Bump github.com/google/go-containerregistry from 0.11.0 to 0.16.1 #83

dependabot · 2023-08-02T21:21:03Z

Bumps github.com/google/go-containerregistry from 0.11.0 to 0.16.1.

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.16.1

Changelog

a54d6420 fix: pin to goreleaser v1.18 to unblock release (#1763)

Container Images

https://gcr.io/go-containerregistry/crane:v0.16.1 https://gcr.io/go-containerregistry/gcrane:v0.16.1

For example:
docker pull gcr.io/go-containerregistry/crane:v0.16.1
docker pull gcr.io/go-containerregistry/gcrane:v0.16.1
v0.16.0

Release is broken due to goreleaser error, will cut 0.16.1 when that's fixed

v0.15.2

What's Changed

Make 403 non-fatal for manifest existence checks by @jonjohnsonjr in google/go-containerregistry#1691

Do not reuse pushers for pullers by @jonjohnsonjr in google/go-containerregistry#1701

Full Changelog: google/go-containerregistry@v0.15.1...v0.15.2

v0.15.1

Changelog

e2620e56 Actually retry retryable status codes (#1618)

afd15f14 Add --all-tags flag to crane cp (#1682)

69d1a197 Add mutate --ports option to set the exposed ports (#1677)

65e78dc8 Add partial.Manifests for lazy index access (#1631)

3228a601 Add ppc64le to .goreleaser.yml (#1680)

0b12f56b Add ppc64le to all binaries (#1688)

d9584448 Add remote.Descriptor.Schema1() (#1626)

07c767c7 Add remote.Puller (#1644)

005bb719 Add remote.Reuse for Pusher/Puller (#1672)

21ac1b24 Adding mutate --workdir option to set the working directory (#1615)

0962e296 Allow remote config layers to be lazy fetched (#1634)

53189d33 Bump actions/setup-go from 3 to 4 (#1602)

54e3f49e Bump actions/stale from 7 to 8 (#1616)

07eb440c Bump codecov/codecov-action from 3.1.1 to 3.1.2 (#1650)

58bd35bc Bump codecov/codecov-action from 3.1.2 to 3.1.3 (#1668)

e055961a Bump peter-evans/create-pull-request from 4 to 5 (#1642)

b8d1c0a1 Bump slsa-framework/slsa-verifier from 2.0.1 to 2.1.0 (#1621)

375fb61c Bump slsa-framework/slsa-verifier from 2.1.0 to 2.2.0 (#1649)

9aa45a1a Change return type of remote.Referrers (#1652)

2ccd41c4 Cleanup: Switch the debug image to cgr.dev/chainguard/busybox (#1638)

93be9c42 Don't export whiteouts for single layers (#1629)

b7c6e9dc Fall back to puller if reusing pusher fails (#1676)

... (truncated)

Commits

a54d642 fix: pin to goreleaser v1.18 to unblock release (#1763)
ea19b57 Return OCI Index content-type for referrers response (#1762)
b850480 Drop localhost to support crane registry serve in a container (#1746)
fe268b7 Don't try cross-origin mounting against dockerhub (#1743)
2472cbb Let the filesystem handle atomicity (#1735)
db818dc Use RWLock, limit scope of locking, write digest first (#1734)
44a6e2e Allow concurrent blob Sets, use RWMutex (#1733)
9010ce1 Correct crane registry help text (#1732)
03ad2ac add --blobs-to-disk to 'crane registry serve' (#1731)
4e4b03a Don't load into daemon if the image already exists (#1724)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)