dependabot[bot]
03e955e930
build(deps): bump github/codeql-action from 4.35.4 to 4.35.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.4 to 4.35.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](68bde559de...9e0d7b8d25 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.35.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-05-22 01:15:55 +00:00
Milos Gajdos
ade782b145
build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 ( #4867 )
2026-05-13 19:19:24 -07:00
dependabot[bot]
1cf82e5068
build(deps): bump github/codeql-action from 4.35.3 to 4.35.4
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.3 to 4.35.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e46ed2cbd0...68bde559de )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.35.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-05-14 01:14:13 +00:00
Milos Gajdos
48901448e7
build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 ( #4865 )
2026-05-12 10:00:54 -07:00
Milos Gajdos
1d4476c1e3
build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0 ( #4859 )
2026-05-12 10:00:44 -07:00
dependabot[bot]
cc4552064d
build(deps): bump github/codeql-action from 4.35.2 to 4.35.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.2 to 4.35.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](95e58e9a2c...e46ed2cbd0 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.35.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-05-08 01:14:12 +00:00
João Pereira
7287385db8
build(deps): bump github/codeql-action from 4.35.1 to 4.35.2 ( #4861 )
2026-05-01 16:53:16 +01:00
Milos Gajdos
9a8d98b679
chore(release): prepare for v3.1.1 release ( #4864 )
2026-05-01 08:28:51 -07:00
Milos Gajdos
d3c0df9f61
chore(release): prepare for v3.1.1 release
...
* Release notes added
* AUTHORS updated
* Version bump in the `version` package
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-05-01 07:46:25 -07:00
Milos Gajdos
e09ff10155
Merge commit from fork
...
fix: prevent tag deletion when `storage.delete.enabled` is false
2026-05-01 07:27:34 -07:00
Joonas Bergius
8baf3e0826
fix: prevent tag deletion when storage.delete.enabled is false
...
Signed-off-by: Joonas Bergius <joonas@defenseunicorns.com >
2026-04-25 17:42:36 -05:00
Milos Gajdos
f3af4de047
fix(storage): bounds-check the file basename in PurgeUploads Walk callback ( #4860 )
2026-04-22 11:07:45 -07:00
dependabot[bot]
194f5169ba
build(deps): bump github/codeql-action from 4.35.1 to 4.35.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.1 to 4.35.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c10b8064de...95e58e9a2c )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.35.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-22 01:15:20 +00:00
SAY-5
72c88bc960
fix(storage): bounds-check the file basename in PurgeUploads Walk callback
...
PurgeUploads' Walk callback split the visited path with path.Split and
indexed file[0] immediately. path.Split returns an empty basename for
paths that end in a trailing slash - in practice this happens when an
S3 driver surfaces a bare directory (common prefix) with an empty
Key. Indexing a zero-length string then panics with
'index out of range [0] with length 0' and takes down the whole
PurgeUploads goroutine (#4713 ).
Guard the length before touching file[0] so a trailing-slash /
empty-basename entry is simply skipped as 'not a reserved directory',
which matches what the branch was trying to do anyway. Runtime
behaviour for every non-empty entry is unchanged.
Closes #4713
Signed-off-by: SAY-5 <SAY-5@users.noreply.github.com >
2026-04-21 10:56:45 -07:00
Milos Gajdos
1b5e226b6f
feat(s3): add express zone one support to S3 driver ( #4858 )
2026-04-20 07:47:28 -07:00
Milos Gajdos
afd2bf0b23
fix(proxy): clamp oversized n query param instead of returning 400 ( #4856 )
2026-04-20 07:47:14 -07:00
dependabot[bot]
4a4b9586f1
build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 2.6.1 to 3.0.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](153bb8e044...b430933298 )
---
updated-dependencies:
- dependency-name: softprops/action-gh-release
dependency-version: 3.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-20 01:17:51 +00:00
Milos Gajdos
835c1c581f
feat(s3): add express zone one support to S3 driver
...
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-04-18 17:36:52 -07:00
Milos Gajdos
0f3e627937
build(deps): bump docker/bake-action from 7.0.0 to 7.1.0 ( #4853 )
2026-04-18 17:04:24 -07:00
Milos Gajdos
c6f552e5db
fix(proxy): clamp oversized n query param instead of returning 400
...
PR #4353 made MaxTags (default 1000) a hard ceiling on the `n` query
parameter — anything larger and the handler returns 400
PAGINATION_NUMBER_INVALID before the request ever reaches storage or
the proxy tag service. That broke clients like Renovate which use
n=10000 against pull-through caches. #4846 fixed a related 500 in
proxy mode but not this 400, so users reported the regression still
persisted.
The OCI distribution-spec describes pagination differently: a server
MAY return fewer than `n` results "when the total number of tags
attached to the repository is less than <int> or a Link header is
provided" — otherwise it MUST include `<int>` results. In other
words, the right answer for "client asked for more than we'll serve"
is `maxtags` results plus a Link header, not a rejection.
PAGINATION_NUMBER_INVALID isn't among the 14 error codes the spec
defines, either.
Drop the oversized-n rejection and clamp to MaxTags instead; the
existing Link-header path already handles continuation correctly.
Malformed (non-integer) and negative `n` values keep returning 400,
since the spec defines `n` as a non-negative integer and those
requests are genuinely invalid.
Verified end-to-end against registry-1.docker.io in proxy mode:
n=10000 now returns the tag list (or a clamped page with Link)
instead of 400. Also restores pre-3.1.0 behavior for Renovate-style
clients without needing proxy-specific logic.
Spec reference:
https://github.com/opencontainers/distribution-spec/blob/main/spec.md#listing-tags
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-04-18 16:53:53 -07:00
Milos Gajdos
e39652ca1f
build(deps): bump docker/login-action from 4.0.0 to 4.1.0 ( #4847 )
2026-04-18 16:12:05 -07:00
Milos Gajdos
3d916b8c4f
build(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0 ( #4852 )
2026-04-18 16:11:52 -07:00
Milos Gajdos
17e760a9f0
build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 ( #4854 )
2026-04-18 16:10:57 -07:00
Milos Gajdos
acabfb4b90
Update docker-compose structure in deploying.md ( #4855 )
2026-04-18 16:10:29 -07:00
John de Graaff
3cf4463982
Update docker-compose structure in deploying.md
...
adding "services:" top-level key in docker-compose file example.
Signed-off-by: John de Graaff <john@de-graaff.net >
2026-04-17 15:15:52 +02:00
dependabot[bot]
4b5154db23
build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](bbbca2ddaa...043fb46d1a )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: 7.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-17 01:13:15 +00:00
Milos Gajdos
ca7d4de0ee
fix(proxy): fix tag list endpoint in proxy mode ( #4846 )
2026-04-16 14:17:56 -07:00
Milos Gajdos
ece70d987f
refactor: use slices.Backward to simplify the code ( #4848 )
2026-04-16 14:17:33 -07:00
dependabot[bot]
203c505cd3
build(deps): bump docker/bake-action from 7.0.0 to 7.1.0
...
Bumps [docker/bake-action](https://github.com/docker/bake-action ) from 7.0.0 to 7.1.0.
- [Release notes](https://github.com/docker/bake-action/releases )
- [Commits](82490499d2...a66e1c87e2 )
---
updated-dependencies:
- dependency-name: docker/bake-action
dependency-version: 7.1.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-16 01:15:10 +00:00
dependabot[bot]
fed2610157
build(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0
...
Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact ) from 4.0.0 to 5.0.0.
- [Release notes](https://github.com/actions/upload-pages-artifact/releases )
- [Commits](7b1f4a764d...fc324d3547 )
---
updated-dependencies:
- dependency-name: actions/upload-pages-artifact
dependency-version: 5.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-15 01:15:07 +00:00
Milos Gajdos
24a4d24a24
chore(build): Bump go version to latest ( #4851 )
2026-04-14 14:12:13 -07:00
Milos Gajdos
839e4a7119
build(deps): bump github/codeql-action from 4.34.1 to 4.35.1 ( #4840 )
2026-04-14 10:01:33 -07:00
Milos Gajdos
0102b58159
Bump Go 1.26 in CI
...
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-04-14 09:22:17 -07:00
Milos Gajdos
29eb2149df
chore(build): Bump go version to latest 1.25
...
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-04-14 09:09:22 -07:00
Milos Gajdos
3090068a9b
build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in the go_modules group across 1 directory ( #4850 )
2026-04-14 08:56:29 -07:00
dependabot[bot]
326a0d0b7b
build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
...
Bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go ).
Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.42.0 to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.42.0...v1.43.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
dependency-version: 1.43.0
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-14 15:30:39 +00:00
Milos Gajdos
9a07978fe3
build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.18.0 to 0.19.0 in the go_modules group across 1 directory ( #4843 )
2026-04-14 08:17:41 -07:00
Milos Gajdos
6ae29aadd7
internal/client/auth/challenge: cleanups and minor refactor ( #4832 )
2026-04-12 16:09:55 -07:00
chuanshanjida
0679fc13c5
refactor: use slices.Backward to simplify the code
...
Signed-off-by: chuanshanjida <chuanshanjida@outlook.com >
2026-04-12 16:01:45 +08:00
dependabot[bot]
445af38d68
build(deps): bump docker/login-action from 4.0.0 to 4.1.0
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](b45d80f862...4907a6ddec )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-version: 4.1.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-10 01:13:26 +00:00
njucjc
60de6e3443
fix(proxy): fix tag list endpoint in proxy mode
...
Signed-off-by: njucjc <njucjc@alibaba-inc.com >
Signed-off-by: chenjinci.cjc <chenjinci.cjc@alibaba-inc.com >
2026-04-09 23:30:51 +08:00
dependabot[bot]
567670f6eb
build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
...
Bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp](https://github.com/open-telemetry/opentelemetry-go ).
Updates `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v0.18.0...v0.19.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
dependency-version: 0.19.0
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-08 19:27:49 +00:00
Milos Gajdos
708f8d6b06
chore(ci): Prep for v3.1 release ( #4841 )
2026-04-06 08:41:42 -07:00
dependabot[bot]
5e72174444
build(deps): bump github/codeql-action from 4.34.1 to 4.35.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.34.1 to 4.35.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3869755554...c10b8064de )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.35.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-06 01:17:35 +00:00
Milos Gajdos
b1d5dbcf1b
chore(ci): Prep for v3.1 release
...
* Release notes added
* Version bump in version package
* AUTHORS updated
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-04-05 18:12:29 -07:00
Milos Gajdos
078b0783f2
Merge commit from fork
...
fix redis repo-scoped blob descriptor revocation
2026-04-05 17:08:50 -07:00
Milos Gajdos
cccd0d4fb7
fix(vendor): fix broke vendor validation ( #4839 )
2026-04-05 16:30:19 -07:00
Milos Gajdos
49447e8e12
fix(vendor): fix broke vendpor validation
...
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-04-05 13:35:49 -07:00
Milos Gajdos
cc5d5fa4ba
Merge commit from fork
...
proxy: bind bearer realms to upstream trust boundary
2026-04-05 13:30:20 -07:00
Milos Gajdos
4cfa178962
build(deps): bump actions/configure-pages from 5.0.0 to 6.0.0 ( #4834 )
2026-04-04 15:38:16 -07:00