github/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2025-10-21 10:53:32 +00:00
Code Issues Projects Releases Wiki Activity
2,211 Commits 18 Branches 102 Tags
049163fcec7a082f540ee36b5c94fd0d7a19d4dd
Commit Graph

248 Commits

Author SHA1 Message Date
Miloslav Trmač
049163fcec Update to github.com/containers/image/v5 v5.22.0 
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-07-25 18:05:03 +02:00
dependabot[bot]
b42e664854 Bump github.com/containers/storage from 1.41.0 to 1.42.0 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.41.0 to 1.42.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.41.0...v1.42.0)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-22 08:17:06 +00:00
dependabot[bot]
ee477d8877 Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.1 to 1.9.0.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-19 08:11:51 +00:00
Miloslav Trmač
06be7a1559 Vendor in c/image with sigstore support 
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-07-12 13:46:56 +02:00
Miloslav Trmač
62158a58bc Vendor unreleased c/image with OCI artifact support 
including https://github.com/containers/image/pull/1574 .

> go get github.com/containers/image/v5@main
> make vendor

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-07-01 17:35:04 +02:00
dependabot[bot]
331162358b Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.5 to 1.8.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.5...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-30 08:17:49 +00:00
dependabot[bot]
899d3686f9 Bump github.com/stretchr/testify from 1.7.4 to 1.7.5 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.4 to 1.7.5.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.4...v1.7.5)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-24 08:34:09 +00:00
Daniel J Walsh
1a98f253b4 Merge pull request #1687 from containers/dependabot/go_modules/github.com/stretchr/testify-1.7.4 
Bump github.com/stretchr/testify from 1.7.2 to 1.7.4
 2022-06-21 13:08:58 -04:00
dependabot[bot]
2f77d21343 Bump github.com/stretchr/testify from 1.7.2 to 1.7.4 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.2 to 1.7.4.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.2...v1.7.4)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-21 08:13:03 +00:00
dependabot[bot]
2009d1c61e Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-21 08:12:52 +00:00
dependabot[bot]
e9379d15d2 Bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.16+incompatible to 20.10.17+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.16...v20.10.17)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-07 08:19:08 +00:00
dependabot[bot]
69840fd082 Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.1...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-06 14:50:42 +00:00
dependabot[bot]
63622bc7c4 Bump github.com/containers/ocicrypt from 1.1.4 to 1.1.5 
Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/containers/ocicrypt/releases)
- [Commits](https://github.com/containers/ocicrypt/compare/v1.1.4...v1.1.5)

---
updated-dependencies:
- dependency-name: github.com/containers/ocicrypt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-06 08:16:08 +00:00
Miloslav Trmač
00a58e48b1 Update to github.com/opencontainers/runc >= 1.1.2 
... to silence Dependabot alerts about CVE-2022-29162 = GHSA-f3fp-gc8g-vw66.

Note that the vulnerable code is not actually included in Skopeo at all,
this is purely to silence imprecise vulnerability checkers.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-05-31 01:23:51 +02:00
Miloslav Trmač
0a3be734a9 Update to gopkg.in/yaml.v3 v3.0.0 
... to include a fix for CVE-2022-28948 = GHSA-hp87-p4gw-j4gq .

Note that the package is only used for Skopeo's tests, so
Skopeo's users can't reach the vulnerable code.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-05-26 20:30:59 +02:00
Miloslav Trmač
1ebb2520ca Update c/image 
... to bring in github.com/proglottis/gpgme 0.1.2.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-05-19 21:59:36 +02:00
dependabot[bot]
3eca480c2b Bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.15+incompatible to 20.10.16+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.15...v20.10.16)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-13 08:17:07 +00:00
dependabot[bot]
149dea8dce Bump github.com/containers/storage from 1.40.2 to 1.41.0 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.40.2 to 1.41.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.40.2...v1.41.0)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-12 08:10:20 +00:00
dependabot[bot]
13ceb93bdf Bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.14+incompatible to 20.10.15+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.14...v20.10.15)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-07 12:22:43 +00:00
Daniel J Walsh
75d94e790c Bump ocicrypt to v1.1.4 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-05-06 10:07:37 -04:00
Daniel J Walsh
737ed9c2a4 Vendor in containers/storage v1.40.2 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-05-03 13:06:55 -04:00
Daniel J Walsh
3c286dd1d1 Vendor in containers/(common, storage, image) 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-05-03 09:59:43 -04:00
Daniel J Walsh
8960ab3ce7 Update vendor of containers/(common,storage,image) 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-04-22 06:45:18 -04:00
Miloslav Trmač
4811c07d71 Update users of deprecated io/ioutil 
Mostly just name changes that should not change behavior, apart
from ioutil.ReadDir -> os.ReadDir avoiding per-item lstat(2) in
one case.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-04-13 20:13:52 +02:00
James Hewitt
38ae81fa03 Bump containers/image to include sign identity option 
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
 2022-03-30 22:02:40 +01:00
Lokesh Mandvekar
3bc062423e Bump github.com/prometheus/client_golang to v1.11.1 
Resolves: CVE-2022-21698

Skopeo isn't actually impacted by the CVE unless a Prometheus listener
is set up, which is not a part of Skopeo's default behavior.

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2022-03-24 14:57:52 -04:00
dependabot[bot]
89cd19519f Bump github.com/containers/common from 0.47.4 to 0.47.5 
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.47.4 to 0.47.5.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](https://github.com/containers/common/compare/v0.47.4...v0.47.5)

---
updated-dependencies:
- dependency-name: github.com/containers/common
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-24 17:41:02 +00:00
dependabot[bot]
7f6b0e39d0 Bump github.com/containers/storage from 1.38.2 to 1.39.0 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.38.2 to 1.39.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.38.2...v1.39.0)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-24 17:14:41 +00:00
dependabot[bot]
f6bf57460d Bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.13+incompatible to 20.10.14+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.13...v20.10.14)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-24 09:13:14 +00:00
dependabot[bot]
ac7edc7d10 Bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3 
Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/containers/ocicrypt/releases)
- [Commits](https://github.com/containers/ocicrypt/compare/v1.1.2...v1.1.3)

---
updated-dependencies:
- dependency-name: github.com/containers/ocicrypt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-21 09:10:52 +00:00
dependabot[bot]
5aaf3a9e4c Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.0...v1.7.1)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-16 09:19:41 +00:00
Daniel J Walsh
0f701726bd Merge pull request #1589 from containers/dependabot/go_modules/github.com/docker/docker-20.10.13incompatible 
Bump github.com/docker/docker from 20.10.12+incompatible to 20.10.13+incompatible
 2022-03-11 05:01:09 -05:00
dependabot[bot]
ad3e8f407d Bump github.com/spf13/cobra from 1.3.0 to 1.4.0 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-11 09:11:45 +00:00
dependabot[bot]
0703ec6ce8 Bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.12+incompatible to 20.10.13+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.12...v20.10.13)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-11 09:11:37 +00:00
Miloslav Trmač
5200272846 Update github.com/containerd/containerd 
$ go get -u github.ccom/containerd/containerd
$ make vendor

... to silence warnings about https://github.com/advisories/GHSA-crp2-qrr5-8pq7 ,
in code we don't use.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-03-04 19:26:12 +01:00
dependabot[bot]
0ad25b2d33 Bump github.com/containers/image/v5 from 5.19.1 to 5.20.0 
Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.19.1 to 5.20.0.
- [Release notes](https://github.com/containers/image/releases)
- [Commits](https://github.com/containers/image/compare/v5.19.1...v5.20.0)

---
updated-dependencies:
- dependency-name: github.com/containers/image/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-02 09:21:25 +00:00
tomsweeneyredhat
27b77f2bde Bump c/common to v0.47.4 
As the title says

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
 2022-02-09 19:23:20 -05:00
Daniel J Walsh
162bbab3a6 Bump version of containers/image and containers/common 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-02-02 14:40:05 -05:00
Daniel J Walsh
7f4db3db9d Update vendor of containers/storage and containers/common 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-01-31 17:27:05 -05:00
Daniel J Walsh
042f481629 Update vendor of containers/common 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-01-26 12:49:18 -05:00
dependabot[bot]
b51707d50d Bump github.com/containers/storage from 1.38.0 to 1.38.1 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.38.0 to 1.38.1.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.38.0...v1.38.1)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-26 12:42:07 +00:00
Valentin Rothberg
bb49923af4 prompt-less signing via passphrase file 
To support signing images without prompting the user, add CLI flags for
providing a passphrase file.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2022-01-26 08:30:49 +01:00
Daniel J Walsh
923c58a8ee Update the vendor of containers/common 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-01-20 13:30:07 -05:00
dependabot[bot]
1bf18b7ef8 Bump github.com/containers/storage from 1.37.0 to 1.38.0 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.37.0 to 1.38.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.37.0...v1.38.0)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-20 09:10:51 +00:00
Miloslav Trmač
d32c56b47f Update github.com/containerd/containerd to 1.5.9 
> go get github.com/containerd/containerd@latest
> make vendor

... because 1.5.9 contains a vulnerability fix, and we
want to silence scanners.

NOTE: Skopeo DOES NOT use the vulnerable code that
was fixed in containerd 1.5.9, so it is NOT vulnerable to
GHSA-mvff-h3cj-wj9c .

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-01-06 22:11:46 +01:00
Miloslav Trmač
6007e792e4 Fix the pseudo-version of github.com/opencontainers/image-spec 
> go get github.com/opencontainers/image-spec@a5463b7f9c8451553af3adcba2cab538469df00c
> make vendor

Primarily we want to use a 1.0.3-0... version rather than 1.0.2-0..., so that
dependencies on 1.0.2 don't cause Skopeo to use 1.0.2 instead of
the later main-branch code.

Go has some logic to prevent using pseudo-version that don't follow
a released version (which is the case here, where 1.0.2 is on a branch,
and we want to use a main-branch commit instead); luckily some later
PRs on the main branch include the full contents of the 1.0.2 branch.
So, update a bit further along the main branch.

This particular commit corresponds to the choice in
https://github.com/containers/image/pull/1433 .

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-01-06 22:11:14 +01:00
Miloslav Trmač
5aa06a51f4 Update github.com/opencontainers/runc to v1.0.3 
... to silence warnings about CVE-2021-43784
/ GHSA-v95c-p5hm-xq8f .

NOTE: The vulnerable code was not used in this package,
so Skopeo is has not been vulnerable to this issue.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-01-03 12:51:52 +01:00
dependabot[bot]
f6a84289eb Bump github.com/spf13/cobra from 1.2.1 to 1.3.0 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.2.1 to 1.3.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.2.1...v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-15 09:33:22 +00:00
dependabot[bot]
c5b45c6c49 Bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.11+incompatible to 20.10.12+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.11...v20.10.12)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-14 09:33:41 +00:00
James Hewitt
2046bfdaaa Add option to preserve digests on copy 
When enabled, if digests can't be preserved an error will be raised.

Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
 2021-12-07 13:16:10 +00:00