Bump the go-modules group with 27 updates

[dependabot[bot]]

Bumps the go-modules group with 27 updates:

Package	From	To
github.com/CycloneDX/cyclonedx-go	0.7.1	0.7.2
github.com/andybalholm/brotli	1.0.5	1.0.6
github.com/cenkalti/backoff/v4	4.2.0	4.2.1
github.com/cloudflare/circl	1.3.3	1.3.5
github.com/containerd/containerd	1.7.0	1.7.7
github.com/docker/distribution	2.8.2+incompatible	2.8.3+incompatible
github.com/docker/docker-credential-helpers	0.7.0	0.8.0
github.com/gabriel-vasile/mimetype	1.4.2	1.4.3
github.com/go-git/go-billy/v5	5.4.1	5.5.0
github.com/go-git/go-git/v5	5.6.1	5.9.0
github.com/google/go-cmp	0.5.9	0.6.0
github.com/google/go-containerregistry	0.15.1	0.16.1
github.com/google/uuid	1.3.0	1.3.1
github.com/jinzhu/copier	0.3.5	0.4.0
github.com/klauspost/compress	1.16.5	1.17.1
github.com/mattn/go-runewidth	0.0.14	0.0.15
github.com/moby/patternmatcher	0.5.0	0.6.0
github.com/opencontainers/runc	1.1.5	1.1.9
github.com/pierrec/lz4/v4	4.1.17	4.1.18
github.com/skeema/knownhosts	1.2.0	1.2.1
github.com/spdx/tools-golang	0.5.0	0.5.3
github.com/spf13/afero	1.9.5	1.10.0
github.com/spf13/cast	1.5.0	1.5.1
github.com/sylabs/sif/v2	2.11.3	2.15.0
github.com/testcontainers/testcontainers-go	0.21.0	0.25.0
github.com/vbatts/tar-split	0.11.3	0.11.5
google.golang.org/grpc	1.57.0	1.59.0

Updates github.com/CycloneDX/cyclonedx-go from 0.7.1 to 0.7.2

Release notes

Sourced from github.com/CycloneDX/cyclonedx-go's releases.

v0.7.2

This is a bugfix release that ships with minimal support for the CycloneDX v1.5 specification.

Full support is being worked on and planned to be released soon. The progress may be tracked in #90.

The reason for publishing partial support like this is to allow the consumption of v1.5 BOMs, which fails with cyclonedx-go <= v0.7.1.

Warning
The default SpecVersion has been updated to SpecVersion1_5. If your application generates BOMs, and you're not ready (or willing) to distribute BOMs following the v1.5 specification yet, consider using EncodeVersion to generate output for an older version of the spec.

Changelog

Features

• 7128a921f3e83a43feef75bc8ab95642c236ef82: feat: raise baseline go version to 1.18 (@​nscuro)

Fixes

• ff719b64835af6e75dcfd6e7ff90d070f271ae07: fix: unmarshal bom on v1.5 return invalid specification version (@​chen-keinan)

Building and Packaging

• 966c223154527621395473cc045a7672609c879f: build(deps): bump CycloneDX/gh-gomod-generate-sbom from 1.1.0 to 2.0.0 (@​dependabot[bot])
• 1e83e8598d07b6303522cb63458be2577223f8d3: build(deps): bump actions/checkout from 3.5.0 to 3.5.1 (@​dependabot[bot])
• 78f6593ed81da036aec671c19ea937b3a80586bf: build(deps): bump actions/checkout from 3.5.1 to 3.5.2 (@​dependabot[bot])
• 868f6db7d03da581dbe9b6d283acd6c477529c0a: build(deps): bump actions/checkout from 3.5.2 to 3.5.3 (@​dependabot[bot])
• 5885827e4246b82e08d37f6f0b95c6c0a4ef821b: build(deps): bump actions/setup-go from 4.0.0 to 4.0.1 (@​dependabot[bot])
• d772b5438430be7879f3a4e7064c1ccbdbf153a1: build(deps): bump actions/setup-go from 4.0.1 to 4.1.0 (@​dependabot[bot])
• 578e8621c93869b9e0368eebb619cd96c7e9e2bb: build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.4 (@​dependabot[bot])
• f83e6a7c9d196eff9f99ecf8291cd4adeabce31a: build(deps): bump gitpod/workspace-go from 2be827f to 910daeb (@​dependabot[bot])
• cd7b23a68ff1c7467e211c9c69f9fb67c2244043: build(deps): bump gitpod/workspace-go from 910daeb to d7a41f5 (@​dependabot[bot])
• 668553d1667110b8b34c7a4a954c3ac4707816ba: build(deps): bump gitpod/workspace-go from d7a41f5 to f37c673 (@​dependabot[bot])
• d9a5f8cf07fa834c02969fba2128bdb14c0865ff: build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (@​dependabot[bot])
• 66f96dfacf866f8d2ca686659e964fc535c72f92: build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (@​dependabot[bot])
• 8b51c39974573c22ba0a14ba1d5a0cd5b50c68fa: build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (@​dependabot[bot])
• e44f7de374a51cd1228117d43ccedfdcbe50cd73: build(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (@​dependabot[bot])
• 6360fe1474853e461a6af83fc6214882b4647f09: build(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (@​dependabot[bot])

Others

• a06990657b338db19fec11a677ea915eea2b5c74: feat(spec1-5): add initial support for spec v1.5 (@​nscuro)
• 67a7567143eb3373099f100bbe17143239cf5d4e: feat(spec1-5): add licensing, license properties, and license bom-ref (@​nscuro)
• d2f3bb95bf740da7a6d36c6a1c324356afed5356: feat(spec1-5): add lifecycle support (@​nscuro)
• eb041b55b2eb8685a37be6f7a9c265fb6528377b: feat(spec1-5): add new component types (@​nscuro)
• c45ba618028d9f0cb593784e6483f4392a78ff3b: feat(spec1-5): add new external reference types (@​nscuro)
• d84947d74d7df97f851211bf7b72786e3583b9e3: feat(spec1-5): add support for annotations (@​nscuro)
• 0ba04965ce8c5df710eb2a1cae1e7546ffb6321b: feat(spec1-5): bump schema to 1.5 for round-trip tests (@​nscuro)
• 4e20914ebfc2aa80fbe0fa32650567554ebaaf49: misc(dx): add project icon for intellij and goland (@​nscuro)

Commits

• 83031d6 Merge pull request #117 from CycloneDX/dependabot/github_actions/golangci/gol...
• 8b51c39 build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0
• 0ed4535 Merge pull request #114 from CycloneDX/dependabot/github_actions/goreleaser/g...
• 6360fe1 build(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0
• 5c1db8e Merge pull request #113 from CycloneDX/dependabot/github_actions/actions/setu...
• d772b54 build(deps): bump actions/setup-go from 4.0.1 to 4.1.0
• 3d592d2 Merge pull request #112 from CycloneDX/dependabot/docker/gitpod/workspace-go-...
• 668553d build(deps): bump gitpod/workspace-go from d7a41f5 to f37c673
• fdeec7e Merge pull request #111 from CycloneDX/idea-project-icon
• 4e20914 misc(dx): add project icon for intellij and goland
• Additional commits viewable in compare view

Updates github.com/andybalholm/brotli from 1.0.5 to 1.0.6

Commits

• b7a4cf9 remove Content-Type requirement
• See full diff in compare view

Updates github.com/cenkalti/backoff/v4 from 4.2.0 to 4.2.1

Commits

• a04a6fe set minimum permissions for go.yaml
• a214dad spelling: interval
• af9bd1c spelling: found
• See full diff in compare view

Updates github.com/cloudflare/circl from 1.3.3 to 1.3.5

Commits

• 13e767c Proof encoding and decoding
• 5007a76 Start filling out high-level API
• a00adb5 Add multi-message test
• 96f8dfe Fix test vector bugs
• 5f6d639 Add initial BBS implementation sketch
• 44133f7 spelling: tripped
• c2076d6 spelling: transposes
• dad2166 spelling: title
• 171c418 spelling: threshold
• 82b7495 spelling: the
• Additional commits viewable in compare view

Updates github.com/containerd/containerd from 1.7.0 to 1.7.7

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.7

Welcome to the v1.7.7 release of containerd!

The seventh patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

• Require plugins to succeed after registering readiness (#9165)
• Handle unexpected shim kill events (#9132)
• Build binaries with Go 1.21.1 (#9167)
• cri: Stop recommending disable_cgroup (#9168)
• remotes/docker: Fix MountedFrom prefixed with target repository (#9193)
• remotes: always try to establish tls connection when tls configured (#9188)
• NRI: Add support for rlimits (#48)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Samuel Karp
• Krisztian Litkey
• Wei Fu
• Phil Estes
• Sebastiaan van Stijn
• Iceber Gu
• Mike Brown
• Akihiro Suda
• Paweł Gronowski
• Steve Griffith
• Aditya Ramani
• Austin Vazquez
• Danny Canter
• James Sturtevant
• Kern Walster
• ZP-AlwaysWin

Changes

• [release/1.7] Prepare release notes for v1.7.7 (#9194)
  • a34fa5681 Prepare release notes for v1.7.7
• [release/1.7] Allow for images with artifacts to pull (#9149)
  • 6ca0aebf0 Allow for images with artifacts to pull
• [release 1.7] remotes/docker: Fix MountedFrom prefixed with target repository (#9193)
  • 7df492a95 remotes/docker: Fix MountedFrom prefixed with target repository

... (truncated)

Commits

• 8c08766 Merge pull request #9194 from dcantah/release-notes-1.7.7
• a34fa56 Prepare release notes for v1.7.7
• 8664fca Merge pull request #9149 from jsturtevant/cherry-pick-9142-on-1-7
• 6ca0aeb Allow for images with artifacts to pull
• 72e0200 Merge pull request #9193 from vvoland/remotes-docker-mounted-fix-1.7
• 814f6c2 Merge pull request #9134 from Kern--/release/1.7
• 781d395 Merge pull request #9188 from dmcgowan/backport-1.7-localhost-http-fallback
• 7df492a remotes/docker: Fix MountedFrom prefixed with target repository
• 7779ce6 remotes: always try to establish tls connection when tls configured
• b3db314 Bump x/net to 0.13
• Additional commits viewable in compare view

Updates github.com/docker/distribution from 2.8.2+incompatible to 2.8.3+incompatible

Release notes

Sourced from github.com/docker/distribution's releases.

v2.8.3

What's Changed

• Pass BUILDTAGS argument to go build by @​marcusirgens in distribution/distribution#3926
• Enable Go build tags by @​thaJeztah in distribution/distribution#4009
• reference: replace deprecated function SplitHostname by @​thaJeztah in distribution/distribution#4032
• Dont parse errors as JSON unless Content-Type is set to JSON by @​thaJeztah in distribution/distribution#4054
• update to go 1.20.8 by @​thaJeztah in distribution/distribution#4056
• Set Content-Type header in registry client ReadFrom by @​thaJeztah in distribution/distribution#4053
• deprecate reference package, migrate to github.com/distribution/reference by @​thaJeztah in distribution/distribution#4063
• digestset: deprecate package in favor of go-digest/digestset by @​thaJeztah in distribution/distribution#4064
• Do not close HTTP request body in HTTP handler by @​milosgajdos in distribution/distribution#4068
• Add v2.8.3 release notes by @​milosgajdos in distribution/distribution#4088

New Contributors

• @​marcusirgens made their first contribution in distribution/distribution#3926

Full Changelog: https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3

Commits

• 4772604 Merge pull request #4088 from distribution/2.8.3-release-notes
• a4fa699 Add v2.8.3 release notes
• 1eb2c30 Merge pull request #4068 from milosgajdos/2_8-dont-close-request-body
• 5e6b1b5 Do not close HTTP request body in HTTP handler
• 2b76378 Merge pull request #4064 from thaJeztah/2.8_backport_nodigestset
• 29b00e8 digestset: deprecate package in favor of go-digest/digestset
• d1ab243 [release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0
• 11eb419 Merge pull request #4063 from thaJeztah/2.8_backport_switch_reference
• 3dda067 deprecate reference package, migrate to github.com/distribution/reference
• da05539 Merge pull request #4053 from thaJeztah/2.8_backport_set-content-type-client-...
• Additional commits viewable in compare view

Updates github.com/docker/docker-credential-helpers from 0.7.0 to 0.8.0

Release notes

Sourced from github.com/docker/docker-credential-helpers's releases.

v0.8.0

What's Changed

• wincred: windows/arm64 support by @​crazy-max in docker/docker-credential-helpers#279
• osxkeychain: Delete(): return typed errors by @​thaJeztah in docker/docker-credential-helpers#278
• osxkeychain: match min macos version for xx by @​crazy-max in docker/docker-credential-helpers#283
• pass: fix interpolation of $PASSWORD_STORE_DIR, and use os.UserHomeDir() by @​thaJeztah in docker/docker-credential-helpers#287
• cli: assorted improvements, and add --version, -v, and --help, -h flags by @​thaJeztah in docker/docker-credential-helpers#284
• vendor: github.com/danieljoos/wincred v1.2.0 by @​thaJeztah in docker/docker-credential-helpers#271
• vendor: golang.org/x/sys v0.7.0 by @​crazy-max in docker/docker-credential-helpers#265
• chore: update go to 1.20.6 by @​crazy-max @​thaJeztah in docker/docker-credential-helpers#297 docker/docker-credential-helpers#293 docker/docker-credential-helpers#281 docker/docker-credential-helpers#263
• chore: use go build constraint by @​crazy-max in docker/docker-credential-helpers#289
• credentials: fix minor nits in tests for credentials by @​thaJeztah in docker/docker-credential-helpers#291
• credentials: improve errors and error-handling by @​thaJeztah in docker/docker-credential-helpers#292
• chore: remove uses of golang.org/x/sys/execabs by @​thaJeztah in docker/docker-credential-helpers#270
• chore: format code with gofumpt by @​thaJeztah in docker/docker-credential-helpers#273
• chore: rewrite tests to use sub-tests, improve error-handling in tests, and use t.Cleanup() by @​thaJeztah in docker/docker-credential-helpers#275
• chore: use designated domains in tests (RFC2606) (step 1) by @​thaJeztah in docker/docker-credential-helpers#294
• chore: fix vendor validation by @​crazy-max in docker/docker-credential-helpers#253
• chore: update xx to 1.2.1 by @​crazy-max in docker/docker-credential-helpers#264
• chore: use same target for sandboxed and native tests by @​crazy-max in docker/docker-credential-helpers#285
• ci: bump runners to ubuntu-22.04 by @​crazy-max in docker/docker-credential-helpers#276
• chore: add CONTRIBUTING.md, CODE_OF_CONDUCT.md, SECURITY.md by @​thaJeztah in docker/docker-credential-helpers#272
• chore: fix build status badge being broken by @​okrc in docker/docker-credential-helpers#252
• docs: install emulators when building with docker by @​crazy-max in docker/docker-credential-helpers#286

New Contributors

• @​okrc made their first contribution in docker/docker-credential-helpers#252

Full Changelog: https://github.com/docker/docker-credential-helpers/compare/v0.7.0...v0.8.0

Commits

• 8396edb Merge pull request #297 from thaJeztah/update_go_1.20.6
• a3d1ffc update go to go1.20.6
• c03d56c deb: update to golang bullseye
• 7f48455 Merge pull request #294 from thaJeztah/use_designated_domains_step1
• a90e3fa secretservice: use designated domains in tests (RFC2606)
• ffb3232 pass: use designated domains in tests (RFC2606)
• 1050848 client: use designated domains in tests (RFC2606)
• 7d66ae0 osxkeychain: use designated domains in tests (RFC2606)
• 13475b4 credentials: use designated domains in tests (RFC2606)
• 91af1de registryurl: use designated domains in tests (RFC2606)
• Additional commits viewable in compare view

Updates github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3

Release notes

Sourced from github.com/gabriel-vasile/mimetype's releases.

v1.4.3

What's Changed

• Switch csv and tsv method 'sv' from ReadAll() to stream each record with Read() by @​splashing-atom in gabriel-vasile/mimetype#355
• Bump golang.org/x/net from 0.8.0 to 0.17.0 by @​dependabot in gabriel-vasile/mimetype#441
• enable reusing records in csv/tsv detection by @​gabriel-vasile in gabriel-vasile/mimetype#443

New Contributors

• @​splashing-atom made their first contribution in gabriel-vasile/mimetype#355

Full Changelog: https://github.com/gabriel-vasile/mimetype/compare/v1.4.2...v1.4.3

Commits

• e64d6bd enable reusing records in csv/tsv detection (#443)
• b4da7ba Bump the gomod group with 1 update (#441)
• 918baec Bump the github-actions group with 4 updates (#442)
• 9df6903 Switch csv and tsv method 'sv' from ReadAll() to stream each record with Read...
• 85b2cdc Merge pull request #414 from gabriel-vasile/dependabot/github_actions/github-...
• 24e5745 Merge pull request #412 from gabriel-vasile/dependabot/go_modules/gomod-939bd...
• 6bd9427 Bump the github-actions group with 5 updates
• 4f0da4f Bump the gomod group with 1 update
• 1a4b844 Group all dependabot PRs together (#409)
• f5a14c2 Remove old travis build status link from readme (#407)
• Additional commits viewable in compare view

Updates github.com/go-git/go-billy/v5 from 5.4.1 to 5.5.0

Release notes

Sourced from github.com/go-git/go-billy/v5's releases.

v5.5.0

What's Changed

• *: Bump dependencies and go.mod to Go 1.18. Add codeQL workflow. by @​pjbgf in go-git/go-billy#30
• osfs: Add new BoundOS type by @​pjbgf in go-git/go-billy#31
• Re-introduce osfs.Default by @​pjbgf in go-git/go-billy#33
• Revert back to upstream github.com/cyphar/filepath-securejoin by @​pjbgf in go-git/go-billy#34

Full Changelog: https://github.com/go-git/go-billy/compare/v5.4.1...v5.5.0

Commits

• 5c1dfec Merge pull request #34 from pjbgf/bump-scj
• 3994cd7 osfs: Add WithDeduplicatePath
• e223a66 Bump github.com/cyphar/filepath-securejoin
• ca80085 Merge pull request #33 from pjbgf/default
• 74a6e60 Re-introduce osfs.Default
• 1d4d3d3 Merge pull request #31 from pjbgf/new-osfs
• 3c59de8 osfs: Add new BoundOS type
• dafe8bc build: Bump Go to 1.19
• 326c59f Merge pull request #30 from pjbgf/updates
• c88853b *: Add CodeQL workflow
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.6.1 to 5.9.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.9.0

What's Changed

• git: worktree: add Amend option to CommitOptions by @​john-cai in go-git/go-git#438
• git: worktree, reset ignored files that are part of the worktree: Fixes #819 by @​daolis in go-git/go-git#821
• plumbing: Do not swallow http message coming from VCS providers by @​matejrisek in go-git/go-git#835
• plumbing: transport, handle IPv6 while parsing endpoint. Fixes #740 by @​ninedraft in go-git/go-git#820
• *: update goproxy dependency to fix CVE-2023-37788 vulnerability by @​svghadi in go-git/go-git#832
• *: bump dependencies and Go to 1.19 by @​pjbgf in go-git/go-git#837

New Contributors

• @​svghadi made their first contribution in go-git/go-git#832
• @​daolis made their first contribution in go-git/go-git#821

Full Changelog: https://github.com/go-git/go-git/compare/v5.8.1...v5.9.0

v5.8.1

What's Changed

• *: Bump dependencies by @​pjbgf in go-git/go-git#815

Full Changelog: https://github.com/go-git/go-git/compare/v5.8.0...v5.8.1

v5.8.0

What's Changed

• git: Fix fetching after shallow clone. Fixes #305 by @​AriehSchneier in go-git/go-git#778
• git: enable fetch with unqualified references by @​AriehSchneier in go-git/go-git#762
• git: don't add to want if exists, shallow and depth 1 by @​AriehSchneier in go-git/go-git#763
• git: Clone HEAD should not force master. Fixes #363 by @​AriehSchneier in go-git/go-git#758
• git: fix the issue with submodules having the SCP style URL fail due to the wrong URL parsing by @​matejrisek in go-git/go-git#756
• git: add a clone option to allow for shallow cloning of submodules by @​matejrisek in go-git/go-git#765
• worktree: minor speedup for doAddDirectory by @​ThinkChaos in go-git/go-git#702
• _examples: Remove wrong comment by @​pascal-hofmann in go-git/go-git#357
• *: Handle paths starting with tilde by @​ricci2511 in go-git/go-git#808
• *: Handle paths starting with ~Username by @​AriehSchneier in go-git/go-git#809
• storage: filesystem/dotgit, add support for tmp_objdir prefix by @​L11R in go-git/go-git#812
• plumbing: gitignore, replace user dir in path by @​Jleagle in go-git/go-git#772
• plumbing: gitignore, fix incorrect parsing. Fixes #500 by @​AriehSchneier in go-git/go-git#781
• plumbing: http, Fix empty repos on Git v2.41+ by @​pjbgf in go-git/go-git#802
• plumbing: packp, A request is not empty if it contains shallows. Fixes #328 by @​AriehSchneier in go-git/go-git#792
• plumbing: blame, Complete rewrite. Fixes #603 by @​AriehSchneier in go-git/go-git#789
• plumbing: gitignore, Allow gitconfig to contain a gitignore relative to any user home. Fixes #578 by @​AriehSchneier in go-git/go-git#785

New Contributors

• @​Jleagle made their first contribution in go-git/go-git#772
• @​pascal-hofmann made their first contribution in go-git/go-git#357
• @​ricci2511 made their first contribution in go-git/go-git#808
• @​L11R made their first contribution in go-git/go-git#812

Full Changelog: https://github.com/go-git/go-git/compare/v5.7.0...v5.7.1

... (truncated)

Commits

• e24e0f7 *: Bump go-billy to v5.5.0
• ff0bd08 Merge pull request #837 from pjbgf/bump
• cbbeb49 *: Bump to Go 1.19
• cf3a75c *: Bump dependencies
• 51e9c9f Merge pull request #835 from matejrisek/feature/do-not-swallow-vcs-host-errors
• 5ad72db plumbing: Do not swallow http message coming from VCS providers.
• 0377d06 Merge pull request #821 from daolis/bug/resetfix
• 753b0d5 git: worktree, reset ignored files that are part of the worktree: Fixes #819
• cd3a21c Merge pull request #832 from svghadi/CVE-2023-37788
• f71a449 *: Bump goproxy dep. Fixes #826
• Additional commits viewable in compare view

Updates github.com/google/go-cmp from 0.5.9 to 0.6.0

Release notes

Sourced from github.com/google/go-cmp's releases.

v0.6.0

New API:

• (#340) Add cmpopts.EquateComparable

Documentation changes:

• (#337) Use of hotlinking of Go identifiers

Build changes:

• (#325) Remove purego fallbacks

Testing changes:

• (#322) Run tests for Go 1.20 version
• (#332) Pin GitHub action versions
• (#327) set workflow permission to read-only

Commits

• c3ad843 Add cmpopts.EquateComparable (#340)
• e250a55 Use of hotlinking of Go identifiers (#337)
• 8a3e8dd set workflow permission to read-only (#327)
• 8cea5de Pin GitHub action versions (#332)
• 3bb304a Run tests for Go 1.20 version (#322)
• 571a56b Remove purego fallbacks (#325)
• See full diff in compare view

Updates github.com/google/go-containerregistry from 0.15.1 to 0.16.1

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.16.1

Release is broken due to goreleaser error, 0.16.1 has the fix

What's Changed

• bump deps using ./hack/bump-deps.sh by @​imjasonh in google/go-containerregistry#1702
• Allow crane to export schema 1 images by @​jonjohnsonjr in google/go-containerregistry#1704
• fixed a goroutine leak by @​ktarplee in google/go-containerregistry#1705
• retry HTTP 522 errors by default by @​imjasonh in google/go-containerregistry#1707
• Limit size of manifest by @​AdamKorcz in google/go-containerregistry#1711
• Add crane auth token by @​jonjohnsonjr in google/go-containerregistry#1709
• Bump codecov/codecov-action from 3.1.3 to 3.1.4 by @​dependabot in google/go-containerregistry#1710
• Pass scopes through crane auth token by @​jonjohnsonjr in google/go-containerregistry#1713
• fix: add bounds checking to addendum layer mutations to prevent panic by @​aaron-prindle in google/go-containerregistry#1715
• Surface better error messages in crane index by @​jonjohnsonjr in google/go-containerregistry#1722
• crane: add missing name option in crane index commands by @​HubertZhang in google/go-containerregistry#1723
• crane: Respect cmd.OutOrStdout by @​kyleconroy in google/go-containerregistry#1728
• Make ErrSchema1 checkable via errors.Is() by @​Laitr0n in google/go-containerregistry#1721
• Don't load into daemon if the image already exists by @​jonjohnsonjr in google/go-containerregistry#1724
• add --blobs-to-disk to 'crane registry serve' by @​imjasonh in google/go-containerregistry#1731
• Correct crane registry help text by @​jonjohnsonjr in google/go-containerregistry#1732
• Allow concurrent blob Sets, use RWMutex by @​mattmoor in google/go-containerregistry#1733
• Use RWLock, limit scope of locking, write digest first by @​mattmoor in google/go-containerregistry#1734
• Let the filesystem handle atomicity by @​mattmoor in google/go-containerregistry#1735
• Don't try cross-origin mounting against dockerhub by @​jonjohnsonjr in google/go-containerregistry#1743
• Drop localhost to support crane registry serve in a container by @​mattmoor in google/go-containerregistry#1746
• Return OCI Index content-type for referrers response by @​jdolitsky in google/go-containerregistry#1762

New Contributors

• @​AdamKorcz made their first contribution in google/go-containerregistry#1711
• @​HubertZhang made their first contribution in google/go-containerregistry#1723
• @​kyleconroy made their first contribution in google/go-containerregistry#1728
• @​Laitr0n made their first contribution in google/go-containerregistry#1721

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.15.2...v0.16.1

Container Images

https://gcr.io/go-containerregistry/crane:v0.16.1 https://gcr.io/go-containerregistry/gcrane:v0.16.1

For example:

docker pull gcr.io/go-containerregistry/crane:v0.16.1
docker pull gcr.io/go-containerregistry/gcrane:v0.16.1

v0.16.0

Release is broken due to goreleaser error, 0.16.1 has the fix

... (truncated)

Commits

• a54d642 fix: pin to goreleaser v1.18 to unblock release (#1763)
• ea19b57 Return OCI Index content-type for referrers response (#1762)
• b850480 Drop localhost to support crane registry serve in a container (#1746)
• fe268b7 Don't try cross-origin mounting against dockerhub (#1743)
• 2472cbb Let the filesystem handle atomicity (#1735)
• db818dc Use RWLock, limit scope of locking, write digest first (#1734)
• 44a6e2e Allow concurrent blob Sets, use RWMutex (#1733)
• 9010ce1 Correct crane registry help text (#1732)
• 03ad2ac a... _Description has been truncated_

[dependabot[bot]]

Looks like these dependencies are updatable in another way, so this is no longer needed.