search

buildpacks / imgutil

Helpful utilities for working with images
Apache License 2.0
24 stars 41 forks source link

Bump github.com/google/go-containerregistry from 0.12.1 to 0.14.0 #185

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps github.com/google/go-containerregistry from 0.12.1 to 0.14.0.

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.14.0

Changelog

  • 9306ebad Allow crane edit to generate non-image artifacts (#1545)
  • de35f0f7 Allow setting Content-Type in crane edit manifest (#1551)
  • 4b081f80 Avoid v1.Manifest in crane edit config (#1583)
  • 1cfe1fc2 Bump aws-actions/configure-aws-credentials from 1.7.0 to 2.0.0 (#1593)
  • da1008fb Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 (#1548)
  • 86be45fb Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1 (#1547)
  • 62f183e5 Bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0 (#1556)
  • 1b8dc2ba Bump slsa-framework/slsa-github-generator from 1.2.2 to 1.5.0 (#1580)
  • 11843ba2 Enforce proper sha256 usage (#1544)
  • 2ceebaaf Implement crane index subcommand (#1561)
  • 9f42e028 Set mediaType for empty.ImageIndex in RawManifest (#1562)
  • 759b19f7 Support artifactType, for images whose config.mediaType is not a config (#1541)
  • b3c23b4c Support for OCI 1.1+ referrers via API (#1546)
  • 061ee6bf Support for OCI 1.1+ referrers via fallback tag (#1543)
  • 67703048 Update descriptor "data" field (when valid) during "crane edit config" (#1584)
  • 76bac933 Update release.yml (#1540)
  • eb7d746c authn: also read mount secrets (#1560)
  • e94d4089 bump deps using ./hack/bump-deps.sh (#1592)
  • 4e95ae2b crane: add --flatten for index append (#1566)
  • ff810c18 crane: add serve subcommand (#1586)
  • 8ea5e0e8 crane: support --omit-digest-tags in crane ls (#1528)
  • 824efc77 fix(mutate): also set timestamps only present in some formats (#1550)
  • e04520bc fix: Fix the crane release url and add more steps (#1532)
  • d8722327 hash: use generic instantiation (#1538)
  • 57f010d2 replace manual slsa-verifier installation with action (#1585)
  • 9cd098e3 skip tls verification if default transport is used with insecure option (#1559)
  • 36249683 tarball: pass imageToTags (#1563)

Container Images

https://gcr.io/go-containerregistry/crane:v0.14.0 https://gcr.io/go-containerregistry/gcrane:v0.14.0

For example:

docker pull gcr.io/go-containerregistry/crane:v0.14.0
docker pull gcr.io/go-containerregistry/gcrane:v0.14.0

v0.13.0

What's Changed

... (truncated)

Commits
  • 4b081f8 Avoid v1.Manifest in crane edit config (#1583)
  • 1cfe1fc Bump aws-actions/configure-aws-credentials from 1.7.0 to 2.0.0 (#1593)
  • e94d408 bump deps using ./hack/bump-deps.sh (#1592)
  • ff810c1 crane: add serve subcommand (#1586)
  • 57f010d replace manual slsa-verifier installation with action (#1585)
  • 6770304 Update descriptor "data" field (when valid) during "crane edit config" (#1584)
  • 1b8dc2b Bump slsa-framework/slsa-github-generator from 1.2.2 to 1.5.0 (#1580)
  • 8ea5e0e crane: support --omit-digest-tags in crane ls (#1528)
  • 4e95ae2 crane: add --flatten for index append (#1566)
  • 4a0e0af docs: Update crane installation and verification instructions (#1567)
  • Additional commits viewable in compare view


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
dependabot[bot] commented 1 year ago

Superseded by #199.