diun icon indicating copy to clipboard operation
diun copied to clipboard
verified publisher icon crazy-max

Bump github.com/containers/image/v5 from 5.21.1 to 5.22.0

Open dependabot[bot] opened this issue 3 years ago • 0 comments

Bumps github.com/containers/image/v5 from 5.21.1 to 5.22.0.

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.22.0

copy.Image can now copy non-image OCI artifacts.

Added support for sigstore signatures: they (and related cosign attachments) can be copied along with images after opt-in in registries.d. Signatures can be created by copy.Image and enforced via policy.json (currently with public/private key pairs only).

Now requires Go 1.17. GPGME now must be new enough to be visible via pkg-config.

github.com/pkg/errors is no longer used; that might affect caller-observable error types (in particular, errors.{As,Is} might need to be used instead of pkg/errors.Cause).

Changes default paths on FreeBSD.

  • Remove unused Makefile variables
  • Config files should live in /usr/local on FreeBSD
  • docker: validate received parts
  • Use go env to fetch the go path
  • docker: add workaround for CloudFront
  • Improve errors messages when image missing from list
  • Stop calling gpgme-config
  • Fix codespell errors
  • Make sure github.com/opencontainers/runc >= 1.1.2 is used
  • Cirrus: use Ubuntu 22.04 LTS
  • Merge pull request containers/image#1576 from mtrmac/private-image
  • Merge pull request containers/image#1577 from mtrmac/mocks
  • Merge pull request containers/image#1571 from mtrmac/go1.17
  • Merge pull request containers/image#1578 from mtrmac/sourced-image-struct
  • Fix error on parallel multiple image pullings with additionallayerstore
  • Merge pull request containers/image#1579 from mtrmac/copy-layers-refactor
  • Reject OCI artifacts in manifest.OCI1.ImageID
  • Reject OCI artifacts in manifest.OCI1.Inspect
  • Refuse to convert non-image OCI artifacts to Docker formats
  • Reject OCI artifacts in image.manifestOCI1.OCIConfig
  • Introduce SourcedImage.CanChangeLayerCompression, use it in copy.Image
  • Use an updated CI image
  • Use strings.ReplaceAll instead of strings.Replace(..., -1)
  • Move the main helper removal case to the main path on RemoveAllAuthentication
  • Merge pull request containers/image#1588 from mtrmac/pkg_errors
  • Merge pull request containers/image#1589 from mtrmac/private-dest-impls
  • Merge pull request containers/image#1590 from mtrmac/private-src-impls
  • Merge pull request containers/image#1592 from mtrmac/blobcache-wrap-private
  • Use "io.ReadAll" instead of "os.ReadAll"
  • Merge pull request containers/image#1596 from mtrmac/cosign-payload
  • Generalize copy.Image to be able to copy signatures with any format
  • Merge pull request containers/image#1593 from mtrmac/cosign-sigs
  • Introduce signature.Cosign as a format
  • Add use-cosign-attachments to registries.d/*.yaml
  • Add support for reading and writing Cosign attachments, incl. signatures
  • Merge pull request containers/image#1595 from mtrmac/cosign-docker
  • Add support for creating Cosign signatures

... (truncated)

Commits
  • 40af9b5 Release v5.22.0
  • dffdfcb Update to c/storage 1.42.0
  • 5a5cf3b Merge pull request #1417 from mtrmac/consolidate-GetSignatures
  • 1bdda15 Consolidate reading messages, and checking for support, into a helper
  • d3e2481 Read signatures from UnparsedImage instead of ImageSource directly
  • d877ef6 Merge pull request #1618 from containers/dependabot/go_modules/github.com/Bur...
  • 5676546 build(deps): bump github.com/BurntSushi/toml from 1.1.0 to 1.2.0
  • bf19265 Merge pull request #1617 from mtrmac/unused-param
  • f4febfc Silence a "potentially unused parameter" warning
  • 81eae1e Merge pull request #1603 from containers/dependabot/go_modules/github.com/the...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Jul 25 '22 06:07 dependabot[bot]