Releases · google/go-containerregistry (original) (raw)
v0.21.7
What's Changed
- tarball: return error instead of panicking on missing rootfs.diff_ids by @iahsanGill in #2304
- gcrane: honor --platform flag in copy by @iahsanGill in #2307
- mutate: verify layer digests in Extract and Time by @momenashrafff in #2303
- tarball: close layer readers during Write by @nandbhat in #2308
- build(deps): bump the actions group across 1 directory with 2 updates by @dependabot[bot] in #2311
- build(deps): bump github.com/docker/cli from 29.4.3+incompatible to 29.5.2+incompatible in the go-deps group across 1 directory by @dependabot[bot] in #2312
- BUGFIX: Fail with error when read exceeds maximum by @inteon in #2328
- build(deps): bump the actions group across 1 directory with 2 updates by @dependabot[bot] in #2327
- fix(name): anchor loopback registry detection by @rohan-patnaik in #2314
- Reject symlinks in OCI layout blobs by @mosskappa in #2306
- fix(crane): avoid creating export tar on pull failure by @Haihan-Jiang in #2318
- feat(kubernetes): allow ignoring pull secrets by @rohan-patnaik in #2315
- fix(name): preserve localhost registry references by @rohan-patnaik in #2316
- pkg/registry: export ErrNotFound by @malt3 in #2176
- pkg/registry: export RedirectError by @malt3 in #2177
- build(deps): bump the go-deps group across 1 directory with 2 updates by @dependabot[bot] in #2343
- build(deps): bump the actions group across 1 directory with 2 updates by @dependabot[bot] in #2344
- fix: prevent SSRF in google.List() pagination by @tufstraka in #2332
- internal/gzip: fix goroutine leak in ReadCloserLevel by @amarkdotdev in #2347
- fix(transport): apply refreshed bearer token after cross-host redirect by @64johnlee in #2337
- build(deps): bump the go-deps group across 3 directories with 4 updates by @dependabot[bot] in #2348
- fix(tarball): normalize paths when matching files by @bstoll in #2334
- transport: do not re-attach bearer token after cross-host redirect by @evilgensec in #2349
- Bump CI go version to 1.26.4 by @Subserial in #2350
New Contributors
- @momenashrafff made their first contribution in #2303
- @nandbhat made their first contribution in #2308
- @inteon made their first contribution in #2328
- @rohan-patnaik made their first contribution in #2314
- @mosskappa made their first contribution in #2306
- @Haihan-Jiang made their first contribution in #2318
- @tufstraka made their first contribution in #2332
- @amarkdotdev made their first contribution in #2347
- @64johnlee made their first contribution in #2337
- @bstoll made their first contribution in #2334
Full Changelog: v0.21.6...v0.21.7
v0.21.6
What's Changed
- fix: update dependencies to use new azure sdk components by @gaganhr94 in #2262
- transport: restore resp.Body in retryError so CheckError can parse it by @alliasgher in #2264
- pkg/registry: return 202 Accepted for PATCH chunk uploads by @alliasgher in #2265
- Follow OCI distribution spec for artifactType and annotations by @malt3 in #2269
- actions: attach Codecov token to coverage tests on main by @Subserial in #2270
- remote: use DeleteScope (with "delete" action) for manifest deletion by @alliasgher in #2266
- remote: limit concurrent layer pulls by @gnix0 in #2271
- pkg/registry: reject corrupt disk blobs by @gnix0 in #2272
- mutate: close layer readers during export by @gnix0 in #2277
- crane/flatten: preserve image media type when flattening by @alliasgher in #2267
- build(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.2.1 in the actions group across 1 directory by @dependabot[bot] in #2273
- build(deps): bump go.opentelemetry.io/otel from 1.36.0 to 1.41.0 by @dependabot[bot] in #2278
- build(deps): bump the go-deps group across 3 directories with 6 updates by @dependabot[bot] in #2280
- Replace go-homedir with os.UserHomeDir by @jammie-jelly in #2282
- pkg/name: only treat .localhost as non-HTTPS, not .local by @blackwell-systems in #2281
- transport: block unspecified IPs (0.0.0.0, ::) in validateRealmURL by @marwan9696 in #2285
- test(mutate): add Extract round-trip test for filesystem object preservation by @blackwell-systems in #2283
- experiments: remove deprecated support for estargz by @thaJeztah in #2288
- build(deps): bump aws-actions/configure-aws-credentials from 6.1.0 to 6.1.1 in the actions group by @dependabot[bot] in #2289
- fix: limit HTTP response body reads to prevent OOM by @evilgensec in #2296
- build(deps): bump the go-deps group across 3 directories with 6 updates by @dependabot[bot] in #2297
- transport: block redirects from token server to private/link-local addresses (SSRF fix) by @evilgensec in #2292
- pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract by @anishesg in #2279
- validate: skip non-layer layers by @imjasonh in #2298
- remote: validate foreign layer URLs to prevent SSRF (fixes #2259) by @evilgensec in #2293
- remote: block SSRF via private-IP Location headers in blob uploads by @adilburaksen in #2295
- fix(mutate): preserve config blob and layers for non-Docker OCI artifacts by @blackwell-systems in #2286
- fix: preserve per-occurrence layer identity in mutate.Image.Layers() by @iahsanGill in #2299
- transport: retry HTTP 429 (Too Many Requests) by @iahsanGill in #2301
- transport: allow bearer realm at same host:port as registry by @iahsanGill in #2302
- Update go version to 1.26.3 by @Subserial in #2300
New Contributors
- @gaganhr94 made their first contribution in #2262
- @alliasgher made their first contribution in #2264
- @malt3 made their first contribution in #2269
- @gnix0 made their first contribution in #2271
- @blackwell-systems made their first contribution in #2281
- @marwan9696 made their first contribution in #2285
- @anishesg made their first contribution in #2279
- @adilburaksen made their first contribution in #2295
- @iahsanGill made their first contribution in #2299
Full Changelog: v0.21.5...v0.21.6
v0.21.5
What's Changed
- Bump docker/cli v29.4.0, moby/api v1.54.1, moby/client v0.4.0 by @thaJeztah in #2254
- update to Go 1.26.2 by @thaJeztah in #2255
- Bump aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0 in the actions group across 1 directory by @dependabot[bot] in #2257
- build(deps): bump golang.org/x/tools from 0.43.0 to 0.44.0 in the go-deps group across 1 directory by @dependabot[bot] in #2260
Full Changelog: v0.21.4...v0.21.5
v0.21.4
What's Changed
- go.mod: do not make a viral minimum go version by @howardjohn in #2237
- Avoid pruning absolute links from extracted and flattened images by @Subserial in #2241
- Bump the go-deps group across 3 directories with 5 updates by @dependabot[bot] in #2245
- fix: update to go1.25.8, and use separate .go-version file by @thaJeztah in #2246
- Bump CI go version to 1.26.1 by @Subserial in #2242
- Bump codecov/codecov-action from 5.5.2 to 5.5.3 in the actions group by @dependabot[bot] in #2240
- fork distribution client v3 auth-challenge as an internal package (squashed) by @thaJeztah in #2248
- transport: validate Bearer realm URL to prevent SSRF by @evilgensec in #2243
- revert path traversal and symlink escape from #2227 by @Subserial in #2250
- Fix pkg/v1/google/auth tests for arm64 by @Subserial in #2085
- goreleaser: Update goreleaser config and GH action by @Subserial in #2253
New Contributors
- @evilgensec made their first contribution in #2243
Full Changelog: v0.21.3...v0.21.4
v0.21.3
What's Changed
- Adds local file support to the
crane indexsubcommand by @edwardthiele in #2223 - migrate to github.com/moby/moby modules by @thaJeztah in #2228
- Bump the go-deps group across 4 directories with 7 updates by @dependabot[bot] in #2233
- Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 in the actions group by @dependabot[bot] in #2220
- mutate: reject path traversal and symlink escape in Extract by @KevinZhao in #2227
- tarball: detect symlink cycles in extractFileFromTar by @vnykmshr in #2232
- bump golang to 1.25.7 by @Subserial in #2236
New Contributors
- @edwardthiele made their first contribution in #2223
- @thaJeztah made their first contribution in #2228
- @KevinZhao made their first contribution in #2227
- @vnykmshr made their first contribution in #2232
Full Changelog: v0.21.2...v0.21.3
v0.21.2
v0.21.1
v0.21.0
v0.20.7
What's Changed
- Fix ArgsEscaped lint directive by @Subserial in #2137
- transport: Fix broken links to distribution docs by @guzalv in #2136
- fix(remote): using customized retry predicate func if provided by @derekhjray in #2135
- Adding docker file by @HassanJasim in #2138
- crane: Add timestamp to flatten layer by @Stephanie0829 in #2117
- feat(remote): pass retryBackoff option to transport by @aslafy-z in #1628
- Expose clobber refusal error by @pjbgf in #2146
- Build artifacts for riscv64 by @ffgan in #2159
- Update dependencies and deprecate DockerVersion field by @Subserial in #2164
New Contributors
- @guzalv made their first contribution in #2136
- @derekhjray made their first contribution in #2135
- @HassanJasim made their first contribution in #2138
- @Stephanie0829 made their first contribution in #2117
- @pjbgf made their first contribution in #2146
- @ffgan made their first contribution in #2159
Full Changelog: v0.20.6...v0.20.7