycle will output warnings when deprecated APIs are accessed (warnings can be silenced by setting CNB_DEPRECATION_MODE=quiet)
  • For information about how to migrate, consult the migration guides

Features

• The lifecycle ships with SBOM files describing the lifecycle and launcher binaries; when using platform API 0.11 or greater, SBOM files for the launcher are included in the exported image; SBOM files for the lifecycle can be downloaded by the platform before the build container exits (buildpacks/lifecycle#944 by @​omocquais-p)
• When using platform API 0.11 or greater, platform operators can specify build time environment variables using the /cnb/config/env directory (buildpacks/lifecycle#962 by @​samj1912)
• When using platform API 0.11 or greater, the rebaser accepts a -previous-image flag to allow rebasing by digest reference (buildpacks/lifecycle#985 by @​joeybrown-sf)
• When using platform API 0.11 or greater, the exporter accepts a -launcher-sbom flag to allow platforms to provide their own SBOM files (buildpacks/lifecycle#963 by @​natalieparellano and buildpacks/lifecycle#984 by @​joe-kimmel-vmw)
• The detector, when all buildpacks fail to detect, will print debug messages as info level to allow for easier debugging of failed builds (buildpacks/lifecycle#975 by @​natalieparellano)
• Updates go to version 1.19.5 (buildpacks/lifecycle#973 by @​natalieparellano)
• Updates dependencies (buildpacks/lifecycle#978 by @​natalieparellano)

Bug Fixes

• The lifecycle accepts a CNB_SKIP_LAYERS environment variable instead of CNB_ANALYZE_SKIP_LAYERS, to reflect the variable name declared in the platform specification (buildpacks/lifecycle#981 by @​joe-kimmel-vmw)

Contributors

We'd like to acknowledge that this release wouldn't be as good without the help of the following amazing contributors:

@​jabrown85, @​jjbustamante, @​joe-kimmel-vmw, @​joeybrown-sf, @​natalieparellano, @​omocquais-p, @​samj1912

lifecycle v0.16.0-rc.2

Welcome to v0.16.0-rc.2, a beta pre-release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker daemon or Docker registry.

... (truncated)

Commits

• 1398dfa Bump github.com/google/go-containerregistry from 0.12.1 to 0.13.0 (#991)
• 8040b9c Fix creator acceptance test flake (#990)
• 55ce12c Bump deps (#989)
• cabbe91 Fix check release workflow (#987)
• 9b4c11c Bump github.com/docker/docker (#988)
• 73f5f1d Bump golang.org/x/sys from 0.3.0 to 0.4.0 (#982)
• e5f7e4b Launcher sboms copy only sbom extensions (#984)
• ec4e8d3 Merge pull request #980 from buildpacks/dependabot/go_modules/github.com/dock...
• e5047bb Bump github.com/docker/docker
• e567b3c Merge pull request #985 from joeybrown-sf/feature/rebase-digest
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)