github/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2025-09-24 11:26:59 +00:00
Code Issues Projects Releases Wiki Activity
2,609 Commits 19 Branches 102 Tags
release-1.13
Commit Graph

422 Commits

Author SHA1 Message Date
Miloslav Trmač
62158a58bc Vendor unreleased c/image with OCI artifact support 
including https://github.com/containers/image/pull/1574 .

> go get github.com/containers/image/v5@main
> make vendor

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-07-01 17:35:04 +02:00
dependabot[bot]
331162358b Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.5 to 1.8.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.5...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-30 08:17:49 +00:00
dependabot[bot]
899d3686f9 Bump github.com/stretchr/testify from 1.7.4 to 1.7.5 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.4 to 1.7.5.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.4...v1.7.5)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-24 08:34:09 +00:00
Daniel J Walsh
1a98f253b4 Merge pull request #1687 from containers/dependabot/go_modules/github.com/stretchr/testify-1.7.4 
Bump github.com/stretchr/testify from 1.7.2 to 1.7.4
 2022-06-21 13:08:58 -04:00
dependabot[bot]
2f77d21343 Bump github.com/stretchr/testify from 1.7.2 to 1.7.4 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.2 to 1.7.4.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.2...v1.7.4)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-21 08:13:03 +00:00
dependabot[bot]
2009d1c61e Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-21 08:12:52 +00:00
Miloslav Trmač
a3a72342f2 Update go.mod to Go 1.17 
> go mod tidy -go=1.17
> make vendor

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-06-08 16:46:38 +02:00
dependabot[bot]
e9379d15d2 Bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.16+incompatible to 20.10.17+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.16...v20.10.17)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-07 08:19:08 +00:00
dependabot[bot]
69840fd082 Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.1...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-06 14:50:42 +00:00
dependabot[bot]
63622bc7c4 Bump github.com/containers/ocicrypt from 1.1.4 to 1.1.5 
Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/containers/ocicrypt/releases)
- [Commits](https://github.com/containers/ocicrypt/compare/v1.1.4...v1.1.5)

---
updated-dependencies:
- dependency-name: github.com/containers/ocicrypt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-06 08:16:08 +00:00
Miloslav Trmač
1ebb2520ca Update c/image 
... to bring in github.com/proglottis/gpgme 0.1.2.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-05-19 21:59:36 +02:00
dependabot[bot]
149dea8dce Bump github.com/containers/storage from 1.40.2 to 1.41.0 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.40.2 to 1.41.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.40.2...v1.41.0)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-12 08:10:20 +00:00
dependabot[bot]
13ceb93bdf Bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.14+incompatible to 20.10.15+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.14...v20.10.15)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-07 12:22:43 +00:00
Daniel J Walsh
737ed9c2a4 Vendor in containers/storage v1.40.2 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-05-03 13:06:55 -04:00
Daniel J Walsh
3c286dd1d1 Vendor in containers/(common, storage, image) 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-05-03 09:59:43 -04:00
Daniel J Walsh
8960ab3ce7 Update vendor of containers/(common,storage,image) 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-04-22 06:45:18 -04:00
James Hewitt
38ae81fa03 Bump containers/image to include sign identity option 
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
 2022-03-30 22:02:40 +01:00
Lokesh Mandvekar
3bc062423e Bump github.com/prometheus/client_golang to v1.11.1 
Resolves: CVE-2022-21698

Skopeo isn't actually impacted by the CVE unless a Prometheus listener
is set up, which is not a part of Skopeo's default behavior.

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2022-03-24 14:57:52 -04:00
dependabot[bot]
89cd19519f Bump github.com/containers/common from 0.47.4 to 0.47.5 
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.47.4 to 0.47.5.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](https://github.com/containers/common/compare/v0.47.4...v0.47.5)

---
updated-dependencies:
- dependency-name: github.com/containers/common
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-24 17:41:02 +00:00
dependabot[bot]
7f6b0e39d0 Bump github.com/containers/storage from 1.38.2 to 1.39.0 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.38.2 to 1.39.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.38.2...v1.39.0)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-24 17:14:41 +00:00
dependabot[bot]
ac7edc7d10 Bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3 
Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/containers/ocicrypt/releases)
- [Commits](https://github.com/containers/ocicrypt/compare/v1.1.2...v1.1.3)

---
updated-dependencies:
- dependency-name: github.com/containers/ocicrypt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-21 09:10:52 +00:00
dependabot[bot]
5aaf3a9e4c Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.0...v1.7.1)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-16 09:19:41 +00:00
Daniel J Walsh
0f701726bd Merge pull request #1589 from containers/dependabot/go_modules/github.com/docker/docker-20.10.13incompatible 
Bump github.com/docker/docker from 20.10.12+incompatible to 20.10.13+incompatible
 2022-03-11 05:01:09 -05:00
dependabot[bot]
ad3e8f407d Bump github.com/spf13/cobra from 1.3.0 to 1.4.0 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-11 09:11:45 +00:00
dependabot[bot]
0703ec6ce8 Bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.12+incompatible to 20.10.13+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.12...v20.10.13)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-11 09:11:37 +00:00
Miloslav Trmač
5200272846 Update github.com/containerd/containerd 
$ go get -u github.ccom/containerd/containerd
$ make vendor

... to silence warnings about https://github.com/advisories/GHSA-crp2-qrr5-8pq7 ,
in code we don't use.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-03-04 19:26:12 +01:00
dependabot[bot]
0ad25b2d33 Bump github.com/containers/image/v5 from 5.19.1 to 5.20.0 
Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.19.1 to 5.20.0.
- [Release notes](https://github.com/containers/image/releases)
- [Commits](https://github.com/containers/image/compare/v5.19.1...v5.20.0)

---
updated-dependencies:
- dependency-name: github.com/containers/image/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-02 09:21:25 +00:00
tomsweeneyredhat
27b77f2bde Bump c/common to v0.47.4 
As the title says

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
 2022-02-09 19:23:20 -05:00
Daniel J Walsh
162bbab3a6 Bump version of containers/image and containers/common 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-02-02 14:40:05 -05:00
Daniel J Walsh
7f4db3db9d Update vendor of containers/storage and containers/common 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-01-31 17:27:05 -05:00
Daniel J Walsh
042f481629 Update vendor of containers/common 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-01-26 12:49:18 -05:00
dependabot[bot]
b51707d50d Bump github.com/containers/storage from 1.38.0 to 1.38.1 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.38.0 to 1.38.1.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.38.0...v1.38.1)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-26 12:42:07 +00:00
Valentin Rothberg
bb49923af4 prompt-less signing via passphrase file 
To support signing images without prompting the user, add CLI flags for
providing a passphrase file.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2022-01-26 08:30:49 +01:00
Daniel J Walsh
923c58a8ee Update the vendor of containers/common 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-01-20 13:30:07 -05:00
dependabot[bot]
1bf18b7ef8 Bump github.com/containers/storage from 1.37.0 to 1.38.0 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.37.0 to 1.38.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.37.0...v1.38.0)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-20 09:10:51 +00:00
dependabot[bot]
f6a84289eb Bump github.com/spf13/cobra from 1.2.1 to 1.3.0 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.2.1 to 1.3.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.2.1...v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-15 09:33:22 +00:00
James Hewitt
2046bfdaaa Add option to preserve digests on copy 
When enabled, if digests can't be preserved an error will be raised.

Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
 2021-12-07 13:16:10 +00:00
Miloslav Trmač
5c82c7728f Update github.com/containerd/containerd to v1.5.8 
just to keep various dependency checkers happy.

> go get github.com/containerd/containerd@v1.5.8

NOTE: This is NOT a fix for CVE-2021-41190 / GHSA-77vh-xpmg-72qh ,
that was fixed in Skopeo 1.5.2.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2021-12-02 19:03:33 +01:00
Miloslav Trmač
37d801c90b Update opencontainers/image-spec 
... to a version past 1.0.2, just to keep various
dependency checkers happy.

> go get github.com/opencontainers/image-spec@v1.0.2-0.20211123152302-43a7dee1ec31

The commit is intended to match https://github.com/containers/image/pull/1419
to minimize churn.

NOTE: This is NOT a fix for CVE-2021-41190 / GHSA-77vh-xpmg-72qh ,
that was fixed in Skopeo 1.5.2.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2021-12-02 18:56:36 +01:00
Miloslav Trmač
69728fdf93 Update to c/image v5.17.0 
Includes a fix for CVE-2021-41190 / GHSA-77vh-xpmg-72qh .

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2021-11-22 14:19:37 -05:00
Valentin Rothberg
7885162a35 move optional-flag code to c/common/pkg/flag 
As the title says: it allows for code share with other tools such as
Podman and Buildah.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2021-10-26 15:18:30 +02:00
Paul Fisher
c8777f3bf7 bump containers/image to 2541165 
Signed-off-by: Paul Fisher <pfisher@lyft.com>
 2021-10-21 17:29:03 -07:00
dependabot[bot]
3e4d4a480f Bump github.com/containers/image/v5 from 5.16.0 to 5.16.1 
Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.16.0 to 5.16.1.
- [Release notes](https://github.com/containers/image/releases)
- [Commits](https://github.com/containers/image/compare/v5.16.0...v5.16.1)

---
updated-dependencies:
- dependency-name: github.com/containers/image/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-10-06 08:29:03 +00:00
Miloslav Trmač
e19b57c3b9 Update github.com/containerd/containerd to v1.5.7 
... to include a fix for
https://github.com/advisories/GHSA-c2h3-6mxw-7mvq .

(Note that Skopeo doesn't depend on the vulnerable code,
so this is primarily to avoid dependency checker warnings.)

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2021-10-05 18:45:24 +02:00
dependabot[bot]
12d0103730 Bump github.com/containers/storage from 1.36.0 to 1.37.0 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.36.0 to 1.37.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.36.0...v1.37.0)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-10-01 08:33:20 +00:00
Miloslav Trmač
52dafe8f8d Update to github.com/vbauerster/mpb v7.1.5 
... to fix https://github.com/vbauerster/mpb/issues/100 .

> go get github.com/vbauerster/mpb/v7@latest
> make vendor

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2021-09-20 15:43:07 +02:00
dependabot[bot]
a837fbe28b Bump github.com/containers/storage from 1.35.0 to 1.36.0 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.35.0 to 1.36.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.35.0...v1.36.0)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-09-13 08:31:20 +00:00
dependabot[bot]
a2d083ca84 Bump github.com/containers/image/v5 from 5.15.2 to 5.16.0 
Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.15.2 to 5.16.0.
- [Release notes](https://github.com/containers/image/releases)
- [Commits](https://github.com/containers/image/compare/v5.15.2...v5.16.0)

---
updated-dependencies:
- dependency-name: github.com/containers/image/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-26 08:30:41 +00:00
Miloslav Trmač
c399909f04 Update non-module dependencies 
Dependabot was apparently not picking these up (and
several haven't had a release for a long time anyway).

Also move from github.com/go-check/check to its newly
declared (and go.mod-enforced) name gopkg.in/check.v1.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2021-08-23 15:52:48 +02:00
dependabot[bot]
102e2143ac Bump github.com/containers/image/v5 from 5.15.1 to 5.15.2 
Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.15.1 to 5.15.2.
- [Release notes](https://github.com/containers/image/releases)
- [Commits](https://github.com/containers/image/compare/v5.15.1...v5.15.2)

---
updated-dependencies:
- dependency-name: github.com/containers/image/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-19 08:32:27 +00:00