search

notaryproject / notation

A CLI tool to sign and verify artifacts
https://notaryproject.dev/
Apache License 2.0
351 stars 84 forks source link

build(deps): Bump oras.land/oras-go/v2 from 2.4.0 to 2.5.0 in /test/e2e #1035

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 2 months ago

Bumps oras.land/oras-go/v2 from 2.4.0 to 2.5.0.

Release notes

Sourced from oras.land/oras-go/v2's releases.

v2.5.0

[!TIP] Upgrade to v2.5.0 for optimal performance when compiled with Go 1.22 or later.

[!WARNING] v2.5.0 does not compile with Go 1.20.x or earlier.

New Features

Deprecation

  • oras.PackManifestVersion1_1_RC4 is deprecated and not recommended for future use. Use oras.PackManifestVersion1_1 instead.

Bug Fixes

Other Changes

  • Update the Go support window to [1.21, 1.22]
  • Update unit tests and examples
  • Improve performance

Detailed Commits

New Contributors

Full Changelog: https://github.com/oras-project/oras-go/compare/v2.4.0...v2.5.0

Commits
  • 9b6f321 fix(file.Store): fix race condition on restoring the same named content (#731)
  • 8f9f505 fix(DynamicStore): retry setCredsStore on next PUT (#728)
  • d3ff5dc fix: check empty registry name (#729)
  • 4503c31 perf: use new built-in methods introduced before go 1.22 (#726)
  • 8d139f0 test: add a new case for UnwrapNopCloser (#725)
  • bf0d637 build: bump go version (#715)
  • 0285961 feat: upgrade to distribution-spec v1.1.0 (#720)
  • be59736 build(deps): bump github.com/opencontainers/image-spec from 1.1.0-rc6 to 1.1....
  • See full diff in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @priteshbandi.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
codecov[bot] commented 2 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 72.01%. Comparing base (1ab2505) to head (5f58570). Report is 1 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1035 +/- ## ======================================= Coverage 72.01% 72.01% ======================================= Files 46 46 Lines 2287 2287 ======================================= Hits 1647 1647 Misses 440 440 Partials 200 200 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.