In Sep 2025, the Melange project focused on dependency maintenance to strengthen security, stability, and build compatibility. Key change: upgrade dependencies (notably apko to v0.30.8) and keep Go modules current to latest compatible versions. This reduces security risk, improves build reliability, and enhances downstream integration. No major bugs fixed this month; emphasis was on reliability, upgrade readiness, and maintainability to support faster future releases. Commit 060e90f457d46d9633af3223379342e1c1138124 ("chore: bump apko to v0.30.8 (#2148)") documents the change and links to the issue.

Monthly work summary for 2025-08 focused on security advisories in wolfi-dev/advisories. Delivered a backported fix for CVE-2025-8194 affecting Python 3.11 and updated the advisory to reflect the fixed status. This improves security posture for Python 3.11 deployments and closes an exposure reported via the advisory workflow. All changes are traceable to commit f82b7561e2c7542f66a3a6d7368f8f2aa08302c8 (fix(python-3.11): update advisory with fixed event for CVE-2025-8194) and PR #23130.

July 2025 monthly summary for chainguard-dev/apko: Focused on security hardening and stability. Delivered a targeted fix to permissions on /etc/ld.so.cache to prevent unauthorized writes while preserving necessary read access, aligning with security baselines and improving reliability of image builds.

May 2025: Focused on stabilizing MinIO integration within Velero. Delivered a fix to the MinIO deployment example by replacing deprecated mc config host add with mc alias set, ensuring proper MinIO client configuration and smoother Velero backups.