Bump github.com/containers/image/v5 from 5.22.0 to 5.24.1 #117

dependabot · 2023-02-10T12:00:06Z

Bumps github.com/containers/image/v5 from 5.22.0 to 5.24.1.

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.24.1

Try to reconnect on some aborted layer downloads

v5.24.0

Now supports both creating and verifying sigstore signatures that use Fulcio and Rekor. A New API for signing images during copy. docker-archive: now can read non-seekable streams. Improved error messages for registry errors.

Introduce oci/{archive,layout}.ImageNotFoundError

Don't use any default path fallbacks if the user specified a path

Introduce signature/sigstore.NewSigner

Introduce signature/simplesigning.NewSigner

Add pkg/cli/sigstore

Add functional-option NewPRSigstoreSigned

Add signature/sigstore.GenerateKeyPair

Avoid confusion about 404 on lookaside

Heuristically warn about lookaside servers serving HTML

Add a limit for the total number of signatures in lookaside

Update the public.ecr.aws error with current data

Add a test for isManifestUnknownError

Consolidate handleErrorResponse calls to registryHTTPResponseToError

Discard any but the first element of errcode.Errors

Add more detailed error tests

Make invalid HTTP bodies unwrappable as unexpectedHTTPResponseError

Use registryHTTPResponseToError on /tags/list failure

Simplify error messages using the default error text

Use registryHttpResponseToError in many more places

set directory transport destination as thread-safe

Recognize invalid error responses of registry.redhat.io

Make the pseudo-config used in sigstore attachments a bit more valid

Convert TestSignatureStorageBaseURL to table-based

Don't call net/url.URL.Parse when we mean net/url.Parse

Rename all "url" variables to something else

Fix documentation comment of the stubs package

Simplify ociReference.getManifestDescriptor

Simplify ociReference.getManifestDescriptor a bit

Fix typos

Remove unnecessary conversions

Actually test the caller-requested function

Remove ineffective assignments

Fix an always-true condition

Fix unordered list formatting in containers-policy.json(5)

docker/reference: reduce regex compilations

docker/reference/regexp.go: constify strings

docker/reference.literal: return QuoteMeta directly

docker/reference.expression: use strings.Join()

Run (gofmt -s)

Don't incorrectly report success on failure paths

... (truncated)

Commits

fbb8fea Release 5.24.1
a5dd6d3 Reconnecting blob reader
829be36 Split dockerClient.resolveRequestURL from makeRequest
109c0b0 Bump to v5.24.1-dev
a3252d0 Release v5.24.0
ed23a00 Merge pull request #1810 from mtrmac/generate-sigstore-key
187ad35 Add signature/sigstore.GenerateKeyPair
c42c14f Merge pull request #1808 from containers/renovate/github.com-containers-stora...
add3202 fix(deps): update module github.com/containers/storage to v1.45.3
24781db Merge pull request #1778 from mtrmac/fulcio-verification
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.22.0 to 5.24.1. - [Release notes](https://github.com/containers/image/releases) - [Commits](containers/image@v5.22.0...v5.24.1) --- updated-dependencies: - dependency-name: github.com/containers/image/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2023-02-22T11:59:41Z

Superseded by #118.

dependabot bot added the dependencies Pull requests that update a dependency file label Feb 10, 2023

dependabot bot mentioned this pull request Feb 10, 2023

Bump github.com/containers/image/v5 from 5.22.0 to 5.24.0 #116

Closed

dependabot bot closed this Feb 22, 2023

dependabot bot deleted the dependabot/go_modules/github.com/containers/image/v5-5.24.1 branch February 22, 2023 11:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump github.com/containers/image/v5 from 5.22.0 to 5.24.1 #117

Bump github.com/containers/image/v5 from 5.22.0 to 5.24.1 #117

Uh oh!

dependabot bot commented on behalf of github Feb 10, 2023

Uh oh!

dependabot bot commented on behalf of github Feb 22, 2023

Uh oh!

Uh oh!

Bump github.com/containers/image/v5 from 5.22.0 to 5.24.1 #117

Bump github.com/containers/image/v5 from 5.22.0 to 5.24.1 #117

Uh oh!

Conversation

dependabot bot commented on behalf of github Feb 10, 2023

v5.24.1

v5.24.0

Uh oh!

dependabot bot commented on behalf of github Feb 22, 2023

Uh oh!

Uh oh!