Bump oras.land/oras-go/v2 from 2.3.1 to 2.4.0

[dependabot[bot]]

Bumps oras.land/oras-go/v2 from 2.3.1 to 2.4.0.

Release notes

Sourced from oras.land/oras-go/v2's releases.

v2.4.0

Breaking Changes

• Upgrade to image-spec v1.1.0-rc6 and distribution-spec v1.1.0-rc4
  • Validate the Content-type header of the response when accessing the Referrers API
  • When pushing manifests with a subject field, if the OCI-Subject header is not set in the response, the registry is considered as not supporting the Referrers API

[!WARNING] There are no API changes in oras-go. However, when pushing and deleting manifests with a subject field, as well as querying the Referrers API, registries that implement older versions of distribution-spec may be considered as not supporting the Referrers API. In such cases, the Referrers tag schema will be used instead.

Known compatible registries:

• Zot v2.0.0-rc5 and later versions
• Harbor v2.10.0 and later versions

New Features

• Move package credentials from github.com/oras-project/oras-credentials-go to oras.land/oras-go/v2/registry/remote/credentials, which supports reading, saving, and removing credentials from Docker configuration files and external credential stores that follow the Docker credential helper protocol
• Support deletion and garbage collection in oci package
• Add registry.Referrers for listing referrers on any ReadOnlyGraphStorage
• Introduce SkipNode for CopyGraphOptions.PreCopy to signal oras.CopyGraph to stop copying a node
• Introduce SkipUnpack option on file.Store to skip unpacking compressed directories

Performance Improvements

• Improve authorization token caching
  • Support per-host scope hints, fixing #581
  • Introduce auth.NewSingleContextCache that creates a host-based cache for optimizing the auth flow for non-compliant registries
• Optimize Copy efficiency
  • Add MountFrom and OnMounted to oras.CopyGraphOptions to support mounting on copy

Bug Fixes

• Fix #692: index or manifest list without the OPTIONAL field platform cause panic (#695)

Other Changes

• Improve error messages and examples
• Include changes in v2.3.1

Detailed Commits

• feat: merge package credentials back from oras-credentials-go by @​Wwwsylvia in oras-project/oras-go#589
• feat: Add 'MemoryStore' by @​Uanid in oras-project/oras-go#602
• refactor: make credentials.NewMemoryStore return an interface by @​Wwwsylvia in oras-project/oras-go#605
• feat: support per-host scope hints by @​Wwwsylvia in oras-project/oras-go#604
• feat: support deletion for memory resolver by @​wangxiaoxuan273 in oras-project/oras-go#607
• feat: support deletion for OCI storage by @​wangxiaoxuan273 in oras-project/oras-go#608
• fix: package credentials to support legacy auth keys in docker config by @​Wwwsylvia in oras-project/oras-go#617
• feat: support deletion for memory graph by @​wangxiaoxuan273 in oras-project/oras-go#606

... (truncated)

Commits

• 850a247 refactor: remove AutoRemoveReferrers flag (#683)
• fa548ab fix: fix the potential panic error if there is no platform in the index or ma...
• 66ea3df refactor: upgrade to distribution-spec v1.1.0-rc4 (#690)
• 64fedf4 feat: mark untagged manifests as garbage during GC and delete (#680)
• 82cc505 feat: allow skip unpack on push to file store (#679)
• acd6276 build(deps): use image-spec v1.1.0-rc6 instead of rc.6 (#687)
• baba4db build(deps): bump github.com/opencontainers/image-spec from 1.1.0-rc5 to 1.1....
• d8783fe feat: error type for not finding basic auth creds and export config path (#674)
• 3b1dd0e feat: Public GC function of oci.Store (#656)
• c34d275 docs: add example to parse reference with digest (#675)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[eks-distro-bot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a aws member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[abhay-krishna]

/retest

[g-gaston]

@dependabot rebase

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 73.55%. Comparing base (7ba9b3c) to head (51463d7). Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #7486   +/-   ##
=======================================
  Coverage   73.55%   73.55%           
=======================================
  Files         588      588           
  Lines       37176    37176           
=======================================
  Hits        27346    27346           
  Misses       8035     8035           
  Partials     1795     1795           

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[g-gaston]

/lgtm /approve

[eks-distro-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: g-gaston

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• ~~OWNERS~~ [g-gaston]

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment