dependabot[bot]
326a0d0b7b
build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
...
Bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go ).
Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.42.0 to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.42.0...v1.43.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
dependency-version: 1.43.0
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-14 15:30:39 +00:00
dependabot[bot]
567670f6eb
build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
...
Bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp](https://github.com/open-telemetry/opentelemetry-go ).
Updates `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v0.18.0...v0.19.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
dependency-version: 0.19.0
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-08 19:27:49 +00:00
Milos Gajdos
078b0783f2
Merge commit from fork
...
fix redis repo-scoped blob descriptor revocation
2026-04-05 17:08:50 -07:00
dependabot[bot]
2bf6ae0065
build(deps): bump github.com/go-jose/go-jose/v4
...
Bumps the go_modules group with 1 update in the / directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose ).
Updates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/go-jose/go-jose/releases )
- [Commits](https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4 )
---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
dependency-version: 4.1.4
dependency-type: direct:production
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-03 04:02:21 +00:00
1seal
5cda72868f
fix redis repo-scoped blob descriptor revocation
2026-04-01 18:38:38 +03:00
Milos Gajdos
fa05d6fa31
chore(deps): Bump Go to latest 1.25 in CI workflows and go.mod
...
In prep for release + fixing sec vulns
* https://github.com/distribution/distribution/security/dependabot/22
* https://github.com/distribution/distribution/security/dependabot/23
otel is particularly silly, especially the contrib deps.
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-03-19 09:10:09 -07:00
Milos Gajdos
ab67ffa0bd
vendor: github.com/go-jose/go-jose/v4 v4.1.3 ( #4790 )
2026-02-12 15:03:13 -08:00
Sebastiaan van Stijn
eba1fb4803
vendor: github.com/docker/go-events 605354379745
...
full diff: e31b211e4f...6053543797
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-02-12 19:21:25 +01:00
Sebastiaan van Stijn
01a853e429
go.mod: remove outdated comment
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-02-12 19:15:36 +01:00
Sebastiaan van Stijn
2a52e9015f
vendor: github.com/go-jose/go-jose/v4 v4.1.3
...
No longer has dependencies
full diff: https://github.com/go-jose/go-jose/compare/v4.0.5...v4.1.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-02-12 19:12:01 +01:00
Milos Gajdos
1cc061570c
vendor: github.com/bshuster-repo/logrus-logstash-hook v1.1.0 ( #4788 )
2026-02-12 10:03:20 -08:00
Sebastiaan van Stijn
3e841a3d78
vendor: github.com/spf13/cobra v1.10.2
...
full diff:
- https://github.com/spf13/cobra/compare/v1.8.0...v1.10.2
- https://github.com/spf13/pflag/compare/v1.0.5...v1.0.10
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-02-12 18:45:18 +01:00
Sebastiaan van Stijn
10e0e8e4c0
vendor: github.com/bshuster-repo/logrus-logstash-hook v1.1.0
...
- adds go.mod
- DefaultFormatter now uses RFC3339Nano as default
full diff: https://github.com/bshuster-repo/logrus-logstash-hook/compare/v1.0.0...v1.1.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-02-12 18:37:03 +01:00
Sebastiaan van Stijn
d2398c56f2
vendor: github.com/klauspost/compress v1.18.4
...
full diff: https://github.com/klauspost/compress/compare/v1.17.11...v1.18.4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-02-12 09:35:31 -08:00
Sebastiaan van Stijn
c4a0bd3fe9
vendor: github.com/opencontainers/image-spec v1.1.1
...
full diff: https://github.com/opencontainers/image-spec/compare/v1.1.0...v1.1.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-02-12 09:34:56 -08:00
Sebastiaan van Stijn
abc9debf41
vendor: github.com/docker/docker-credential-helpers v0.9.5
...
full diff: https://github.com/docker/docker-credential-helpers/compare/v0.8.2...v0.9.5
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-02-12 09:21:36 -08:00
Sebastiaan van Stijn
9b79cf5105
vendor: golang.org/x/oauth2 v0.35.0
...
full diff: https://cs.opensource.google/go/x/oauth2/+/refs/tags/v0.28.0...refs/tags/v0.35.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-02-12 08:58:55 -08:00
Sebastiaan van Stijn
ae7c498d28
vendor: golang.org/x/time v0.14.0
...
full diff: https://cs.opensource.google/go/x/time/+/refs/tags/v0.6.0...refs/tags/v0.14.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-02-12 08:58:55 -08:00
Sebastiaan van Stijn
87a9711c88
vendor: golang.org/x/crypto v0.48.0, golang.org/x/net v0.50.0
...
full diff: https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.36.0...refs/tags/v0.48.0
full diff: https://cs.opensource.google/go/x/net/+/refs/tags/v0.38.0...refs/tags/v0.50.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-02-12 08:58:55 -08:00
Sebastiaan van Stijn
aebf0612ee
vendor: golang.org/x/text v0.34.0
...
full diff: https://cs.opensource.google/go/x/text/+/refs/tags/v0.23.0...refs/tags/v0.34.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-02-12 08:58:55 -08:00
Sebastiaan van Stijn
3e3e153900
vendor: golang.org/x/sys v0.41.0
...
full diff: https://cs.opensource.google/go/x/sys/+/refs/tags/v0.31.0...refs/tags/v0.41.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-02-12 08:58:55 -08:00
Sebastiaan van Stijn
00464063d5
vendor: github.com/sirupsen/logrus v1.9.4
...
full diff: https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-02-12 08:57:45 -08:00
Sebastiaan van Stijn
f5d656e686
drop support for go1.23
...
go1.23 is EOL since August 2025 (when go1.25 was released), and (indirect)
dependencies start to require it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-02-12 04:22:51 -08:00
dependabot[bot]
5a71303e59
build(deps): bump golang.org/x/net
...
Bumps the go_modules group with 1 update in the / directory: [golang.org/x/net](https://github.com/golang/net ).
Updates `golang.org/x/net` from 0.37.0 to 0.38.0
- [Commits](https://github.com/golang/net/compare/v0.37.0...v0.38.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.38.0
dependency-type: direct:production
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-04-16 23:33:39 +00:00
Milos Gajdos
52f0f6c45d
Bump Azure deps
...
This pulls in go-redis update as well.
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2025-03-27 22:44:26 -07:00
dependabot[bot]
05b308bc42
build(deps): bump github.com/golang-jwt/jwt/v5
...
Bumps the go_modules group with 1 update in the / directory: [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt ).
Updates `github.com/golang-jwt/jwt/v5` from 5.2.1 to 5.2.2
- [Release notes](https://github.com/golang-jwt/jwt/releases )
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md )
- [Commits](https://github.com/golang-jwt/jwt/compare/v5.2.1...v5.2.2 )
---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v5
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-03-21 22:28:21 +00:00
dependabot[bot]
896fec507e
build(deps): bump golang.org/x/net
...
Bumps the go_modules group with 1 update in the / directory: [golang.org/x/net](https://github.com/golang/net ).
Updates `golang.org/x/net` from 0.33.0 to 0.36.0
- [Commits](https://github.com/golang/net/compare/v0.33.0...v0.36.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-03-19 14:59:20 +00:00
Milos Gajdos
d7b8fb6a0e
Bump Go version in prep for the next release
...
This bumps the Go version in preparation for the next release.
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2025-03-19 07:47:32 -07:00
dependabot[bot]
fc3dd55d3d
build(deps): bump github.com/go-jose/go-jose/v4 in the go_modules group
...
Bumps the go_modules group with 1 update: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose ).
Updates `github.com/go-jose/go-jose/v4` from 4.0.2 to 4.0.5
- [Release notes](https://github.com/go-jose/go-jose/releases )
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md )
- [Commits](https://github.com/go-jose/go-jose/compare/v4.0.2...v4.0.5 )
---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
dependency-type: direct:production
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-02-24 22:51:52 +00:00
Milos Gajdos
38fd91a49e
(security): Bump golang.org/x/net module
...
Fixes: https://nvd.nist.gov/vuln/detail/CVE-2024-45338
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2024-12-20 06:21:59 +00:00
Milos Gajdos
96a3daafe9
Move a direct dependency to direct deps required modules
...
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2024-12-12 11:34:21 +00:00
Milos Gajdos
fb3ba302d2
chore: Bump alpine and Go versions
...
3.20 had a minor security vulnerability. Let's bump it.
Related:
* https://github.com/distribution/distribution-library-image/issues/171
* https://github.com/distribution/distribution/pull/4527
Bump Go version
* CI
* go.mod
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2024-12-12 11:29:11 +00:00
dependabot[bot]
6eba54be60
build(deps): bump golang.org/x/crypto from 0.28.0 to 0.31.0
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.28.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.28.0...v0.31.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-12-12 08:34:18 +00:00
krynju
abbe03efef
Upgrade go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
...
Signed-off-by: krynju <krystian.gulinski@juliahub.com >
2024-11-13 18:27:43 +01:00
Milos Gajdos
d67b46a05b
Bump dependencies ( #4498 )
2024-11-06 10:52:35 +00:00
Milos Gajdos
3ac2285631
Bump otel dependencies
...
We want to be consistent in our deps so tracking down issue does not end
up in a murder mystery hunt. This commit picks a specific otel versions
that are unified in this codebase.
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2024-11-05 05:45:37 +00:00
Milos Gajdos
3996413f46
Bump google storage module
...
Also bump the golangci version
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2024-10-26 18:19:46 +01:00
Milos Gajdos
1c26d98fbe
Bump dependencies
...
In preparation to the next release we're going to bump some deps such as
various cloud SDKs we can test i.e. AWS, Google Cloud, etc.
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2024-10-26 17:52:35 +01:00
Chun-Hung Hsiao
eed9400d26
feat: support custom exec-based credential helper in proxy mode
...
This change allows users to run the registry as a pull-through cache
that can use a credential helper to authenticate against the upstream
registry.
Signed-off-by: Chun-Hung Hsiao <chhsiao@google.com >
2024-08-16 19:42:51 -07:00
Ismail Alidzhikov
ba8e539b03
Use x.y.0 format for the go module version
...
Signed-off-by: Ismail Alidzhikov <i.alidjikov@gmail.com >
2024-07-29 13:20:39 +03:00
Milos Gajdos
c345425ff5
ci:bump Go version
...
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2024-07-13 19:24:26 +01:00
Sebastiaan van Stijn
9ba7340601
vendor: github.com/opencontainers/image-spec v1.1.0
...
full diff: https://github.com/opencontainers/image-spec/compare/v1.0.2...v1.1.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2024-07-10 14:58:09 -05:00
Milos Gajdos
5316d3bda2
Bump Go and golang linter
...
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2024-06-30 16:50:09 +01:00
dependabot[bot]
050e1a3ee7
build(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
...
Bumps [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go ) from 1.3.0 to 1.6.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases )
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md )
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.3.0...sdk/azcore/v1.6.0 )
---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-06-11 20:09:16 +00:00
Milos Gajdos
675d7e27f5
feature: Bump go-jose and require signing algorithms in auth ( #4349 )
2024-05-30 20:54:20 +01:00
Milos Gajdos
52d68216c0
feature: Bump go-jose and require signing algorithms in auth
...
This bumps go-jose to the latest available version: v4.0.3.
This slightly breaks the backwards compatibility with the existing
registry deployments but brings more security with it.
We now require the users to specify the list of token signing algorithms in
the configuration. We do strive to maintain the b/w compat by providing
a list of supported algorithms, though, this isn't something we
recommend due to security issues, see:
* https://github.com/go-jose/go-jose/issues/64
* https://github.com/go-jose/go-jose/pull/69
As part of this change we now return to the original flow of the token
signature validation:
1. X2C (tls) headers
2. JWKS
3. KeyID
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2024-05-30 20:44:35 +01:00
James Hewitt
421a359b26
Add a go.mod toolchain version
...
go 1.21 added toolchain support. We should now specify a toolchain
version in go.mod.
https://go.dev/doc/toolchain
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com >
2024-05-13 14:47:07 +01:00
Liang Zheng
a5882d6646
vendor: update manifest dependencies
...
Signed-off-by: Liang Zheng <zhengliang0901@gmail.com >
2024-04-26 22:22:49 +08:00
dependabot[bot]
2db0a598cc
build(deps): bump golang.org/x/net from 0.20.0 to 0.23.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.20.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.20.0...v0.23.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-04-19 12:59:08 +00:00
Milos Gajdos
bc6e81e1b9
Add Go 1.22 support to CI ( #4314 )
2024-04-08 12:15:39 +01:00