v5.30.2

Fixes an interoperability issue while listing tags from JFrog Artifactory.

v5.31.1

Fixes an interoperability issue while listing tags from JFrog Artifactory.

v5.29.4

Fixes an interoperability issue while listing tags from JFrog Artifactory.

v5.31.0

What's Changed

• Bump c/storage to v1.53.0, c/image to v5.30.0, and then to v5.30.1-dev by @TomSweeneyRedHat in #2327
• fix(deps): update module github.com/sylabs/sif/v2 to v2.15.2 by @renovate in #2333
• fix(deps): update module github.com/docker/cli to v25.0.4+incompatible by @renovate in #2334
• Move to a tagged version of docker/docker by @mtrmac in #2336
• fix(deps): update go-openapi packages to v0.23.0 by @renovate in #2337
• Update to Go 1.20 by @mtrmac in #2340
• chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.3 [security] by @renovate in #2338
• chore(deps): update module gopkg.in/go-jose/go-jose.v2 to v2.6.3 [security] by @renovate in #2339
• fix(deps): update module github.com/containers/ocicrypt to v1.1.10 by @renovate in #2341
• chore(deps): update module google.golang.org/protobuf to v1.33.0 [security] by @renovate in #2344
• Add support for Docker HealthConfig.StartInterval (v25.0.0+) by @migesok in #2345
• Fix an unintentionally-added dependency on Go 1.21 by @mtrmac in #2343
• fix(deps): update module github.com/docker/docker to v25.0.5+incompatible by @renovate in #2348
• fix(deps): update module github.com/docker/cli to v25.0.5+incompatible by @renovate in #2347
• [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.0 by @renovate in #2349
• [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.1 by @renovate in #2351
• chore: fix function names by @availhang in #2357
• chore(deps): update dependency containers/automation_images to v20240320 by @renovate in #2354
• fix(deps): update module github.com/distribution/reference to v0.6.0 by @renovate in #2358
• [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.2 by @renovate in #2359
• fix(deps): update module github.com/sigstore/sigstore to v1.8.3 by @renovate in #2360
• Filter BlobInfoCache candidates before prioritization, not in transports by @mtrmac in #2346
• fix(deps): update module golang.org/x/oauth2 to v0.19.0 by @renovate in #2367
• fix(deps): update golang.org/x/exp digest to c0f41cb by @renovate in #2361
• Add a helper for formatting multiple errors by @mtrmac in #2365
• fix(deps): update module github.com/ulikunitz/xz to v0.5.12 by @renovate in #2366
• Drop some minimally-used dependencies by @mtrmac in #2364
• Fix a http.response.Body leak on a permission error by @mtrmac in #2363
• fix(deps): update module github.com/klauspost/compress to v1.17.8 by @renovate in #2372
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.7.3 by @renovate in #2373
• use containers/storage/pkg/fileutils/(Exists,Lexists) by @giuseppe in #2375
• Refactor blobCacheDestination.saveStream by @mtrmac in #2380
• Update to Go1.21 by @mtrmac in #2377
• Avoid a redundant function call by @mtrmac in #2379
• CI VMs: bump to new versions with tmpfs /tmp by @edsantiago in #2384
• Update module github.com/docker/docker to v26.0.2+incompatible [SECURITY] by @renovate in #2381
• Update module github.com/docker/cli to v26.1.0+incompatible by @renovate in #2383
• Update module github.com/docker/docker to v26.1.0+incompatible by @renovate in #2386
• Fix GoDoc link at the top of the README file by @ananthb in #2387
• Update module github.com/docker/cli to v26.1.1+incompatible by @renovate in #2388
• Update module github.com/docker/docker to v26.1.1+incompatible by @renovate in #2389
• Update module golang.org/x/exp to v0.0.0-20240416160154-fe59bbe5cc7f by @renovate in #2392
• [CI:DOCS] Update dependency golangci/golangci-lint to v1.58.0 by @renovate in #2393
• Update module golang.org/x/oauth2 to v0.20.0 by @renovate in #2395
• Update module golang.org/x/term to v0.20.0 by @renovate in #2396
• Update module go.etcd.io/bbolt to v1.3.10 by @renovate in #2397
• Update module golang.org/x/crypto to v0.23.0 by @renovate in #2398
• Update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842 by @renovate in #2399
• [CI:DOCS] Update dependency golangci/golangci-lint to v1.58.1 by @renovate in #2400
• Fix CVE-2024-3727 by @mtrmac in #2403
• Update module github.com/docker/docker to v26.1.2+incompatible by @renovate in #2402
• Update module github.com/docker/cli to v26.1.2+incompatible by @renovate in #2401
• [release-5.30] Release 5.30.1 by @mtrmac in #2405
• Merge the release-5.30 branch into main by @mtrmac in #2407
• Update module github.com/hashicorp/go-retryablehttp to v0.7.6 by @renovate in #2409
• Fix font choices in containers-transports.5 by @mtrmac in #2412
• Quote various strings coming from untrusted sources by @mtrmac in #2408
• Non-security digest.Digest use cleanups by @mtrmac in #2410
• docker: support for requesting chunks without end offset by @giuseppe in #2391
• Silently assume arm=v7, arm64=v8 on macOS by @mtrmac in #2411
• Allow using recent opencontainers/go-digest by @mtrmac in #2406
• Fixes to storage’s GetBlob by @mtrmac in #2394
• storage: cleanup staged layer if unused by @giuseppe in #2390
• Recognize "manifest unknown" errors reported by Harbor by @mtrmac in #2413
• fix(deps): update module github.com/docker/docker to v26.1.3+incompatible by @renovate in #2420
• fix(deps): update module github.com/docker/cli to v26.1.3+incompatible by @renovate in #2419
• [Additional Layer Store] Use TOCDigest as ID of each layer (patch for c/image) by @ktock in #2416
• fix(deps): update module github.com/containers/storage to v1.54.0 by @renovate in #2426
• Short-term kludges for recent AdditionalLayerStore changes by @mtrmac in #2428

New Contributors

• @migesok made their first contribution in #2345
• @availhang made their first contribution in #2357
• @edsantiago made their first contribution in #2384
• @ananthb made their first contribution in #2387

Full Changelog: v5.30.1...v5.31.0

v5.29.3

What's Changed

• Backport Docker Daemon fix #2260, bump to 5.29.2, then 5.29.3-dev by @TomSweeneyRedHat in #2270
• [release-5.29] Fix CVE-2024-3727 by @mtrmac in #2418

Full Changelog: v5.29.2...v5.29.3

v5.30.1

This fixes CVE-2024-3727 .

Digest values used throughout this library were not always validated. That allowed attackers to trigger, when pulling untrusted images, unexpected authenticated registry accesses on behalf of a victim user.

In less common uses of this library (using other transports or not using the containers/image/v5/copy.Image API), an attacker could also trigger local path traversals or crashes.

v5.30.0

What's Changed

A fair number of improvements when working with zstd and zstd:chunked-compressed images.

Note that make install now installs policy.json and registries.d/default.yaml.

• Refuse compression to zstd when using schema1 by @mtrmac in #2196
• Don't expose local account details in oci-archive tar files by @mtrmac in #2202
• Trigger a conversion to OCI when compressing to Zstd by @mtrmac in #2204
• Add buildtags to avoid fulcio and rekor dependencies by @siretart in #2180
• copy: do not fail if digest mismatches by @giuseppe in #1980
• Moving policy.json and default.yaml from containers/skopeo by @rahilarious in #2215
• Embrace codespell: config, workflow (to alert when new typos added) and get typos fixed by @yarikoptic in #2214
• Fix raspberry pi zero cpu variant recognition by @lstolcman in #2086
• storage: validate images converted to zstd:chunked by @giuseppe in #2243
• Make blob reuse choices manifest-format-sensitive, and allow conversions when writing to format-agnostic transports by @mtrmac in #2213
• Edit the manifest when pushing uncompressed data from c/storage by @mtrmac in #2273
• Random storage-related cleanups by @mtrmac in #2287
• Improve storage transport documentation, primarily about locking by @mtrmac in #2291
• Fix c/storage destination with partial pulls by @mtrmac in #2288
• Fix manifest updates when we match a layer by TOC digest by @mtrmac in #2294
• Cleanly fail when trying to obtain a DiffID of a non-OCI image by @mtrmac in #2295
• Beautify TOC-related parts of storageImageSource by @mtrmac in #2296
• storage: use the new ApplyStagedLayer interface by @giuseppe in #2301
• Also annotate image instances using zstd:chunked as using zstd by @mtrmac in #2302
• Support editing ArtifactType, preserve it in lists by @nalind in #2304
• Provide data to correctly report throughput on partial pulls by @mtrmac in #2308
• Add validation error to digesting reader by @saschagrunert in #2312
• Fix handling of errors when fetching layers by URLs by @mtrmac in #2310
• Improve handling of zstd vs. zstd:chunked matching by @mtrmac in #2317

New Contributors

• @rahilarious made their first contribution in #2215
• @yarikoptic made their first contribution in #2214
• @lstolcman made their first contribution in #2086
• @bainsy88 made their first contribution in #2260

Full Changelog: v5.29.2...v5.30.0

v5.29.2

What's Changed

• [release-5.29] backport Docker Daemon fix by @TomSweeneyRedHat in #2270
• [release-5.29] Tag 5.29.1 by @mtrmac in #2253
• Use a stable Skopeo branch for testing the stable c/image branch by @mtrmac in #2262

Full Changelog: v5.29.1...v5.29.2

v5.29.1

• Add support for pushing an image with unknown digest

v5.29.0

What's Changed

• Bump to v5.28.0 by @rhatdan in #2114
• fix(deps): update module github.com/containers/storage to v1.50.2 by @renovate in #2115
• Run codespell on code by @rhatdan in #2116
• fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5 by @renovate in #2117
• Use constants and types from opencontainers/image-spec/specs-go/v1 by @mtrmac in #2119
• progress: set Current before Refill by @giuseppe in #2121
• copy: fix nil pointer dereference when checking compression algorithm by @crazy-max in #2120
• fix(deps): update module github.com/klauspost/compress to v1.17.0 by @renovate in #2122
• fix(deps): update module github.com/sylabs/sif/v2 to v2.14.0 by @renovate in #2124
• ociarchive: Add new ArchiveFileNotFoundError by @cgwalters in #2123
• fix: typo by @testwill in #2125
• fix(deps): update module github.com/sylabs/sif/v2 to v2.14.1 by @renovate in #2126
• fix(deps): update golang.org/x/exp digest to 7918f67 by @renovate in #2130
• fix(deps): update module github.com/sylabs/sif/v2 to v2.15.0 by @renovate in #2137
• fix(deps): update module golang.org/x/oauth2 to v0.13.0 by @renovate in #2136
• Fix podman search for docker.io/library images by @boaz0 in #2133
• fix(deps): update module github.com/docker/distribution to v2.8.3+incompatible by @renovate in #2131
• fix(deps): update module github.com/sigstore/fulcio to v1.4.1 by @renovate in #2138
• fix(deps): update module github.com/sigstore/fulcio to v1.4.2 by @renovate in #2140
• Oci image deletion by @Pvlerick in #2003
• fix(deps): update module github.com/sigstore/fulcio to v1.4.3 by @renovate in #2142
• fix(deps): update module github.com/otiai10/copy to v1.14.0 by @renovate in #2144
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.2 by @renovate in #2146
• fix(deps): update module github.com/klauspost/compress to v1.17.1 by @renovate in #2148
• fix(deps): update module github.com/sigstore/sigstore to v1.7.4 by @renovate in #2145
• chore(deps): update dependency containers/automation_images to v20231004 by @renovate in #2150
• Fix conversion of Zstd images to non-OCI formats by @mtrmac in #2151
• Parse the body of (docker load) response to correctly handle errors by @mtrmac in #2153
• Fix a comment by @mtrmac in #2152
• fix(deps): update module github.com/klauspost/compress to v1.17.2 by @renovate in #2154
• Don't use append() on slices with unclear origin by @mtrmac in #2155
• Remove unused environment variables in Cirrus by @mtrmac in #2156
• Fix and simplify storage tests by @mtrmac in #2147
• Add image.UnparsedInstanceWithReference and storage.ResolveReference by @mtrmac in #2056
• fix(deps): update module github.com/docker/docker to v24.0.7+incompatible [security] by @renovate in #2163
• fix(deps): update module github.com/sigstore/sigstore to v1.7.5 by @renovate in #2159
• fix(deps): update module go.etcd.io/bbolt to v1.3.8 by @renovate in #2161
• Missed null check in docker_image_dest.go by @bojidar-bg in #2164
• Simplify storage test setup by @mtrmac in #2158
• fix(deps): update module github.com/containers/ocicrypt to v1.1.9 by @renovate in #2165
• docker, BlobInfoCache: try to reuse blobs from set of all known compressed blobs when pushing across registries by @flouthoc in #1645
• blobinfocache,sqlite: remove unnecessary compression check by @flouthoc in #2168
• fix(deps): update github.com/containers/storage digest to 6e72f11 by @renovate in #2166
• fix(deps): update github.com/cyberphone/json-canonicalization digest to 785e297 by @renovate in #2167
• Improve documentation of ResolveReference by @mtrmac in #2170
• Improve lint tool handling by @mtrmac in #2171
• [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2 by @renovate in #2172
• fix(deps): update module golang.org/x/sync to v0.5.0 by @renovate in #2175
• fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.18 by @renovate in #2174
• fix(deps): update module golang.org/x/term to v0.14.0 by @renovate in #2176
• fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.5 by @renovate in #2177
• fix(deps): update module golang.org/x/crypto to v0.15.0 by @renovate in #2178
• fix(deps): update module golang.org/x/oauth2 to v0.14.0 by @renovate in #2179
• Add DockerCompatAuthFilePath to allow login/logout to interoperate by @mtrmac in #2173
• fix(deps): update module github.com/docker/cli to v24.0.7+incompatible by @renovate in #2187
• Update github.com/go-jose/go-jose/v3 by @mtrmac in #2188
• Quote the response body in an error message by @mtrmac in #2186
• fix(deps): update module github.com/klauspost/compress to v1.17.3 by @renovate in #2190
• WIP HACK: Do not reuse zstd:chunked blobs by @mtrmac in #2185

New Contributors

• @testwill made their first contribution in #2125
• @bojidar-bg made their first contribution in #2164

Full Changelog: v5.28.0...v5.29.0