github/distribution
1
0
Fork 0
mirror of https://github.com/distribution/distribution.git synced 2026-02-22 06:42:57 +00:00
Code Issues Projects Releases Wiki Activity
5,767 Commits 27 Branches 6 Tags
eba1fb4803a0191fde35670ebd6da3913ed5d73a
Commit Graph

127 Commits

Author SHA1 Message Date
Sebastiaan van Stijn
eba1fb4803 vendor: github.com/docker/go-events 605354379745 
full diff: e31b211e4f...6053543797

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-02-12 19:21:25 +01:00
Milos Gajdos
1cc061570c vendor: github.com/bshuster-repo/logrus-logstash-hook v1.1.0 (#4788) 2026-02-12 10:03:20 -08:00
Sebastiaan van Stijn
3e841a3d78 vendor: github.com/spf13/cobra v1.10.2 
full diff:

- https://github.com/spf13/cobra/compare/v1.8.0...v1.10.2
- https://github.com/spf13/pflag/compare/v1.0.5...v1.0.10

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-02-12 18:45:18 +01:00
Sebastiaan van Stijn
10e0e8e4c0 vendor: github.com/bshuster-repo/logrus-logstash-hook v1.1.0 
- adds go.mod
- DefaultFormatter now uses RFC3339Nano as default

full diff: https://github.com/bshuster-repo/logrus-logstash-hook/compare/v1.0.0...v1.1.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-02-12 18:37:03 +01:00
Sebastiaan van Stijn
d2398c56f2 vendor: github.com/klauspost/compress v1.18.4 
full diff: https://github.com/klauspost/compress/compare/v1.17.11...v1.18.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-02-12 09:35:31 -08:00
Sebastiaan van Stijn
c4a0bd3fe9 vendor: github.com/opencontainers/image-spec v1.1.1 
full diff: https://github.com/opencontainers/image-spec/compare/v1.1.0...v1.1.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-02-12 09:34:56 -08:00
Sebastiaan van Stijn
abc9debf41 vendor: github.com/docker/docker-credential-helpers v0.9.5 
full diff: https://github.com/docker/docker-credential-helpers/compare/v0.8.2...v0.9.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-02-12 09:21:36 -08:00
Sebastiaan van Stijn
00464063d5 vendor: github.com/sirupsen/logrus v1.9.4 
full diff: https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-02-12 08:57:45 -08:00
Thomas Cuthbert
1ad03da687 fix: Logging regression for manifest HEAD requests 
Since version 3.0.0, the response completed log line is no longer
present for HEAD requests to manifests that return 200.

The regression is caused by the implicit handling of manifest HEAD
responses that bypass the logging middleware when returning from
`GetManifest`.

This change ensures that the logging middleware handles responses for
manifest HEAD requests by explicitly writing `StatusOK` into the
response header before returning from `GetManifest`.

Closes: https://github.com/distribution/distribution/issues/4733
Signed-off-by: Thomas Cuthbert <tom.cuthbert@elastic.co>
 2026-01-07 00:09:07 +08:00
Milos Gajdos
52f0f6c45d Bump Azure deps 
This pulls in go-redis update as well.

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2025-03-27 22:44:26 -07:00
dependabot[bot]
05b308bc42 build(deps): bump github.com/golang-jwt/jwt/v5 
Bumps the go_modules group with 1 update in the / directory: [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt).


Updates `github.com/golang-jwt/jwt/v5` from 5.2.1 to 5.2.2
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v5.2.1...v5.2.2)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v5
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-21 22:28:21 +00:00
dependabot[bot]
fc3dd55d3d build(deps): bump github.com/go-jose/go-jose/v4 in the go_modules group 
Bumps the go_modules group with 1 update: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).


Updates `github.com/go-jose/go-jose/v4` from 4.0.2 to 4.0.5
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v4.0.2...v4.0.5)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-type: direct:production
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-24 22:51:52 +00:00
krynju
abbe03efef Upgrade go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp 
Signed-off-by: krynju <krystian.gulinski@juliahub.com>
 2024-11-13 18:27:43 +01:00
Milos Gajdos
d67b46a05b Bump dependencies (#4498) 2024-11-06 10:52:35 +00:00
Milos Gajdos
3ac2285631 Bump otel dependencies 
We want to be consistent in our deps so tracking down issue does not end
up in a murder mystery hunt. This commit picks a specific otel versions
that are unified in this codebase.

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2024-11-05 05:45:37 +00:00
Milos Gajdos
3996413f46 Bump google storage module 
Also bump the golangci version

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2024-10-26 18:19:46 +01:00
Milos Gajdos
1c26d98fbe Bump dependencies 
In preparation to the next release we're going to bump some deps such as
various cloud SDKs we can test i.e. AWS, Google Cloud, etc.

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2024-10-26 17:52:35 +01:00
Chun-Hung Hsiao
eed9400d26 feat: support custom exec-based credential helper in proxy mode 
This change allows users to run the registry as a pull-through cache
that can use a credential helper to authenticate against the upstream
registry.

Signed-off-by: Chun-Hung Hsiao <chhsiao@google.com>
 2024-08-16 19:42:51 -07:00
Sebastiaan van Stijn
9ba7340601 vendor: github.com/opencontainers/image-spec v1.1.0 
full diff: https://github.com/opencontainers/image-spec/compare/v1.0.2...v1.1.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2024-07-10 14:58:09 -05:00
Milos Gajdos
5316d3bda2 Bump Go and golang linter 
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2024-06-30 16:50:09 +01:00
dependabot[bot]
050e1a3ee7 build(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity 
Bumps [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) from 1.3.0 to 1.6.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.3.0...sdk/azcore/v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-06-11 20:09:16 +00:00
Milos Gajdos
52d68216c0 feature: Bump go-jose and require signing algorithms in auth 
This bumps go-jose to the latest available version: v4.0.3.
This slightly breaks the backwards compatibility with the existing
registry deployments but brings more security with it.

We now require the users to specify the list of token signing algorithms in
the configuration. We do strive to maintain the b/w compat by providing
a list of supported algorithms, though, this isn't something we
recommend due to security issues, see:
* https://github.com/go-jose/go-jose/issues/64
* https://github.com/go-jose/go-jose/pull/69

As part of this change we now return to the original flow of the token
signature validation:
1. X2C (tls) headers
2. JWKS
3. KeyID

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2024-05-30 20:44:35 +01:00
Milos Gajdos
167d7996be chore: bump distriution/reference dependency 
We've made a new release https://github.com/distribution/reference

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2024-03-26 20:19:28 +00:00
dependabot[bot]
1c5fe22dec build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.1 to 3.0.3.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.1...v3.0.3)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-07 23:01:05 +00:00
Milos Gajdos
6926aea0ee vendor: github.com/gorilla/handlers v1.5.2 (#4211) 2024-01-16 17:06:16 +07:00
Sebastiaan van Stijn
bdfa8324a0 vendor: github.com/mitchellh/mapstructure v1.5.0 
note that this repository will be sunset, and the "endorsed" fork will be
maintened by "go-viper". Updating the dependency to the latest version in
preparation.

full diff: https://github.com/mitchellh/mapstructure/compare/v1.1.2...v1.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-12-27 12:28:10 +01:00
Sebastiaan van Stijn
4f9fe183c3 vendor: github.com/gorilla/handlers v1.5.2 
full diff: https://github.com/gorilla/handlers/compare/v1.5.1...v1.5.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-12-22 10:23:09 +01:00
Eng Zer Jun
bcbf0431d1 testing: replace legacy gopkg.in/check.v1 
This commit replaces the legacy `gopkg.in/check.v1` testing dependency
with `github.com/stretchr/testify`.

Closes https://github.com/distribution/distribution/issues/3884.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2023-12-13 09:22:43 +00:00
gotgelf
0e3018f2cf Otel tracing MVP: vendor changes 
Signed-off-by: gotgelf <gotgelf@gmail.com>
 2023-12-11 21:18:42 +01:00
Milos Gajdos
60e7e87889 vendor: github.com/spf13/cobra v1.8.0 (#4182) 2023-12-01 12:09:15 +00:00
Milos Gajdos
6f84e87803 update: AWS Go SDK bump to the latest release 
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2023-12-01 11:24:44 +00:00
Sebastiaan van Stijn
1f6afab6e0 vendor: github.com/spf13/cobra v1.8.0 
updating to current version.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-12-01 12:05:31 +01:00
Milos Gajdos
a2613975a1 vendor: github.com/sirupsen/logrus v1.9.3 (#4179) 2023-12-01 10:51:38 +00:00
Milos Gajdos
3b58737bb6 vendor: github.com/gorilla/mux v1.8.1 (#4180) 2023-12-01 10:51:20 +00:00
Sebastiaan van Stijn
79976446f7 vendor: github.com/klauspost/compress v1.17.4 
newer versions continue to include performance improvements, so it's good
to stay up-to-date.

full diff: https://github.com/klauspost/compress/compare/v1.16.5...v1.17.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-12-01 10:33:39 +01:00
Sebastiaan van Stijn
db187ae55c vendor: github.com/gorilla/mux v1.8.1 
full diff: https://github.com/gorilla/mux/compare/v1.8.0...v1.8.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-12-01 10:26:51 +01:00
Sebastiaan van Stijn
d6dd652f5a vendor: github.com/sirupsen/logrus v1.9.3 
full diff: https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-12-01 10:21:44 +01:00
dependabot[bot]
b8b390f4cd build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-21 22:25:08 +00:00
dependabot[bot]
32316367c8 Bump google.golang.org/grpc from 1.53.0 to 1.56.3 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.53.0 to 1.56.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.53.0...v1.56.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-25 22:26:53 +00:00
Milos Gajdos
fe21f43911 feat: replace docker/libtrust with go-jose/go-jose 
docker/libtrust repository has been archived for several years now.
This commit replaces all the libtrust JWT machinery with go-jose/go-jose module.
Some of the code has been adopted from libtrust and adjusted for some of
the use cases covered by the token authorization flow especially in the
tests.

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2023-10-19 15:32:59 +01:00
Geoffrey Hausheer
2435def474 Support systemd socket-activation 
Signed-off-by: Geoffrey Hausheer <rc2012@pblue.org>
 2023-09-20 09:37:22 -07:00
dependabot[bot]
e4dd28b886 Bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.3 to 0.2.4.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-07 13:06:27 +00:00
Sebastiaan van Stijn
152af63ec5 deprecate reference package, migrate to github.com/distribution/reference 
This integrates the new module, which was extracted from this repository
at commit b9b19409cf458dcb9e1253ff44ba75bd0620faa6;

    # install filter-repo (https://github.com/newren/git-filter-repo/blob/main/INSTALL.md)
    brew install git-filter-repo

    # create a temporary clone of docker
    cd ~/Projects
    git clone https://github.com/distribution/distribution.git reference
    cd reference

    # commit taken from
    git rev-parse --verify HEAD
    b9b19409cf

    # remove all code, except for general files, 'reference/', and rename to /
    git filter-repo \
      --path .github/workflows/codeql-analysis.yml \
      --path .github/workflows/fossa.yml \
      --path .golangci.yml \
      --path distribution-logo.svg \
      --path CODE-OF-CONDUCT.md \
      --path CONTRIBUTING.md \
      --path GOVERNANCE.md \
      --path README.md \
      --path LICENSE \
      --path MAINTAINERS \
      --path-glob 'reference/*.*' \
      --path-rename reference/:

    # initialize go.mod
    go mod init github.com/distribution/reference
    go mod tidy -go=1.20

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-08-31 15:47:06 +02:00
Milos Gajdos
fcbc25e789 Replace redigo with redis-go 
We are replacing the very outdated redigo Go module with the official
redis Go module, go-redis.

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2023-08-26 07:44:02 +01:00
David van der Spek
3e4c4ead4c Remove bugsnag 
Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
 2023-08-21 10:24:36 +02:00
David van der Spek
77c33cd243 remove NewRelic 
Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
 2023-08-18 12:16:18 +02:00
Milos Gajdos
ac32466188 Merge pull request #3993 from DavidSpek/update-golang-lru 
Update github.com/hashicorp/golang-lru to v2
 2023-08-18 08:09:11 +01:00
David van der Spek
0f006548a1 update golang-lru to v2 
Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
 2023-08-17 13:41:54 +02:00
David van der Spek
9d862f0982 fix(deps): update module github.com/aws/aws-sdk-go to v1.44.325 
Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
 2023-08-17 12:02:28 +02:00
Milos Gajdos
3f1859af26 Remove oss storage driver and alicdn storage driver middleware 
This commit removes `oss` storage driver from distribution as well as
`alicdn` storage middleware which only works with the `oss` driver.

There are several reasons for it:
* no real-life expertise among the maintainers
* oss is compatible with S3 API operations required by S3 storage driver

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2023-08-16 08:39:20 +01:00