chore(deps): update dependency carvel-dev/vendir to v0.41.1 (release-1.30) - abandoned

[renovate]

This PR contains the following updates:

Package	Update	Change
carvel-dev/vendir	patch	0.41.0 -> 0.41.1

---

Release Notes

carvel-dev/vendir (carvel-dev/vendir)

v0.41.1

Compare Source

Installation and signature verification

Installation

By downloading binary from the release

For instance, if you are using Linux on an AMD64 architecture:

### Download the binary
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/vendir-linux-amd64

### Move the binary in to your PATH
mv vendir-linux-amd64 /usr/local/bin/vendir

### Make the binary executable
chmod +x /usr/local/bin/vendir

Via Homebrew (macOS or Linux)

$ brew tap carvel-dev/carvel
$ brew install vendir
$ vendir version  

Verify checksums file signature

Install cosign on your system https://docs.sigstore.dev/system_config/installation/

The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

### Download the checksums file, certificate and signature
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/checksums.txt
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/checksums.txt.pem
curl -LO https://github.com/carvel-dev/vendir/releases/download/v0.41.1/checksums.txt.sig

### Verify the checksums file
cosign verify-blob checksums.txt \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp=https://github.com/carvel-dev \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify binary integrity

To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature.

### Verify the binary using the checksums file
sha256sum -c checksums.txt --ignore-missing

✨ What's new

• Fixing CVE by @​rohitagg2020 in #​394

Full Changelog: carvel-dev/vendir@v0.41.0...v0.41.1

📂 Files Checksum

58facd06bae6ffc858b348da9dcc0b032d030a6a31767fea6f9166658d7a61e2  ./vendir-linux-arm64
67411476ecc322c4b32619b168bf5a7fafc86daa764251be1613bec22c1c1003  ./vendir-windows-amd64.exe
993ae33df2e722c327aff4807eeba0e08b0c9f3bd996e67caa89c503c6a8bcda  ./vendir-darwin-arm64
ad63b667c7756cac7804e080861b3e794fbfc83ba662f5461928c30fe890a828  ./vendir-darwin-amd64
f878f3e16b702c47e42b2215a670d65028bc0158643ed28a2dfaa6f37b1344ac  ./vendir-linux-amd64

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[o-orand]

Closing as #273 already merged