github/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2025-09-21 01:49:50 +00:00
Code Issues Projects Releases Wiki Activity
2,763 Commits 18 Branches 102 Tags
release-1.14
Commit Graph

126 Commits

Author SHA1 Message Date
tomsweeneyredhat
528de2ba55 [release-1.14] Bump ocicrypt and go-jose CVE-2024-28180 
Bump github.com/go-jose/go-jose to v3.0.0 and
github.com/containers/ocicrypt to v1.1.10

Addresses: CVE-2024-28180
https://issues.redhat.com/browse/RHEL-28736
https://issues.redhat.com/browse/RHEL-28728
https://issues.redhat.com/browse/OCPBUGS-30723

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
 2024-04-11 11:20:22 -04:00
renovate[bot]
e51dbbd89f fix(deps): update module golang.org/x/term to v0.16.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-01-04 16:31:25 +00:00
renovate[bot]
48d11dac3f fix(deps): update golang.org/x/exp digest to 6522937 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-12-04 14:05:30 +00:00
renovate[bot]
9f52e728f7 fix(deps): update module golang.org/x/term to v0.15.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-11-27 19:58:24 +00:00
Miloslav Trmač
518181e595 Update c/image and c/common to latest 
... to include https://github.com/containers/image/pull/2173
and https://github.com/containers/common/pull/1731 .

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-11-16 18:21:43 +01:00
renovate[bot]
a8e7d94ebe fix(deps): update module golang.org/x/term to v0.14.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-11-08 08:11:46 +00:00
renovate[bot]
fa3e62f21b chore(deps): update module golang.org/x/net to v0.17.0 [security] 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-10-16 14:21:02 +00:00
renovate[bot]
538dd6f3b4 fix(deps): update module golang.org/x/term to v0.13.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-10-05 19:58:47 +00:00
renovate[bot]
32c8a05a24 fix(deps): update module github.com/containers/image/v5 to v5.28.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-09-13 19:19:23 +02:00
renovate[bot]
427e58f5f5 fix(deps): update golang.org/x/exp digest to 9212866 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-09-06 00:23:35 +00:00
renovate[bot]
897619f6b5 fix(deps): update github.com/containers/image/v5 digest to 58d5eb6 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-09-04 18:19:51 +00:00
Miloslav Trmač
4ee2946bbc Update c/image after https://github.com/containers/image/pull/2070 
> go get github.com/containers/image/v5@main
> make vendor

This moves c/image to a commit that includes both the work on main
that we were already vendoring, and the last tagged version 5.27.0.

That should prevent Renovate from proposing downgrades which fail tests:
- https://github.com/containers/skopeo/pull/2065
- https://github.com/containers/skopeo/pull/2066

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-08-14 20:24:51 +02:00
renovate[bot]
276b80955a fix(deps): update module golang.org/x/term to v0.11.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-08-04 16:44:37 +00:00
Miloslav Trmač
60ee543f7f Update c/image for golang.org/x/exp 
> go get github.com/containers/image/v5@main
> go mod tidy && go mod vendor

This updates c/image with a new version of x/exp.
That package has changed API in an incompatible way,
so just bumping x/exp (as in https://github.com/containers/skopeo/pull/2060 )
would break Skopeo builds.

This updates both c/image and x/exp in lockstep (and nothing
needs updating in Skopeo itself for the x/exp breakage).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-08-02 22:41:44 +02:00
renovate[bot]
2945e9e039 Update module golang.org/x/term to v0.10.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-07-06 13:10:13 +00:00
renovate[bot]
bfa04ea246 Update module github.com/containers/common to v0.54.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-06-28 23:02:07 +00:00
renovate[bot]
1d5458fa7c Update module github.com/containers/image/v5 to v5.26.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-06-28 19:04:12 +00:00
renovate[bot]
ceeeb67e6b Update module golang.org/x/term to v0.9.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-06-14 16:09:34 +00:00
renovate[bot]
1c7388064a Update github.com/containers/image/v5 digest to e14c1c5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-06-01 01:10:03 +00:00
Miloslav Trmač
44ed4cea0a Update c/image with https://github.com/containers/image/pull/1944 
... to update github.com/opencontainers/image-spec to v1.1.0-rc3.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-05-05 20:07:59 +02:00
renovate[bot]
2825ffd9ea Update module golang.org/x/term to v0.8.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-05-04 17:54:52 +00:00
renovate[bot]
03e18aa99c Update golang.org/x/exp digest to 47ecfdc 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-05-01 02:12:10 +00:00
renovate[bot]
5f0314f342 Update module github.com/containers/common to v0.52.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-04-11 17:35:08 +00:00
renovate[bot]
03ca2871fe fix(deps): update module golang.org/x/term to v0.7.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-04-05 15:45:36 +00:00
Lokesh Mandvekar
20447df139 bump golang.org/x/net to v0.8.0 
Resolves: CVE-2022-41723
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-41723

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2023-03-15 18:58:10 +05:30
renovate[bot]
3481a5b927 Update module golang.org/x/term to v0.6.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-03-05 03:40:10 +00:00
Miloslav Trmač
643a2359e4 Update c/image after https://github.com/containers/image/pull/1816 
... to work around some of the "unexpected EOF" failures.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-02-09 20:36:27 +01:00
renovate[bot]
2acac8a6c2 Update module golang.org/x/term to v0.5.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-07 21:58:55 +00:00
renovate[bot]
f9e2c67648 Update golang.org/x/exp digest to 46f607a 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-06 22:14:39 +00:00
Miloslav Trmač
f2b3a9c04b Use golang.org/x/exp 
... instead of open-coding loops.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-02-02 22:27:35 +01:00
Miloslav Trmač
bb1ac89327 Add support for Fulcio and Rekor, and --sign-by-sigstore=param-file 
(skopeo copy) and (skopeo sync) now support --sign-by-sigstore=param-file,
using the containers-sigstore-signing-params.yaml(5) file format.

That notably adds support for Fulcio and Rekor signing.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-01-14 13:33:57 +01:00
Miloslav Trmač
03b5bdec24 Update c/image after https://github.com/containers/image/pull/1787 
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-01-14 13:33:00 +01:00
renovate[bot]
58bccf3882 fix(deps): update module golang.org/x/term to v0.4.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-01-04 18:38:35 +00:00
Colin Walters
960713da32 vendor: Bump golang.org/x/net to 4.0 
I originally thought I needed this to fix a build, but that
was apparently not the case.

Signed-off-by: Colin Walters <walters@verbum.org>
 2022-12-13 16:36:57 -05:00
renovate[bot]
46d48295fb fix(deps): update module golang.org/x/term to v0.3.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2022-12-06 19:47:04 +00:00
renovate[bot]
8410bfdd91 fix(deps): update module golang.org/x/term to v0.2.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2022-11-07 22:25:08 +00:00
Miloslav Trmač
5c69302d75 Update to c/image main branch 
> go get github.com/containers/image/v5@main
> make vendor

... to make sure that we don't regress against Skopeo 1.9.3.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-10-20 20:09:25 +02:00
Daniel J Walsh
ee84302b60 Update vendor containers/(common,image) 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-09-30 06:38:07 -04:00
Miloslav Trmač
4b9ffac0cc Update for c/image's update of github.com/gobuffalo/pop 
> go get github.com/containers/image/v5@main
> go mod tidy -go=1.16 && go mod tidy -go=1.17
> make vendor

The (go mod tidy) pair is necessary to keep c/image CI working.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-08-23 22:00:00 +02:00
dependabot[bot]
ee477d8877 Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.1 to 1.9.0.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-19 08:11:51 +00:00
Miloslav Trmač
06be7a1559 Vendor in c/image with sigstore support 
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-07-12 13:46:56 +02:00
Miloslav Trmač
62158a58bc Vendor unreleased c/image with OCI artifact support 
including https://github.com/containers/image/pull/1574 .

> go get github.com/containers/image/v5@main
> make vendor

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-07-01 17:35:04 +02:00
Miloslav Trmač
a3a72342f2 Update go.mod to Go 1.17 
> go mod tidy -go=1.17
> make vendor

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-06-08 16:46:38 +02:00
Daniel J Walsh
3c286dd1d1 Vendor in containers/(common, storage, image) 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-05-03 09:59:43 -04:00
Miloslav Trmač
5200272846 Update github.com/containerd/containerd 
$ go get -u github.ccom/containerd/containerd
$ make vendor

... to silence warnings about https://github.com/advisories/GHSA-crp2-qrr5-8pq7 ,
in code we don't use.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-03-04 19:26:12 +01:00
dependabot[bot]
0ad25b2d33 Bump github.com/containers/image/v5 from 5.19.1 to 5.20.0 
Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.19.1 to 5.20.0.
- [Release notes](https://github.com/containers/image/releases)
- [Commits](https://github.com/containers/image/compare/v5.19.1...v5.20.0)

---
updated-dependencies:
- dependency-name: github.com/containers/image/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-02 09:21:25 +00:00
Valentin Rothberg
bb49923af4 prompt-less signing via passphrase file 
To support signing images without prompting the user, add CLI flags for
providing a passphrase file.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2022-01-26 08:30:49 +01:00
Daniel J Walsh
923c58a8ee Update the vendor of containers/common 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-01-20 13:30:07 -05:00
dependabot[bot]
1bf18b7ef8 Bump github.com/containers/storage from 1.37.0 to 1.38.0 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.37.0 to 1.38.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.37.0...v1.38.0)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-20 09:10:51 +00:00
dependabot[bot]
f6a84289eb Bump github.com/spf13/cobra from 1.2.1 to 1.3.0 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.2.1 to 1.3.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.2.1...v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-15 09:33:22 +00:00