Milos Gajdos 52d68216c0 feature: Bump go-jose and require signing algorithms in auth ... This bumps go-jose to the latest available version: v4.0.3. This slightly breaks the backwards compatibility with the existing registry deployments but brings more security with it. We now require the users to specify the list of token signing algorithms in the configuration. We do strive to maintain the b/w compat by providing a list of supported algorithms, though, this isn't something we recommend due to security issues, see: * https://github.com/go-jose/go-jose/issues/64 * https://github.com/go-jose/go-jose/pull/69 As part of this change we now return to the original flow of the token signature validation: 1. X2C (tls) headers 2. JWKS 3. KeyID Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>		2024-05-30 20:44:35 +01:00
..
AdaLogics/go-fuzz-headers	Fuzzing: Move over two fuzzers from cncf-fuzzing	2023-05-02 23:03:57 +02:00
aws/aws-sdk-go	update: AWS Go SDK bump to the latest release	2023-12-01 11:24:44 +00:00
Azure/azure-sdk-for-go/sdk	bump azure sdk	2023-05-22 09:05:35 +02:00
AzureAD/microsoft-authentication-library-for-go	bump azure sdk	2023-05-22 09:05:35 +02:00
beorn7/perks	vendor: update docker/go-metrics v0.0.1	2020-03-02 20:14:15 +01:00
bshuster-repo/logrus-logstash-hook	Bump Logstash hook for logrus to v1.0.0.	2021-02-11 21:51:13 -08:00
cenkalti/backoff/v4	Otel tracing MVP: vendor changes	2023-12-11 21:18:42 +01:00
cespare/xxhash/v2	vendor: update gcs driver dependencies files	2023-05-31 09:28:43 +02:00
coreos/go-systemd/v22	Support systemd socket-activation	2023-09-20 09:37:22 -07:00
cyphar/filepath-securejoin	Bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4	2023-09-07 13:06:27 +00:00
davecgh/go-spew	testing: replace legacy gopkg.in/check.v1	2023-12-13 09:22:43 +00:00
dgryski/go-rendezvous	Replace redigo with redis-go	2023-08-26 07:44:02 +01:00
distribution/reference	chore: bump distriution/reference dependency	2024-03-26 20:19:28 +00:00
docker	feat: replace docker/libtrust with go-jose/go-jose	2023-10-19 15:32:59 +01:00
felixge/httpsnoop	Otel tracing MVP: vendor changes	2023-12-11 21:18:42 +01:00
go-jose/go-jose/v4	feature: Bump go-jose and require signing algorithms in auth	2024-05-30 20:44:35 +01:00
go-logr	Otel tracing MVP: vendor changes	2023-12-11 21:18:42 +01:00
golang	Bump google.golang.org/grpc from 1.53.0 to 1.56.3	2023-10-25 22:26:53 +00:00
golang-jwt/jwt/v4	bump azure sdk	2023-05-22 09:05:35 +02:00
google	Otel tracing MVP: vendor changes	2023-12-11 21:18:42 +01:00
googleapis	Otel tracing MVP: vendor changes	2023-12-11 21:18:42 +01:00
gorilla	vendor: github.com/gorilla/handlers v1.5.2	2023-12-22 10:23:09 +01:00
grpc-ecosystem/grpc-gateway/v2	Otel tracing MVP: vendor changes	2023-12-11 21:18:42 +01:00
hashicorp/golang-lru	update golang-lru to v2	2023-08-17 13:41:54 +02:00
inconshreveable/mousetrap	vendor: github.com/spf13/cobra v1.8.0	2023-12-01 12:05:31 +01:00
jmespath/go-jmespath	update to go 1.18 (continue testing against 1.17)	2022-05-05 10:36:28 +02:00
klauspost/compress	vendor: github.com/klauspost/compress v1.17.4	2023-12-01 10:33:39 +01:00
kylelemons/godebug	Update Azure SDK and support additional authentication schemes	2023-04-25 17:23:20 +00:00
matttproud/golang_protobuf_extensions	migrate to go modules from vndr	2019-06-19 12:24:07 -07:00
mitchellh/mapstructure	vendor: github.com/mitchellh/mapstructure v1.5.0	2023-12-27 12:28:10 +01:00
opencontainers	digestset: deprecate package in favor of go-digest/digestset	2022-11-08 23:17:10 +01:00
pkg/browser	bump azure sdk	2023-05-22 09:05:35 +02:00
pmezard/go-difflib	testing: replace legacy gopkg.in/check.v1	2023-12-13 09:22:43 +00:00
prometheus	Otel tracing MVP: vendor changes	2023-12-11 21:18:42 +01:00
redis/go-redis	Replace redigo with redis-go	2023-08-26 07:44:02 +01:00
sirupsen/logrus	vendor: github.com/sirupsen/logrus v1.9.3	2023-12-01 10:21:44 +01:00
spf13	vendor: github.com/spf13/cobra v1.8.0	2023-12-01 12:05:31 +01:00
stretchr/testify	testing: replace legacy gopkg.in/check.v1	2023-12-13 09:22:43 +00:00