Bump the go-modules group with 2 updates #223

dependabot · 2023-12-05T01:48:06Z

Bumps the go-modules group with 2 updates: github.com/containerd/stargz-snapshotter/estargz and github.com/google/go-containerregistry.

Updates github.com/containerd/stargz-snapshotter/estargz from 0.14.3 to 0.15.1

Release notes

Sourced from github.com/containerd/stargz-snapshotter/estargz's releases.

v0.15.1

Notable Changes

Removed support for CRI v1alpha2 API that was deprecated in containerd v1.7 (#1175)

Make timeout per-request (#1181), thanks to @Kern--

fix: rollback snapshot to prevent bolt deadlock (#1326), thanks to @goller

Protect node.ents and node.entsCached with a mutex (#1381), thanks to @iain-macdonald

Fixed the snapshotter reported incorrect number blocks for a file (#1387), thanks to @Kern--

chore: pkg imported more than once (#1363), thanks to @testwill

Note about v0.15.0

v0.15.0 has been tagged but it didn't include release binaries due to CI issue. For trying binary release of v0.15, please use stargz-snapshotter newer than v0.15.1.

Commits

64ab83b Merge pull request #1456 from ktock/p-0.15.1
2832142 Merge pull request #1455 from ktock/fix-release-ci
5ff919b prepare for v0.15.1
e18efae fix gh invocation release ci
9605129 Merge pull request #1454 from ktock/prepare-0.15.0
be3a3fb Prepare for v0.15.0
3d648b5 Merge pull request #1449 from ktock/update-deps-202310
a708e72 Merge pull request #1431 from ktock/go-multiaddr-0.12.0
f298da6 Merge pull request #1447 from AkihiroSuda/static
772ca65 go.mod: bump github.com/multiformats/go-multiaddr from 0.11.0 to 0.12.0
Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.14.0 to 0.17.0

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.17.0

What's Changed

🦅 Validate index architectures match children 🦅 by @jonjohnsonjr in google/go-containerregistry#1776

Set Content-Length for blob uploads by @jonjohnsonjr in google/go-containerregistry#1781

Don't wrap DefaultKeychain with refreshes by @jonjohnsonjr in google/go-containerregistry#1791

Build releases with Go 1.21 by @imjasonh in google/go-containerregistry#1840

fix: mimic oci-layout in diskblobhandler by @thesayyn in google/go-containerregistry#1810

tag: add command explanation to the long help by @abitrolly in google/go-containerregistry#1843

feat: implement gc command by @thesayyn in google/go-containerregistry#1811

feat: allow port and disk path to be overriden by @thesayyn in google/go-containerregistry#1848

Full Changelog: google/go-containerregistry@v0.16.1...v0.17.0

v0.16.1

Release is broken due to goreleaser error, 0.16.1 has the fix

What's Changed

bump deps using ./hack/bump-deps.sh by @imjasonh in google/go-containerregistry#1702

Allow crane to export schema 1 images by @jonjohnsonjr in google/go-containerregistry#1704

fixed a goroutine leak by @ktarplee in google/go-containerregistry#1705

retry HTTP 522 errors by default by @imjasonh in google/go-containerregistry#1707

Limit size of manifest by @AdamKorcz in google/go-containerregistry#1711

Add crane auth token by @jonjohnsonjr in google/go-containerregistry#1709

Bump codecov/codecov-action from 3.1.3 to 3.1.4 by @dependabot in google/go-containerregistry#1710

Pass scopes through crane auth token by @jonjohnsonjr in google/go-containerregistry#1713

fix: add bounds checking to addendum layer mutations to prevent panic by @aaron-prindle in google/go-containerregistry#1715

Surface better error messages in crane index by @jonjohnsonjr in google/go-containerregistry#1722

crane: add missing name option in crane index commands by @HubertZhang in google/go-containerregistry#1723

crane: Respect cmd.OutOrStdout by @kyleconroy in google/go-containerregistry#1728

Make ErrSchema1 checkable via errors.Is() by @Laitr0n in google/go-containerregistry#1721

Don't load into daemon if the image already exists by @jonjohnsonjr in google/go-containerregistry#1724

add --blobs-to-disk to 'crane registry serve' by @imjasonh in google/go-containerregistry#1731

Correct crane registry help text by @jonjohnsonjr in google/go-containerregistry#1732

Allow concurrent blob Sets, use RWMutex by @mattmoor in google/go-containerregistry#1733

Use RWLock, limit scope of locking, write digest first by @mattmoor in google/go-containerregistry#1734

Let the filesystem handle atomicity by @mattmoor in google/go-containerregistry#1735

Don't try cross-origin mounting against dockerhub by @jonjohnsonjr in google/go-containerregistry#1743

Drop localhost to support crane registry serve in a container by @mattmoor in google/go-containerregistry#1746

Return OCI Index content-type for referrers response by @jdolitsky in google/go-containerregistry#1762

New Contributors

@AdamKorcz made their first contribution in google/go-containerregistry#1711

@HubertZhang made their first contribution in google/go-containerregistry#1723

@kyleconroy made their first contribution in google/go-containerregistry#1728

@Laitr0n made their first contribution in google/go-containerregistry#1721

Full Changelog: google/go-containerregistry@v0.15.2...v0.16.1

Container Images

... (truncated)

Commits

4fdaa32 feat: allow port and disk path to be overriden (#1848)
ceb0580 feat: implement gc command (#1811)
5a53a12 tag: add command explanation to the long help (#1843)
c722ce9 fix: mimic oci-layout (#1810)
b2485cb Build releases with Go 1.21 (#1840)
dbcd01c Don't wrap DefaultKeychain with refreshes (#1791)
a748190 Set Content-Length for blob uploads (#1781)
190ad0e Validate index architectures match children (#1776)
a54d642 fix: pin to goreleaser v1.18 to unblock release (#1763)
ea19b57 Return OCI Index content-type for referrers response (#1762)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-modules group with 2 updates: [github.com/containerd/stargz-snapshotter/estargz](https://github.com/containerd/stargz-snapshotter) and [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry). Updates `github.com/containerd/stargz-snapshotter/estargz` from 0.14.3 to 0.15.1 - [Release notes](https://github.com/containerd/stargz-snapshotter/releases) - [Commits](containerd/stargz-snapshotter@v0.14.3...v0.15.1) Updates `github.com/google/go-containerregistry` from 0.14.0 to 0.17.0 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](google/go-containerregistry@v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: github.com/containerd/stargz-snapshotter/estargz dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/google/go-containerregistry dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot requested a review from a team as a code owner December 5, 2023 01:48

dependabot bot requested review from thitch97 and sophiewigmore December 5, 2023 01:48

dependabot bot added the failure:update-dependencies An issue filed automatically when updating buildpack.toml dependencies fails in a workflow label Dec 5, 2023

paketo-bot added the semver:patch A change requiring a patch version bump label Dec 5, 2023

paketo-bot-reviewer approved these changes Dec 5, 2023

View reviewed changes

paketo-bot merged commit 29cf689 into main Dec 5, 2023
9 of 10 checks passed

paketo-bot deleted the dependabot/go_modules/go-modules-4bf1aabe1f branch December 5, 2023 01:53

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the go-modules group with 2 updates #223

Bump the go-modules group with 2 updates #223

dependabot bot commented on behalf of github Dec 5, 2023

Bump the go-modules group with 2 updates #223

Bump the go-modules group with 2 updates #223

Conversation

dependabot bot commented on behalf of github Dec 5, 2023

v0.15.1

Notable Changes

Note about v0.15.0

v0.17.0

What's Changed

v0.16.1

What's Changed

New Contributors

Container Images