Bump github.com/google/go-containerregistry from 0.8.0 to 0.9.0 in /create-stack

[dependabot[bot]]

Bumps github.com/google/go-containerregistry from 0.8.0 to 0.9.0.

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.9.0

What's Changed

• pkg/v1/mutate: fill in mediaType for OCI by @​maisem in google/go-containerregistry#1236
• Start testing ECR authentication. by @​mattmoor in google/go-containerregistry#1237
• Pin the version of AWS actions we use by @​mattmoor in google/go-containerregistry#1238
• Add pkg/authn/kubernetes by @​imjasonh in google/go-containerregistry#1234
• Use Temp File For layout.{Write,Append,Replace} Image/Index Methods by @​ben-krieger in google/go-containerregistry#1226
• Update README.md by @​bobychaudhary in google/go-containerregistry#1239
• fix k8schain go.mod by @​dprotaso in google/go-containerregistry#1242
• fix cmd/krane/go.mod and include it in hack/presubmit.sh by @​imjasonh in google/go-containerregistry#1240
• return transport errors that support errors.Is by @​dprotaso in google/go-containerregistry#1244
• Bump ecr-login to v0.6.0 by @​imjasonh in google/go-containerregistry#1243
• pkg/authn: return Anonymous on podman auth.json errors by @​vdemeester in google/go-containerregistry#1248
• Bump acr cred helper dep by @​imjasonh in google/go-containerregistry#1247
• krane: drop k8schain, use cred helper directly w/o k8s by @​imjasonh in google/go-containerregistry#1250
• Ensure that layer is closed before renaming file in layout by @​ben-krieger in google/go-containerregistry#1254
• Bump aws-actions/configure-aws-credentials from 1.6.0 to 1.6.1 by @​dependabot in google/go-containerregistry#1259
• Fix krane:debug image to include shell by @​imjasonh in google/go-containerregistry#1264
• Fix NewKeychainFromHelper by @​imjasonh in google/go-containerregistry#1265
• Fix issue templates by @​imjasonh in google/go-containerregistry#1266
• Update k8schain README -- don't recommend modifting authn.DefaultKeyc… by @​imjasonh in google/go-containerregistry#1267
• Add EOF to remote default retry predicate by @​jonjohnsonjr in google/go-containerregistry#1268
• Bump containerd by @​imjasonh in google/go-containerregistry#1271
• Implement Platform.String and v1.ParsePlatform by @​imjasonh in google/go-containerregistry#1270
• Eagerly fetch image ID in daemon.Image by @​jonjohnsonjr in google/go-containerregistry#1272
• Add pkg/authn/github.Keychain to authenticate with ghcr.io by @​imjasonh in google/go-containerregistry#1252
• Fallback to anonymous if env or gcloud are not configured by @​imjasonh in google/go-containerregistry#1279
• Add one-time workflow to push an image to ghcr.io by @​imjasonh in google/go-containerregistry#1281
• remove push-image workflow by @​imjasonh in google/go-containerregistry#1282
• Pass gcloud stderr to logs.Warn by @​imjasonh in google/go-containerregistry#1284
• Add tarball.WithMediaType to specify layer media type by @​imjasonh in google/go-containerregistry#1286
• LayerFromReader: buffer contents to a temp file instead of in memory by @​imjasonh in google/go-containerregistry#1285
• Check docker config auths for repo and registry by @​imjasonh in google/go-containerregistry#1280
• Bump deps, add script to make it easier by @​imjasonh in google/go-containerregistry#1260
• Fix Windows e2e test by @​imjasonh in google/go-containerregistry#1292
• Update ecr-login dep to fix logspam issue by @​imjasonh in google/go-containerregistry#1294
• authn/kubernetes - fix auth config lookup by @​dprotaso in google/go-containerregistry#1299
• authn/kubernetes - fix index.docker.io case by @​dprotaso in google/go-containerregistry#1300
• Take advantage of Chainguard maintained versions of various actions. by @​mattmoor in google/go-containerregistry#1301
• Cover a couple special paths in keychain unit tests. by @​mattmoor in google/go-containerregistry#1302
• Add output option to mutate to save to a tar file and not push to a registry (same as append) by @​ehmm in google/go-containerregistry#1257
• Add GitHub Action to automatically bump deps by @​imjasonh in google/go-containerregistry#1291
• Include blob existence checks in retries by @​jonjohnsonjr in google/go-containerregistry#1307
• Bump golangci/golangci-lint-action from 2 to 3.1.0 by @​dependabot in google/go-containerregistry#1308
• Add rebase_test.sh to hack/presubmit.sh by @​imjasonh in google/go-containerregistry#1304
• crane export: Support reading tarball from a stream by @​abitrolly in google/go-containerregistry#1274
• Don't parse challenge's scopes, put them first by @​jonjohnsonjr in google/go-containerregistry#1312
• Bump actions/checkout from 2 to 3 by @​dependabot in google/go-containerregistry#1315
• Fix isolation of presubmit tools by @​abitrolly in google/go-containerregistry#1306
• Bump deps, fix ecr-login API change by @​imjasonh in google/go-containerregistry#1310

... (truncated)

Commits

• 49e5170 Bump deps using ./hack/bump-deps.sh (#1366)
• 14395f1 Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#1365)
• b7619f2 feat(crane): allow setting the repository to push by digest (#1323)
• 03eb0a0 Bump deps, fix issues (#1317)
• ba4080b fix(ConfigFile): add Variant (#1362)
• 82405e5 transport: Don't pass default service if unset (#1360)
• 9d1ceb8 Bump github/codeql-action from 1 to 2 (#1357)
• fc6ff85 Bump codecov/codecov-action from 3.0.0 to 3.1.0 (#1353)
• 1db6ac0 update go action to always get the latest available and other updates (#1352)
• 570ba6c bump require blocks to point to latest main (892d7a8) (#1351)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.