Milos Gajdos
c345425ff5
ci:bump Go version
...
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2024-07-13 19:24:26 +01:00
Sebastiaan van Stijn
9ba7340601
vendor: github.com/opencontainers/image-spec v1.1.0
...
full diff: https://github.com/opencontainers/image-spec/compare/v1.0.2...v1.1.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-07-10 14:58:09 -05:00
Milos Gajdos
5316d3bda2
Bump Go and golang linter
...
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2024-06-30 16:50:09 +01:00
dependabot[bot]
050e1a3ee7
build(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
...
Bumps [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go ) from 1.3.0 to 1.6.0.
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases )
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md )
- [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.3.0...sdk/azcore/v1.6.0 )
---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-11 20:09:16 +00:00
Milos Gajdos
675d7e27f5
feature: Bump go-jose and require signing algorithms in auth ( #4349 )
2024-05-30 20:54:20 +01:00
Milos Gajdos
52d68216c0
feature: Bump go-jose and require signing algorithms in auth
...
This bumps go-jose to the latest available version: v4.0.3.
This slightly breaks the backwards compatibility with the existing
registry deployments but brings more security with it.
We now require the users to specify the list of token signing algorithms in
the configuration. We do strive to maintain the b/w compat by providing
a list of supported algorithms, though, this isn't something we
recommend due to security issues, see:
* https://github.com/go-jose/go-jose/issues/64
* https://github.com/go-jose/go-jose/pull/69
As part of this change we now return to the original flow of the token
signature validation:
1. X2C (tls) headers
2. JWKS
3. KeyID
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2024-05-30 20:44:35 +01:00
James Hewitt
421a359b26
Add a go.mod toolchain version
...
go 1.21 added toolchain support. We should now specify a toolchain
version in go.mod.
https://go.dev/doc/toolchain
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
2024-05-13 14:47:07 +01:00
Liang Zheng
a5882d6646
vendor: update manifest dependencies
...
Signed-off-by: Liang Zheng <zhengliang0901@gmail.com>
2024-04-26 22:22:49 +08:00
dependabot[bot]
2db0a598cc
build(deps): bump golang.org/x/net from 0.20.0 to 0.23.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.20.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.20.0...v0.23.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-19 12:59:08 +00:00
Milos Gajdos
bc6e81e1b9
Add Go 1.22 support to CI ( #4314 )
2024-04-08 12:15:39 +01:00
Austin Vazquez
21c718d58c
Add Go 1.22 support to CI
...
This change adds Go 1.22 to the Go version matrix in CI and updates all
Dockerfiles to use Go 1.21.8.
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
2024-03-27 15:59:13 +00:00
Milos Gajdos
167d7996be
chore: bump distriution/reference dependency
...
We've made a new release https://github.com/distribution/reference
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2024-03-26 20:19:28 +00:00
Milos Gajdos
7c7517493c
build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 ( #4297 )
2024-03-17 10:38:34 +00:00
dependabot[bot]
cb2b51cac9
build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0
...
Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0.
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-13 23:16:02 +00:00
dependabot[bot]
1c5fe22dec
build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3
...
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose ) from 3.0.1 to 3.0.3.
- [Release notes](https://github.com/go-jose/go-jose/releases )
- [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md )
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.1...v3.0.3 )
---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-07 23:01:05 +00:00
gotgelf
f690b3ebe2
Added Open Telemetry Tracing to Filesystem package
...
Signed-off-by: gotgelf <gotgelf@gmail.com>
2024-03-04 13:31:22 +01:00
erezrokah
11f50c034e
feat: Add HTTP2 for unencrypted HTTP
...
Signed-off-by: erezrokah <erezrokah@users.noreply.github.com>
2024-01-17 20:59:02 +00:00
Milos Gajdos
6926aea0ee
vendor: github.com/gorilla/handlers v1.5.2 ( #4211 )
2024-01-16 17:06:16 +07:00
Sebastiaan van Stijn
bdfa8324a0
vendor: github.com/mitchellh/mapstructure v1.5.0
...
note that this repository will be sunset, and the "endorsed" fork will be
maintened by "go-viper". Updating the dependency to the latest version in
preparation.
full diff: https://github.com/mitchellh/mapstructure/compare/v1.1.2...v1.5.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-27 12:28:10 +01:00
Sebastiaan van Stijn
4f9fe183c3
vendor: github.com/gorilla/handlers v1.5.2
...
full diff: https://github.com/gorilla/handlers/compare/v1.5.1...v1.5.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-22 10:23:09 +01:00
dependabot[bot]
dcee8e93a3
build(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.15.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.15.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-12-19 00:02:47 +00:00
Eng Zer Jun
bcbf0431d1
testing: replace legacy gopkg.in/check.v1
...
This commit replaces the legacy `gopkg.in/check.v1` testing dependency
with `github.com/stretchr/testify`.
Closes https://github.com/distribution/distribution/issues/3884 .
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2023-12-13 09:22:43 +00:00
gotgelf
0e3018f2cf
Otel tracing MVP: vendor changes
...
Signed-off-by: gotgelf <gotgelf@gmail.com>
2023-12-11 21:18:42 +01:00
Milos Gajdos
60e7e87889
vendor: github.com/spf13/cobra v1.8.0 ( #4182 )
2023-12-01 12:09:15 +00:00
Milos Gajdos
6f84e87803
update: AWS Go SDK bump to the latest release
...
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2023-12-01 11:24:44 +00:00
Sebastiaan van Stijn
1f6afab6e0
vendor: github.com/spf13/cobra v1.8.0
...
updating to current version.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-01 12:05:31 +01:00
Milos Gajdos
a2613975a1
vendor: github.com/sirupsen/logrus v1.9.3 ( #4179 )
2023-12-01 10:51:38 +00:00
Milos Gajdos
3b58737bb6
vendor: github.com/gorilla/mux v1.8.1 ( #4180 )
2023-12-01 10:51:20 +00:00
Sebastiaan van Stijn
79976446f7
vendor: github.com/klauspost/compress v1.17.4
...
newer versions continue to include performance improvements, so it's good
to stay up-to-date.
full diff: https://github.com/klauspost/compress/compare/v1.16.5...v1.17.4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-01 10:33:39 +01:00
Sebastiaan van Stijn
db187ae55c
vendor: github.com/gorilla/mux v1.8.1
...
full diff: https://github.com/gorilla/mux/compare/v1.8.0...v1.8.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-01 10:26:51 +01:00
Sebastiaan van Stijn
d6dd652f5a
vendor: github.com/sirupsen/logrus v1.9.3
...
full diff: https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-01 10:21:44 +01:00
dependabot[bot]
b8b390f4cd
build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1
...
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/go-jose/go-jose/releases )
- [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md )
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.0...v3.0.1 )
---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-11-21 22:25:08 +00:00
Milos Gajdos
d8d14ca363
Switch to github.com/google/uuid ( #4132 )
2023-10-26 13:36:12 +01:00
dependabot[bot]
32316367c8
Bump google.golang.org/grpc from 1.53.0 to 1.56.3
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.53.0 to 1.56.3.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.53.0...v1.56.3 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-25 22:26:53 +00:00
James Hewitt
ef8651ec2a
Switch to github.com/google/uuid
...
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
2023-10-25 12:15:21 +01:00
Milos Gajdos
fe21f43911
feat: replace docker/libtrust with go-jose/go-jose
...
docker/libtrust repository has been archived for several years now.
This commit replaces all the libtrust JWT machinery with go-jose/go-jose module.
Some of the code has been adopted from libtrust and adjusted for some of
the use cases covered by the token authorization flow especially in the
tests.
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2023-10-19 15:32:59 +01:00
dependabot[bot]
758c0f9d77
Bump golang.org/x/net from 0.8.0 to 0.17.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.8.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.8.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-10-11 23:39:45 +00:00
Geoffrey Hausheer
2435def474
Support systemd socket-activation
...
Signed-off-by: Geoffrey Hausheer <rc2012@pblue.org>
2023-09-20 09:37:22 -07:00
dependabot[bot]
e4dd28b886
Bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4
...
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin ) from 0.2.3 to 0.2.4.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases )
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4 )
---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-09-07 13:06:27 +00:00
Milos Gajdos
2e50e6d2e6
Merge pull request #4033 from thaJeztah/remove_comment
...
go.mod: remove outdated comment
2023-08-31 15:39:46 +01:00
Sebastiaan van Stijn
acf804a2dd
go.mod: remove outdated comment
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-31 16:10:15 +02:00
Sebastiaan van Stijn
152af63ec5
deprecate reference package, migrate to github.com/distribution/reference
...
This integrates the new module, which was extracted from this repository
at commit b9b19409cf458dcb9e1253ff44ba75bd0620faa6;
# install filter-repo (https://github.com/newren/git-filter-repo/blob/main/INSTALL.md )
brew install git-filter-repo
# create a temporary clone of docker
cd ~/Projects
git clone https://github.com/distribution/distribution.git reference
cd reference
# commit taken from
git rev-parse --verify HEAD
b9b19409cf
# remove all code, except for general files, 'reference/', and rename to /
git filter-repo \
--path .github/workflows/codeql-analysis.yml \
--path .github/workflows/fossa.yml \
--path .golangci.yml \
--path distribution-logo.svg \
--path CODE-OF-CONDUCT.md \
--path CONTRIBUTING.md \
--path GOVERNANCE.md \
--path README.md \
--path LICENSE \
--path MAINTAINERS \
--path-glob 'reference/*.*' \
--path-rename reference/:
# initialize go.mod
go mod init github.com/distribution/reference
go mod tidy -go=1.20
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-31 15:47:06 +02:00
Wang Yan
5f8b59177b
Merge pull request #4019 from milosgajdos/replace-redigo-redis
...
Replace redigo with redis-go
2023-08-29 09:53:32 +08:00
James Hewitt
0eb8fee87e
Update to go 1.20
...
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
2023-08-27 10:32:00 +01:00
Milos Gajdos
fcbc25e789
Replace redigo with redis-go
...
We are replacing the very outdated redigo Go module with the official
redis Go module, go-redis.
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2023-08-26 07:44:02 +01:00
David van der Spek
3e4c4ead4c
Remove bugsnag
...
Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
2023-08-21 10:24:36 +02:00
Milos Gajdos
597e8a6b34
Merge pull request #4001 from DavidSpek/remove-newrelic
...
Remove NewRelic
2023-08-18 22:35:16 +01:00
David van der Spek
77c33cd243
remove NewRelic
...
Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
2023-08-18 12:16:18 +02:00
Milos Gajdos
c0a15e6448
Regroup direct and indirect dependencies
...
For some reason we let these be ungrouped and mixed all over the place.
This commit groups direct and indirect Go module dependencies.
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2023-08-18 08:28:26 +01:00
Milos Gajdos
ac32466188
Merge pull request #3993 from DavidSpek/update-golang-lru
...
Update github.com/hashicorp/golang-lru to v2
2023-08-18 08:09:11 +01:00