dependabot[bot]
445af38d68
build(deps): bump docker/login-action from 4.0.0 to 4.1.0
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](b45d80f862...4907a6ddec )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-version: 4.1.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-10 01:13:26 +00:00
Milos Gajdos
708f8d6b06
chore(ci): Prep for v3.1 release ( #4841 )
2026-04-06 08:41:42 -07:00
Milos Gajdos
b1d5dbcf1b
chore(ci): Prep for v3.1 release
...
* Release notes added
* Version bump in version package
* AUTHORS updated
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-04-05 18:12:29 -07:00
Milos Gajdos
078b0783f2
Merge commit from fork
...
fix redis repo-scoped blob descriptor revocation
2026-04-05 17:08:50 -07:00
Milos Gajdos
cccd0d4fb7
fix(vendor): fix broke vendor validation ( #4839 )
2026-04-05 16:30:19 -07:00
Milos Gajdos
49447e8e12
fix(vendor): fix broke vendpor validation
...
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-04-05 13:35:49 -07:00
Milos Gajdos
cc5d5fa4ba
Merge commit from fork
...
proxy: bind bearer realms to upstream trust boundary
2026-04-05 13:30:20 -07:00
Milos Gajdos
4cfa178962
build(deps): bump actions/configure-pages from 5.0.0 to 6.0.0 ( #4834 )
2026-04-04 15:38:16 -07:00
Milos Gajdos
c4bac3bcd6
build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0 ( #4836 )
2026-04-04 13:50:37 -07:00
Milos Gajdos
2f2ce9fb6c
Opt: refactor tag list pagination support ( #4353 )
2026-04-04 13:49:23 -07:00
njucjc
6a02a0e81d
Opt: refactor tag list pagination support
...
Signed-off-by: njucjc <njucjc@gmail.com >
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-04-04 22:04:37 +02:00
Milos Gajdos
7482bff437
feat(registry): enhance authentication checks in htpasswd implementation ( #4758 )
2026-04-04 12:48:30 -07:00
HexMix
7ed654e0a7
feat(registry): enhance authentication checks in htpasswd implementation
...
- Added a dummy hash for nonexistent users to prevent timing attacks.
- Updated test cases to include a nonexistent user scenario for better coverage.
- Introduced a global dummy hash variable to streamline authentication for nonexistent users.
- Updated the authentication logic to utilize the new dummy hash for improved consistency.
- Added support for overriding the dummy hash in the access controller for testing purposes.
- Updated the authentication logic to utilize the provided dummy hash during user authentication.
- Updated test cases to use `t.TempDir()` for creating temporary htpasswd files, enhancing test isolation and cleanup.
- Simplified file reading and error handling in the `TestCreateHtpasswdFile` function.
Co-authored-by: Sebastiaan van Stijn <github@gone.nl >
Signed-off-by: HexMix <32300164+mnixry@users.noreply.github.com >
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-04-04 21:19:33 +02:00
Milos Gajdos
30210f45f4
chore(app): warn when partial TLS config is used in Redis ( #4838 )
2026-04-03 12:18:41 -07:00
Milos Gajdos
000567267f
chore(app): warn when partial TLS config is used in Redis
...
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-04-03 12:04:53 -07:00
João Pereira
17de9dfab2
build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in the go_modules group across 1 directory ( #4837 )
2026-04-03 08:10:25 +01:00
dependabot[bot]
2bf6ae0065
build(deps): bump github.com/go-jose/go-jose/v4
...
Bumps the go_modules group with 1 update in the / directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose ).
Updates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/go-jose/go-jose/releases )
- [Commits](https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4 )
---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
dependency-version: 4.1.4
dependency-type: direct:production
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-03 04:02:21 +00:00
dependabot[bot]
f91da11464
build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 5.5.4 to 6.0.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](75cd11691c...57e3a136b7 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-version: 6.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-03 01:13:22 +00:00
Milos Gajdos
4045624d53
build(deps): bump actions/setup-go from 6.3.0 to 6.4.0 ( #4833 )
2026-04-02 17:54:17 -07:00
1seal
5cda72868f
fix redis repo-scoped blob descriptor revocation
2026-04-01 18:38:38 +03:00
dependabot[bot]
bbc6f54c06
build(deps): bump actions/configure-pages from 5.0.0 to 6.0.0
...
Bumps [actions/configure-pages](https://github.com/actions/configure-pages ) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/configure-pages/releases )
- [Commits](983d7736d9...45bfe0192c )
---
updated-dependencies:
- dependency-name: actions/configure-pages
dependency-version: 6.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-01 01:18:04 +00:00
dependabot[bot]
0f4a2c5f91
build(deps): bump actions/setup-go from 6.3.0 to 6.4.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](4b73464bb3...4a3601121d )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-version: 6.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-31 01:13:27 +00:00
1seal
f215e513de
proxy: bind bearer realms to upstream trust boundary
...
bind proxy-mode bearer realms to the upstream trust boundary before sending credentials, move challenge filtering behind the auth manager, and use golang.org/x/net/publicsuffix for registrable-domain handling.
2026-03-30 18:27:47 +03:00
Milos Gajdos
c7c980d795
ci: pin actions and apply zizmor auto-fixes ( #4831 )
2026-03-27 17:45:21 -07:00
Milos Gajdos
a7541f0808
fix(registry/proxy): use detached context when flushing write buffer ( #4793 )
2026-03-27 16:49:41 -07:00
Sebastiaan van Stijn
9304afc11c
ci: update ${{ secrets.GITHUB_TOKEN }} -> ${{ github.token }}
...
Apparently it's the new, and now recommended variant for the
same thing, so while we're updating actions, let's update.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-03-28 00:25:09 +01:00
Sebastiaan van Stijn
187c1f9bde
ci: apply zizmor auto-fixes
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-03-28 00:25:09 +01:00
Sebastiaan van Stijn
e9eb3c2fb4
ci: pin all actions by sha
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-03-28 00:25:07 +01:00
Sebastiaan van Stijn
b01c36a6ae
ci: labeler: fix indentation
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-03-28 00:24:17 +01:00
ChandonPierre
e0bac48375
fix(registry/proxy): do not re-use http request context for background writes
...
Signed-off-by: Chandon Pierre <cpierre@coreweave.com >
2026-03-27 18:19:47 -04:00
Milos Gajdos
5d3a61a3e6
build(deps): bump github/codeql-action from 4.32.5 to 4.34.1 ( #4823 )
2026-03-27 13:08:26 -07:00
Milos Gajdos
e69ad5c1ca
build(deps): bump actions/deploy-pages from 4 to 5 ( #4826 )
2026-03-27 13:08:15 -07:00
Milos Gajdos
3e4f4a8bde
Enable Redis TLS without client certificates ( #4770 )
2026-03-27 09:35:39 -07:00
dependabot[bot]
b6946f4cb4
build(deps): bump actions/deploy-pages from 4 to 5
...
Bumps [actions/deploy-pages](https://github.com/actions/deploy-pages ) from 4 to 5.
- [Release notes](https://github.com/actions/deploy-pages/releases )
- [Commits](https://github.com/actions/deploy-pages/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/deploy-pages
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-26 01:13:11 +00:00
Milos Gajdos
d4164c1edb
Correctly match environment variables to YAML-inlined structs in configuration ( #4639 )
2026-03-25 10:37:19 -07:00
Milos Gajdos
7a7c44d3f9
Opt: refector tag list pagination support (stage 1) ( #4360 )
2026-03-25 09:55:09 -07:00
Milos Gajdos
ee3ba929f6
Update vacuum.go ( #4610 )
2026-03-23 06:45:30 -07:00
Milos Gajdos
764d131502
fix: correct Ed25519 JWK thumbprint kty from "OTP" to "OKP" ( #4801 )
2026-03-23 06:45:15 -07:00
dependabot[bot]
6d5a05cb85
build(deps): bump github/codeql-action from 4.32.5 to 4.34.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.32.5 to 4.34.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v4.32.5...v4.34.1 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.34.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-23 01:14:08 +00:00
Milos Gajdos
ddf6218cd3
chore(deps): Bump Go to latest 1.25 in CI workflows and go.mod ( #4819 )
2026-03-20 10:19:03 -07:00
Milos Gajdos
fa05d6fa31
chore(deps): Bump Go to latest 1.25 in CI workflows and go.mod
...
In prep for release + fixing sec vulns
* https://github.com/distribution/distribution/security/dependabot/22
* https://github.com/distribution/distribution/security/dependabot/23
otel is particularly silly, especially the contrib deps.
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-03-19 09:10:09 -07:00
Milos Gajdos
d18d6cb923
Update s3.md regionendpoint option ( #4534 )
2026-03-19 08:34:33 -07:00
Milos Gajdos
bd21379215
docs: pull through cache will pull from remote multiple times ( #4664 )
2026-03-17 12:57:52 -07:00
Milos Gajdos
83dd82021c
fix: set MD5 on GCS writer before first Write call in putContent ( #4803 )
2026-03-17 11:04:56 -07:00
Joonas Bergius
332405077a
chore: fix typo in comment
...
Co-authored-by: Kyle Squizzato <kyle@replicated.com >
Signed-off-by: Joonas Bergius <joonas@users.noreply.github.com >
2026-03-17 12:52:12 -05:00
Milos Gajdos
78a447df8e
fix: nil-check scheduler in proxyingRegistry.Close() ( #4805 )
2026-03-07 13:08:11 -08:00
Milos Gajdos
43a380e1e1
build(deps): bump docker/metadata-action from 5 to 6 ( #4810 )
2026-03-06 08:26:39 -08:00
Milos Gajdos
c4e0be6045
build(deps): bump docker/bake-action from 6 to 7 ( #4809 )
2026-03-06 08:26:25 -08:00
dependabot[bot]
33bb5f601c
build(deps): bump docker/bake-action from 6 to 7
...
Bumps [docker/bake-action](https://github.com/docker/bake-action ) from 6 to 7.
- [Release notes](https://github.com/docker/bake-action/releases )
- [Commits](https://github.com/docker/bake-action/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: docker/bake-action
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-06 07:29:11 +00:00
João Pereira
dcd6df9644
build(deps): bump docker/setup-buildx-action from 3 to 4 ( #4811 )
2026-03-06 07:28:11 +00:00