Milos Gajdos
ece70d987f
refactor: use slices.Backward to simplify the code ( #4848 )
2026-04-16 14:17:33 -07:00
Milos Gajdos
24a4d24a24
chore(build): Bump go version to latest ( #4851 )
2026-04-14 14:12:13 -07:00
Milos Gajdos
839e4a7119
build(deps): bump github/codeql-action from 4.34.1 to 4.35.1 ( #4840 )
2026-04-14 10:01:33 -07:00
Milos Gajdos
0102b58159
Bump Go 1.26 in CI
...
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-04-14 09:22:17 -07:00
Milos Gajdos
29eb2149df
chore(build): Bump go version to latest 1.25
...
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-04-14 09:09:22 -07:00
Milos Gajdos
3090068a9b
build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.42.0 to 1.43.0 in the go_modules group across 1 directory ( #4850 )
2026-04-14 08:56:29 -07:00
dependabot[bot]
326a0d0b7b
build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
...
Bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go ).
Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.42.0 to 1.43.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.42.0...v1.43.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
dependency-version: 1.43.0
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-14 15:30:39 +00:00
Milos Gajdos
9a07978fe3
build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.18.0 to 0.19.0 in the go_modules group across 1 directory ( #4843 )
2026-04-14 08:17:41 -07:00
Milos Gajdos
6ae29aadd7
internal/client/auth/challenge: cleanups and minor refactor ( #4832 )
2026-04-12 16:09:55 -07:00
chuanshanjida
0679fc13c5
refactor: use slices.Backward to simplify the code
...
Signed-off-by: chuanshanjida <chuanshanjida@outlook.com >
2026-04-12 16:01:45 +08:00
dependabot[bot]
567670f6eb
build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
...
Bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp](https://github.com/open-telemetry/opentelemetry-go ).
Updates `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases )
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v0.18.0...v0.19.0 )
---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
dependency-version: 0.19.0
dependency-type: indirect
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-08 19:27:49 +00:00
Milos Gajdos
708f8d6b06
chore(ci): Prep for v3.1 release ( #4841 )
2026-04-06 08:41:42 -07:00
dependabot[bot]
5e72174444
build(deps): bump github/codeql-action from 4.34.1 to 4.35.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.34.1 to 4.35.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3869755554...c10b8064de )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.35.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-06 01:17:35 +00:00
Milos Gajdos
b1d5dbcf1b
chore(ci): Prep for v3.1 release
...
* Release notes added
* Version bump in version package
* AUTHORS updated
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-04-05 18:12:29 -07:00
Milos Gajdos
078b0783f2
Merge commit from fork
...
fix redis repo-scoped blob descriptor revocation
2026-04-05 17:08:50 -07:00
Milos Gajdos
cccd0d4fb7
fix(vendor): fix broke vendor validation ( #4839 )
2026-04-05 16:30:19 -07:00
Milos Gajdos
49447e8e12
fix(vendor): fix broke vendpor validation
...
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-04-05 13:35:49 -07:00
Milos Gajdos
cc5d5fa4ba
Merge commit from fork
...
proxy: bind bearer realms to upstream trust boundary
2026-04-05 13:30:20 -07:00
Milos Gajdos
4cfa178962
build(deps): bump actions/configure-pages from 5.0.0 to 6.0.0 ( #4834 )
2026-04-04 15:38:16 -07:00
Milos Gajdos
c4bac3bcd6
build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0 ( #4836 )
2026-04-04 13:50:37 -07:00
Milos Gajdos
2f2ce9fb6c
Opt: refactor tag list pagination support ( #4353 )
2026-04-04 13:49:23 -07:00
njucjc
6a02a0e81d
Opt: refactor tag list pagination support
...
Signed-off-by: njucjc <njucjc@gmail.com >
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-04-04 22:04:37 +02:00
Milos Gajdos
7482bff437
feat(registry): enhance authentication checks in htpasswd implementation ( #4758 )
2026-04-04 12:48:30 -07:00
HexMix
7ed654e0a7
feat(registry): enhance authentication checks in htpasswd implementation
...
- Added a dummy hash for nonexistent users to prevent timing attacks.
- Updated test cases to include a nonexistent user scenario for better coverage.
- Introduced a global dummy hash variable to streamline authentication for nonexistent users.
- Updated the authentication logic to utilize the new dummy hash for improved consistency.
- Added support for overriding the dummy hash in the access controller for testing purposes.
- Updated the authentication logic to utilize the provided dummy hash during user authentication.
- Updated test cases to use `t.TempDir()` for creating temporary htpasswd files, enhancing test isolation and cleanup.
- Simplified file reading and error handling in the `TestCreateHtpasswdFile` function.
Co-authored-by: Sebastiaan van Stijn <github@gone.nl >
Signed-off-by: HexMix <32300164+mnixry@users.noreply.github.com >
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-04-04 21:19:33 +02:00
Milos Gajdos
30210f45f4
chore(app): warn when partial TLS config is used in Redis ( #4838 )
2026-04-03 12:18:41 -07:00
Milos Gajdos
000567267f
chore(app): warn when partial TLS config is used in Redis
...
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com >
2026-04-03 12:04:53 -07:00
João Pereira
17de9dfab2
build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 in the go_modules group across 1 directory ( #4837 )
2026-04-03 08:10:25 +01:00
dependabot[bot]
2bf6ae0065
build(deps): bump github.com/go-jose/go-jose/v4
...
Bumps the go_modules group with 1 update in the / directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose ).
Updates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/go-jose/go-jose/releases )
- [Commits](https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4 )
---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
dependency-version: 4.1.4
dependency-type: direct:production
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-03 04:02:21 +00:00
dependabot[bot]
f91da11464
build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 5.5.4 to 6.0.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](75cd11691c...57e3a136b7 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-version: 6.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-03 01:13:22 +00:00
Milos Gajdos
4045624d53
build(deps): bump actions/setup-go from 6.3.0 to 6.4.0 ( #4833 )
2026-04-02 17:54:17 -07:00
1seal
5cda72868f
fix redis repo-scoped blob descriptor revocation
2026-04-01 18:38:38 +03:00
dependabot[bot]
bbc6f54c06
build(deps): bump actions/configure-pages from 5.0.0 to 6.0.0
...
Bumps [actions/configure-pages](https://github.com/actions/configure-pages ) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/configure-pages/releases )
- [Commits](983d7736d9...45bfe0192c )
---
updated-dependencies:
- dependency-name: actions/configure-pages
dependency-version: 6.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-01 01:18:04 +00:00
dependabot[bot]
0f4a2c5f91
build(deps): bump actions/setup-go from 6.3.0 to 6.4.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 6.3.0 to 6.4.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](4b73464bb3...4a3601121d )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-version: 6.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-31 01:13:27 +00:00
1seal
f215e513de
proxy: bind bearer realms to upstream trust boundary
...
bind proxy-mode bearer realms to the upstream trust boundary before sending credentials, move challenge filtering behind the auth manager, and use golang.org/x/net/publicsuffix for registrable-domain handling.
2026-03-30 18:27:47 +03:00
Sebastiaan van Stijn
3c670635c2
internal/client/auth/challenge: fix minor linting issues
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-03-28 17:47:03 +01:00
Sebastiaan van Stijn
055cc71b4e
internal/client/auth/challenge: cleanup URL-normalization
...
- change normalizeURL to not mutate the input URL.
- move lowercasing into canonicalAddr.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-03-28 17:46:02 +01:00
Sebastiaan van Stijn
a35ff435a6
internal/client/auth/challenge: simpleManager: make zero value usable
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-03-28 17:09:35 +01:00
Sebastiaan van Stijn
069947f6fd
internal/client/auth/challenge: simpleManager: un-export fields
...
Un-export the mutex and Challenges field.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-03-28 17:09:04 +01:00
Milos Gajdos
c7c980d795
ci: pin actions and apply zizmor auto-fixes ( #4831 )
2026-03-27 17:45:21 -07:00
Milos Gajdos
a7541f0808
fix(registry/proxy): use detached context when flushing write buffer ( #4793 )
2026-03-27 16:49:41 -07:00
Sebastiaan van Stijn
9304afc11c
ci: update ${{ secrets.GITHUB_TOKEN }} -> ${{ github.token }}
...
Apparently it's the new, and now recommended variant for the
same thing, so while we're updating actions, let's update.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-03-28 00:25:09 +01:00
Sebastiaan van Stijn
187c1f9bde
ci: apply zizmor auto-fixes
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-03-28 00:25:09 +01:00
Sebastiaan van Stijn
e9eb3c2fb4
ci: pin all actions by sha
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-03-28 00:25:07 +01:00
Sebastiaan van Stijn
b01c36a6ae
ci: labeler: fix indentation
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl >
2026-03-28 00:24:17 +01:00
ChandonPierre
e0bac48375
fix(registry/proxy): do not re-use http request context for background writes
...
Signed-off-by: Chandon Pierre <cpierre@coreweave.com >
2026-03-27 18:19:47 -04:00
Milos Gajdos
5d3a61a3e6
build(deps): bump github/codeql-action from 4.32.5 to 4.34.1 ( #4823 )
2026-03-27 13:08:26 -07:00
Milos Gajdos
e69ad5c1ca
build(deps): bump actions/deploy-pages from 4 to 5 ( #4826 )
2026-03-27 13:08:15 -07:00
Milos Gajdos
3e4f4a8bde
Enable Redis TLS without client certificates ( #4770 )
2026-03-27 09:35:39 -07:00
dependabot[bot]
b6946f4cb4
build(deps): bump actions/deploy-pages from 4 to 5
...
Bumps [actions/deploy-pages](https://github.com/actions/deploy-pages ) from 4 to 5.
- [Release notes](https://github.com/actions/deploy-pages/releases )
- [Commits](https://github.com/actions/deploy-pages/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/deploy-pages
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-26 01:13:11 +00:00
Milos Gajdos
d4164c1edb
Correctly match environment variables to YAML-inlined structs in configuration ( #4639 )
2026-03-25 10:37:19 -07:00