Update module github.com/containers/image/v5 to v5.29.3 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/containers/image/v5	v5.1.0 -> v5.29.3

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-3727

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

---

Release Notes

containers/image (github.com/containers/image/v5)

v5.29.3

Compare Source

What's Changed

• Backport Docker Daemon fix #​2260, bump to 5.29.2, then 5.29.3-dev by @​TomSweeneyRedHat in https://github.com/containers/image/pull/2270
• [release-5.29] Fix CVE-2024-3727 by @​mtrmac in https://github.com/containers/image/pull/2418

Full Changelog: containers/image@v5.29.2...v5.29.3

v5.29.2

Compare Source

What's Changed

• [release-5.29] backport Docker Daemon fix by @​TomSweeneyRedHat in https://github.com/containers/image/pull/2270
• [release-5.29] Tag 5.29.1 by @​mtrmac in https://github.com/containers/image/pull/2253
• Use a stable Skopeo branch for testing the stable c/image branch by @​mtrmac in https://github.com/containers/image/pull/2262

Full Changelog: containers/image@v5.29.1...v5.29.2

v5.29.1

Compare Source

• Add support for pushing an image with unknown digest

v5.29.0

Compare Source

What's Changed

• Bump to v5.28.0 by @​rhatdan in https://github.com/containers/image/pull/2114
• fix(deps): update module github.com/containers/storage to v1.50.2 by @​renovate in https://github.com/containers/image/pull/2115
• Run codespell on code by @​rhatdan in https://github.com/containers/image/pull/2116
• fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5 by @​renovate in https://github.com/containers/image/pull/2117
• Use constants and types from opencontainers/image-spec/specs-go/v1 by @​mtrmac in https://github.com/containers/image/pull/2119
• progress: set Current before Refill by @​giuseppe in https://github.com/containers/image/pull/2121
• copy: fix nil pointer dereference when checking compression algorithm by @​crazy-max in https://github.com/containers/image/pull/2120
• fix(deps): update module github.com/klauspost/compress to v1.17.0 by @​renovate in https://github.com/containers/image/pull/2122
• fix(deps): update module github.com/sylabs/sif/v2 to v2.14.0 by @​renovate in https://github.com/containers/image/pull/2124
• ociarchive: Add new ArchiveFileNotFoundError by @​cgwalters in https://github.com/containers/image/pull/2123
• fix: typo by @​testwill in https://github.com/containers/image/pull/2125
• fix(deps): update module github.com/sylabs/sif/v2 to v2.14.1 by @​renovate in https://github.com/containers/image/pull/2126
• fix(deps): update golang.org/x/exp digest to 7918f67 by @​renovate in https://github.com/containers/image/pull/2130
• fix(deps): update module github.com/sylabs/sif/v2 to v2.15.0 by @​renovate in https://github.com/containers/image/pull/2137
• fix(deps): update module golang.org/x/oauth2 to v0.13.0 by @​renovate in https://github.com/containers/image/pull/2136
• Fix podman search for docker.io/library images by @​boaz0 in https://github.com/containers/image/pull/2133
• fix(deps): update module github.com/docker/distribution to v2.8.3+incompatible by @​renovate in https://github.com/containers/image/pull/2131
• fix(deps): update module github.com/sigstore/fulcio to v1.4.1 by @​renovate in https://github.com/containers/image/pull/2138
• fix(deps): update module github.com/sigstore/fulcio to v1.4.2 by @​renovate in https://github.com/containers/image/pull/2140
• Oci image deletion by @​Pvlerick in https://github.com/containers/image/pull/2003
• fix(deps): update module github.com/sigstore/fulcio to v1.4.3 by @​renovate in https://github.com/containers/image/pull/2142
• fix(deps): update module github.com/otiai10/copy to v1.14.0 by @​renovate in https://github.com/containers/image/pull/2144
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.2 by @​renovate in https://github.com/containers/image/pull/2146
• fix(deps): update module github.com/klauspost/compress to v1.17.1 by @​renovate in https://github.com/containers/image/pull/2148
• fix(deps): update module github.com/sigstore/sigstore to v1.7.4 by @​renovate in https://github.com/containers/image/pull/2145
• chore(deps): update dependency containers/automation_images to v20231004 by @​renovate in https://github.com/containers/image/pull/2150
• Fix conversion of Zstd images to non-OCI formats by @​mtrmac in https://github.com/containers/image/pull/2151
• Parse the body of (docker load) response to correctly handle errors by @​mtrmac in https://github.com/containers/image/pull/2153
• Fix a comment by @​mtrmac in https://github.com/containers/image/pull/2152
• fix(deps): update module github.com/klauspost/compress to v1.17.2 by @​renovate in https://github.com/containers/image/pull/2154
• Don't use append() on slices with unclear origin by @​mtrmac in https://github.com/containers/image/pull/2155
• Remove unused environment variables in Cirrus by @​mtrmac in https://github.com/containers/image/pull/2156
• Fix and simplify storage tests by @​mtrmac in https://github.com/containers/image/pull/2147
• Add image.UnparsedInstanceWithReference and storage.ResolveReference by @​mtrmac in https://github.com/containers/image/pull/2056
• fix(deps): update module github.com/docker/docker to v24.0.7+incompatible [security] by @​renovate in https://github.com/containers/image/pull/2163
• fix(deps): update module github.com/sigstore/sigstore to v1.7.5 by @​renovate in https://github.com/containers/image/pull/2159
• fix(deps): update module go.etcd.io/bbolt to v1.3.8 by @​renovate in https://github.com/containers/image/pull/2161
• Missed null check in docker_image_dest.go by @​bojidar-bg in https://github.com/containers/image/pull/2164
• Simplify storage test setup by @​mtrmac in https://github.com/containers/image/pull/2158
• fix(deps): update module github.com/containers/ocicrypt to v1.1.9 by @​renovate in https://github.com/containers/image/pull/2165
• docker, BlobInfoCache: try to reuse blobs from set of all known compressed blobs when pushing across registries by @​flouthoc in https://github.com/containers/image/pull/1645
• blobinfocache,sqlite: remove unnecessary compression check by @​flouthoc in https://github.com/containers/image/pull/2168
• fix(deps): update github.com/containers/storage digest to 6e72f11 by @​renovate in https://github.com/containers/image/pull/2166
• fix(deps): update github.com/cyberphone/json-canonicalization digest to 785e297 by @​renovate in https://github.com/containers/image/pull/2167
• Improve documentation of ResolveReference by @​mtrmac in https://github.com/containers/image/pull/2170
• Improve lint tool handling by @​mtrmac in https://github.com/containers/image/pull/2171
• [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2 by @​renovate in https://github.com/containers/image/pull/2172
• fix(deps): update module golang.org/x/sync to v0.5.0 by @​renovate in https://github.com/containers/image/pull/2175
• fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.18 by @​renovate in https://github.com/containers/image/pull/2174
• fix(deps): update module golang.org/x/term to v0.14.0 by @​renovate in https://github.com/containers/image/pull/2176
• fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.5 by @​renovate in https://github.com/containers/image/pull/2177
• fix(deps): update module golang.org/x/crypto to v0.15.0 by @​renovate in https://github.com/containers/image/pull/2178
• fix(deps): update module golang.org/x/oauth2 to v0.14.0 by @​renovate in https://github.com/containers/image/pull/2179
• Add DockerCompatAuthFilePath to allow login/logout to interoperate by @​mtrmac in https://github.com/containers/image/pull/2173
• fix(deps): update module github.com/docker/cli to v24.0.7+incompatible by @​renovate in https://github.com/containers/image/pull/2187
• Update github.com/go-jose/go-jose/v3 by @​mtrmac in https://github.com/containers/image/pull/2188
• Quote the response body in an error message by @​mtrmac in https://github.com/containers/image/pull/2186
• fix(deps): update module github.com/klauspost/compress to v1.17.3 by @​renovate in https://github.com/containers/image/pull/2190
• WIP HACK: Do not reuse zstd:chunked blobs by @​mtrmac in https://github.com/containers/image/pull/2185

New Contributors

• @​testwill made their first contribution in https://github.com/containers/image/pull/2125
• @​bojidar-bg made their first contribution in https://github.com/containers/image/pull/2164

Full Changelog: containers/image@v5.28.0...v5.29.0

v5.28.0

Compare Source

What's Changed

• Bump to v5.26.0 by @​TomSweeneyRedHat in https://github.com/containers/image/pull/2013
• fix(deps): update module github.com/sigstore/rekor to v1.2.2 by @​renovate in https://github.com/containers/image/pull/2014
• fix(deps): update module github.com/sigstore/fulcio to v1.3.2 by @​renovate in https://github.com/containers/image/pull/2016
• Adding IO decorator to copy progress bar by @​Pvlerick in https://github.com/containers/image/pull/2015
• Ensure we close HTTP connections on all paths by @​mtrmac in https://github.com/containers/image/pull/2017
• fix(deps): update module github.com/containers/storage to v1.48.0 by @​renovate in https://github.com/containers/image/pull/2018
• fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc4 by @​renovate in https://github.com/containers/image/pull/2020
• fix(deps): update github.com/cyberphone/json-canonicalization digest to 91eb5f1 by @​renovate in https://github.com/containers/image/pull/2021
• fix(deps): update golang.org/x/exp digest to 97b1e66 by @​renovate in https://github.com/containers/image/pull/2022
• fix(deps): update module github.com/klauspost/compress to v1.16.7 by @​renovate in https://github.com/containers/image/pull/2024
• fix(deps): update module github.com/docker/docker to v24.0.3+incompatible by @​renovate in https://github.com/containers/image/pull/2031
• fix(deps): update module golang.org/x/oauth2 to v0.10.0 by @​renovate in https://github.com/containers/image/pull/2028
• manifest: ListUpdate add imgspecv1.Platform field by @​flouthoc in https://github.com/containers/image/pull/2029
• fix(deps): update module github.com/docker/docker to v24.0.4+incompatible by @​renovate in https://github.com/containers/image/pull/2032
• pkg/docker: use the same default auth path as macOS on FreeBSD by @​dfr in https://github.com/containers/image/pull/2034
• fix(deps): update module github.com/sigstore/fulcio to v1.3.4 by @​renovate in https://github.com/containers/image/pull/2033
• blob: TryReusingBlobWithOptions consider RequiredCompression if set by @​flouthoc in https://github.com/containers/image/pull/2023
• Fix tests of the ostree transport by @​mtrmac in https://github.com/containers/image/pull/2037
• helpers_test,cleanup: correct argument order by @​flouthoc in https://github.com/containers/image/pull/2039
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.1 by @​renovate in https://github.com/containers/image/pull/2041
• Make temporary names container/image specific by @​rhatdan in https://github.com/containers/image/pull/2045
• listupdate,oci: instance show read-only annotations and CompressionAlgorithmNames by @​flouthoc in https://github.com/containers/image/pull/2040
• fix(deps): update module github.com/docker/docker-credential-helpers to v0.8.0 by @​renovate in https://github.com/containers/image/pull/2046
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.2 by @​renovate in https://github.com/containers/image/pull/2044
• Fix TestOCI1IndexChooseInstanceByCompression on non-amd64 by @​mtrmac in https://github.com/containers/image/pull/2043
• Refactor data passing in c/image/copy by @​mtrmac in https://github.com/containers/image/pull/2048
• Update module github.com/sigstore/fulcio to v1.4.0 by @​renovate in https://github.com/containers/image/pull/2049
• copy/multiple: instanceCopyCopy honor UpdateCompressionAlgorithms by @​flouthoc in https://github.com/containers/image/pull/2047
• Update vendor of containers/storage by @​rhatdan in https://github.com/containers/image/pull/2052
• copy/single: accept custom *Options and wrap arguments in copySingleImageOptions by @​flouthoc in https://github.com/containers/image/pull/2050
• Improve transport documentation by @​mtrmac in https://github.com/containers/image/pull/2042
• fix(deps): update module github.com/vbatts/tar-split to v0.11.5 by @​renovate in https://github.com/containers/image/pull/2053
• fix(deps): update module github.com/docker/docker to v24.0.5+incompatible by @​renovate in https://github.com/containers/image/pull/2055
• copy: implement instanceCopyClone for zstd compression by @​flouthoc in https://github.com/containers/image/pull/1987
• copy/multiple: priority of instanceCopyCopy must be higher than instanceCopyClone by @​flouthoc in https://github.com/containers/image/pull/2059
• Clarify where mirrors are used by @​mtrmac in https://github.com/containers/image/pull/2061
• fix(deps): update github.com/cyberphone/json-canonicalization digest to aa7fe85 by @​renovate in https://github.com/containers/image/pull/2064
• fix(deps): update github.com/containers/storage digest to c3da76f by @​renovate in https://github.com/containers/image/pull/2063
• Update x/exp/slices, and some small slice-related cleanups by @​mtrmac in https://github.com/containers/image/pull/2066
• Use consistent example domains in https://github.com/containers/image/pull/2069
• copy: add support for ForceCompressionFormat by @​flouthoc in https://github.com/containers/image/pull/2068
• fix(deps): update module golang.org/x/term to v0.11.0 by @​renovate in https://github.com/containers/image/pull/2073
• fix(deps): update module golang.org/x/crypto to v0.12.0 by @​renovate in https://github.com/containers/image/pull/2078
• fix(deps): update module golang.org/x/oauth2 to v0.11.0 by @​renovate in https://github.com/containers/image/pull/2080
• [release-5.27] Preparing 5.27 backport by @​mtrmac in https://github.com/containers/image/pull/2075
• Update to Go 1.19 by @​mtrmac in https://github.com/containers/image/pull/2079
• storage.storageImageDestination.Commit(): leverage image options by @​nalind in https://github.com/containers/image/pull/2067
• Rename SKOPEO_CI_TAG to SKOPEO_CI_BRANCH by @​mtrmac in https://github.com/containers/image/pull/2083
• [CI:DOCS] Add cirrus-cron retry/monitor jobs by @​cevich in https://github.com/containers/image/pull/2082
• chore(deps): update dependency containers/automation_images to v20230807 by @​renovate in https://github.com/containers/image/pull/2081
• [release-5.27] Fix the branch we use for determining a git-validation starting point by @​mtrmac in https://github.com/containers/image/pull/2084
• fix(deps): update golang.org/x/exp digest to 352e893 by @​renovate in https://github.com/containers/image/pull/2065
• fix(deps): update module github.com/sigstore/sigstore to v1.7.2 by @​renovate in https://github.com/containers/image/pull/2085
• OCI image-spec / distribution-spec v1.1 updates, first round by @​mtrmac in https://github.com/containers/image/pull/2062
• fix(deps): update module github.com/sylabs/sif/v2 to v2.12.0 by @​renovate in https://github.com/containers/image/pull/2087
• chore(deps): update dependency containers/automation_images to v20230809 by @​renovate in https://github.com/containers/image/pull/2089
• Merge release branch into main by @​mtrmac in https://github.com/containers/image/pull/2070
• BREAKING: Update for move of github.com/theupdateframework/go-tuf/encrypted by @​mtrmac in https://github.com/containers/image/pull/2054
• Update module github.com/containers/ocicrypt to v1.1.8 by @​renovate in https://github.com/containers/image/pull/2091
• chore(deps): update dependency containers/automation_images to v20230816 by @​renovate in https://github.com/containers/image/pull/2093
• fix(deps): update module github.com/containers/storage to v1.49.0 by @​renovate in https://github.com/containers/image/pull/2095
• fix(deps): update module github.com/sylabs/sif/v2 to v2.13.0 by @​renovate in https://github.com/containers/image/pull/2097
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.0 by @​renovate in https://github.com/containers/image/pull/2098
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.1 by @​renovate in https://github.com/containers/image/pull/2099
• fix(deps): update golang.org/x/exp digest to d852ddb by @​renovate in https://github.com/containers/image/pull/2101
• fix(deps): update module golang.org/x/term to v0.12.0 by @​renovate in https://github.com/containers/image/pull/2103
• fix(deps): update module github.com/sigstore/sigstore to v1.7.3 by @​renovate in https://github.com/containers/image/pull/2102
• fix removal of temp file in GetBlob on Windows by @​mikenorgate in https://github.com/containers/image/pull/2104
• fix(deps): update module golang.org/x/crypto to v0.13.0 by @​renovate in https://github.com/containers/image/pull/2106
• Fix build with golangci-lint 1.54.2 by @​mtrmac in https://github.com/containers/image/pull/2107
• fix(deps): update module golang.org/x/oauth2 to v0.12.0 by @​renovate in https://github.com/containers/image/pull/2108
• Implement, and default to, a SQLite BlobInfoCache instead of BoltDB by @​mtrmac in https://github.com/containers/image/pull/2092
• fix(deps): update module github.com/docker/docker to v24.0.6+incompatible by @​renovate in https://github.com/containers/image/pull/2109
• Update dependencies of docker/docker by @​mtrmac in https://github.com/containers/image/pull/2110
• Correctly handle encryption/decryption changes in non-OCI formats by @​mtrmac in https://github.com/containers/image/pull/1932
• chore(deps): update module github.com/cyphar/filepath-securejoin to v0.2.4 [security] by @​renovate in https://github.com/containers/image/pull/2111
• fix(deps): update module github.com/containers/storage to v1.50.1 by @​renovate in https://github.com/containers/image/pull/2112

New Contributors

• @​Pvlerick made their first contribution in https://github.com/containers/image/pull/2015
• @​mikenorgate made their first contribution in https://github.com/containers/image/pull/2104

Full Changelog: containers/image@v5.27.0...v5.28.0

v5.27.1

Compare Source

What's Changed

• [release-5.27] Preparing 5.27 backport by @​mtrmac in https://github.com/containers/image/pull/2075
• [release-5.27] Fix the branch we use for determining a git-validation starting point by @​mtrmac in https://github.com/containers/image/pull/2084
• [release-5.27] Backport by @​mtrmac in https://github.com/containers/image/pull/2546
• [release-5.27] Bump c/image to v5.27.1 and then to v5.27.2-dev by @​TomSweeneyRedHat in https://github.com/containers/image/pull/25577

Full Changelog: containers/image@v5.27.0...v5.27.1

v5.27.0

Compare Source

• New copy.Options.EnsureCompressionVariantsExist allows creating images that are consumable by existing gzip-only consumers, but include a Zstd-compressed version is preferred by c/image.
• OCI images using Zstd compression now carry a io.github.containers.compression.zstd annotation in the OCI image index.

v5.26.3

Compare Source

What's Changed

• [release-5.26] Bump c/storage to 1.48.1, c/image to 5.26.2 and 5.26.3-dev by @​TomSweeneyRedHat in https://github.com/containers/image/pull/2096
• [release-5.26] Backport by @​mtrmac in https://github.com/containers/image/pull/2547
• [release-5.26] Bump c/image to v5.26.3 then to v5.26.4-dev by @​TomSweeneyRedHat in https://github.com/containers/image/pull/2558

Full Changelog: containers/image@v5.26.2...v5.26.3

v5.26.2

Compare Source

What's Changed

• [release-5.26] c/storage to 1.48, bump c/image to v5.26.1, and then to v5.26.2-dev by @​TomSweeneyRedHat in https://github.com/containers/image/pull/2019
• [release-5.26] Test the release-5.26 branch against the 1.13 branch of Skopeo by @​mtrmac in https://github.com/containers/image/pull/2090

Full Changelog: containers/image@v5.26.1...v5.26.2

v5.26.1

Compare Source

Full Changelog: containers/image@v5.26.0...v5.26.1
[release-5.26] Bump to v5.26.1
[release-5.26] Bump c/storage to 1.48.0

v5.26.0

Compare Source

What's Changed

• Release 5.25.0 by @​mtrmac in https://github.com/containers/image/pull/1909
• fix(deps): update module github.com/docker/docker to v23.0.3+incompatible by @​renovate in https://github.com/containers/image/pull/1910
• fix(deps): update module golang.org/x/term to v0.7.0 by @​renovate in https://github.com/containers/image/pull/1911
• fix(deps): update module github.com/klauspost/compress to v1.16.4 by @​renovate in https://github.com/containers/image/pull/1912
• fix(deps): update module github.com/sigstore/sigstore to v1.6.1 by @​renovate in https://github.com/containers/image/pull/1913
• chore(deps): update dependency containers/automation_images to v20230405 by @​renovate in https://github.com/containers/image/pull/1914
• fix(deps): update module golang.org/x/crypto to v0.8.0 by @​renovate in https://github.com/containers/image/pull/1915
• fix(deps): update module golang.org/x/oauth2 to v0.7.0 by @​renovate in https://github.com/containers/image/pull/1916
• fix(deps): update module github.com/containers/storage to v1.46.1 by @​renovate in https://github.com/containers/image/pull/1917
• fix(deps): update module github.com/sigstore/sigstore to v1.6.2 by @​renovate in https://github.com/containers/image/pull/1918
• Don't completely silently ignore non-OCI manifests in OCI layouts by @​mtrmac in https://github.com/containers/image/pull/1922
• fix(deps): update module github.com/klauspost/compress to v1.16.5 by @​renovate in https://github.com/containers/image/pull/1925
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.4.0 by @​renovate in https://github.com/containers/image/pull/1924
• fix(deps): update module github.com/docker/docker to v23.0.4+incompatible by @​renovate in https://github.com/containers/image/pull/1926
• Simplify the tarball: transport by @​mtrmac in https://github.com/containers/image/pull/1923
• fix(deps): update module github.com/sigstore/sigstore to v1.6.3 by @​renovate in https://github.com/containers/image/pull/1928
• Fix conversion determination when encrypting by @​mtrmac in https://github.com/containers/image/pull/1930
• fix(deps): update golang.org/x/exp digest to 47ecfdc by @​renovate in https://github.com/containers/image/pull/1934
• Update the docker-daemon: client, and docker/docker dependency by @​mtrmac in https://github.com/containers/image/pull/1937
• chore(deps): update dependency containers/automation_images to v20230426 by @​renovate in https://github.com/containers/image/pull/1939
• fix(deps): update module github.com/sylabs/sif/v2 to v2.11.3 by @​renovate in https://github.com/containers/image/pull/1936
• fix(deps): update module github.com/klauspost/pgzip to v1.2.6 by @​renovate in https://github.com/containers/image/pull/1941
• fix(deps): update module golang.org/x/sync to v0.2.0 by @​renovate in https://github.com/containers/image/pull/1942
• fix(deps): update module golang.org/x/term to v0.8.0 by @​renovate in https://github.com/containers/image/pull/1943
• fix(deps): update module github.com/sigstore/fulcio to v1.3.1 by @​renovate in https://github.com/containers/image/pull/1935
• fix(deps): update module github.com/sigstore/rekor to v1.1.1 by @​renovate in https://github.com/containers/image/pull/1940
• fix(deps): update module github.com/sigstore/sigstore to v1.6.4 by @​renovate in https://github.com/containers/image/pull/1945
• Update github.com/opencontainers/image-spec to v1.1.0-rc3 by @​mtrmac in https://github.com/containers/image/pull/1944
• fix(deps): update module golang.org/x/oauth2 to v0.8.0 by @​renovate in https://github.com/containers/image/pull/1949
• fix(deps): update module github.com/docker/docker to v23.0.6+incompatible by @​renovate in https://github.com/containers/image/pull/1931
• fix(deps): update module golang.org/x/crypto to v0.9.0 by @​renovate in https://github.com/containers/image/pull/1950
• Use a pointer receiver for internal/set.Set by @​mtrmac in https://github.com/containers/image/pull/1951
• fix(deps): update module github.com/docker/distribution to v2.8.2+incompatible by @​renovate in https://github.com/containers/image/pull/1955
• fix(deps): update module github.com/sylabs/sif/v2 to v2.11.4 by @​renovate in https://github.com/containers/image/pull/1956
• fix(deps): update module github.com/docker/docker to v24 by @​renovate in https://github.com/containers/image/pull/1958
• fix(deps): update module github.com/sirupsen/logrus to v1.9.2 by @​renovate in https://github.com/containers/image/pull/1957
• chore(deps): update dependency containers/automation_images to v20230517 by @​renovate in https://github.com/containers/image/pull/1959
• fix(deps): update module github.com/stretchr/testify to v1.8.3 by @​renovate in https://github.com/containers/image/pull/1960
• fix(deps): update module github.com/docker/docker to v24.0.1+incompatible by @​renovate in https://github.com/containers/image/pull/1961
• fix(deps): update module github.com/docker/docker to v24.0.2+incompatible by @​renovate in https://github.com/containers/image/pull/1965
• fix(deps): update module github.com/imdario/mergo to v0.3.16 by @​renovate in https://github.com/containers/image/pull/1967
• fix(deps): update module github.com/sigstore/rekor to v1.2.1 by @​renovate in https://github.com/containers/image/pull/1966
• Clean up auth.json documentation by @​mtrmac in https://github.com/containers/image/pull/1964
• fix(deps): update module github.com/stretchr/testify to v1.8.4 by @​renovate in https://github.com/containers/image/pull/1969
• fix(deps): update module github.com/burntsushi/toml to v1.3.0 by @​renovate in https://github.com/containers/image/pull/1970
• fix(deps): update module github.com/sigstore/sigstore to v1.6.5 by @​renovate in https://github.com/containers/image/pull/1971
• manifest: prepare internal EditInstances by @​flouthoc in https://github.com/containers/image/pull/1896
• fix(deps): update github.com/sigstore/rekor digest to 4c81ff2 by @​renovate in https://github.com/containers/image/pull/1974
• fix(deps): update github.com/cyberphone/json-canonicalization digest to 504adb8 by @​renovate in https://github.com/containers/image/pull/1973
• fix(deps): update golang.org/x/exp digest to 2e198f4 by @​renovate in https://github.com/containers/image/pull/1975
• chore(deps): update dependency containers/automation_images to v20230601 by @​renovate in https://github.com/containers/image/pull/1978
• copy/multiple: use more flexible EditInstances instead of UpdateInstances by @​flouthoc in https://github.com/containers/image/pull/1883
• fix(deps): update module github.com/sirupsen/logrus to v1.9.3 by @​renovate in https://github.com/containers/image/pull/1981
• Use x/exp/slices, and other small cleanups by @​mtrmac in https://github.com/containers/image/pull/1977
• copy/multiple: split selection of images to be copied in copyMultipleImages by @​flouthoc in https://github.com/containers/image/pull/1982
• fix(deps): update module github.com/burntsushi/toml to v1.3.1 by @​renovate in https://github.com/containers/image/pull/1984
• fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.3 by @​renovate in https://github.com/containers/image/pull/1985
• fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.4 by @​renovate in https://github.com/containers/image/pull/1986
• Don't claim that libostree is required by default. by @​mtrmac in https://github.com/containers/image/pull/1989
• fix(deps): update module github.com/burntsushi/toml to v1.3.2 by @​renovate in https://github.com/containers/image/pull/1990
• fix(deps): update module github.com/go-openapi/swag to v0.22.4 by @​renovate in https://github.com/containers/image/pull/1991
• fix(deps): update module golang.org/x/term to v0.9.0 by @​renovate in https://github.com/containers/image/pull/1993
• Stop having an opinion on TLS version by @​mtrmac in https://github.com/containers/image/pull/1963
• fix(deps): update module github.com/klauspost/compress to v1.16.6 by @​renovate in https://github.com/containers/image/pull/1994
• fix(deps): update module golang.org/x/crypto to v0.10.0 by @​renovate in https://github.com/containers/image/pull/1995
• fix(deps): update module github.com/sylabs/sif/v2 to v2.11.5 by @​renovate in https://github.com/containers/image/pull/1997
• fix(deps): update module golang.org/x/oauth2 to v0.9.0 by @​renovate in https://github.com/containers/image/pull/1996
• fix(deps): update module golang.org/x/sync to v0.3.0 by @​renovate in https://github.com/containers/image/pull/1999
• chore(deps): update dependency containers/automation_images to v20230614 by @​renovate in https://github.com/containers/image/pull/2000
• Don't store signatures if there is none of them by @​mike-sul in https://github.com/containers/image/pull/2001
• fix(deps): update module github.com/sigstore/sigstore to v1.7.0 by @​renovate in https://github.com/containers/image/pull/2002
• fix(deps): update module github.com/imdario/mergo to v1 by @​mtrmac in https://github.com/containers/image/pull/2006
• Clarify how oci and oci-archive parse colons by @​mtrmac in https://github.com/containers/image/pull/2007
• fix(deps): update module github.com/sigstore/sigstore to v1.7.1 by @​renovate in https://github.com/containers/image/pull/2008
• fix(deps): update module github.com/containers/storage to v1.47.0 by @​renovate in https://github.com/containers/image/pull/2011
• list,oci_index: automatically add inbuilt annotations on add by @​flouthoc in https://github.com/containers/image/pull/1992

New Contributors

• @​mike-sul made their first contribution in https://github.com/containers/image/pull/2001

Full Changelog: containers/image@v5.25.0...v5.26.0

v5.25.0

Compare Source

What's Changed

• Release v5.24.0 by @​mtrmac in https://github.com/containers/image/pull/1814
• fix(deps): update module github.com/theupdateframework/go-tuf to v0.5.2 by @​renovate in https://github.com/containers/image/pull/1815

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -d -t ./...
go: downloading github.com/mattn/go-colorable v0.1.13
go: downloading github.com/spf13/cobra v1.7.0
go: downloading github.com/spf13/viper v1.17.0
go: downloading gopkg.in/yaml.v2 v2.4.0
go: downloading k8s.io/apimachinery v0.17.0
go: downloading github.com/otiai10/copy v1.14.0
go: downloading k8s.io/api v0.26.5
go: downloading github.com/Masterminds/semver/v3 v3.2.1
go: downloading sigs.k8s.io/yaml v1.3.0
go: downloading github.com/Masterminds/semver v1.5.0
go: downloading github.com/containers/image/v5 v5.29.3
go: downloading golang.org/x/net v0.18.0
go: downloading k8s.io/apiextensions-apiserver v0.26.5
go: downloading github.com/mattn/go-isatty v0.0.17
go: downloading github.com/fsnotify/fsnotify v1.6.0
go: downloading github.com/mitchellh/mapstructure v1.5.0
go: downloading github.com/sagikazarmark/locafero v0.3.0
go: downloading github.com/sagikazarmark/slog-shim v0.1.0
go: downloading github.com/spf13/afero v1.10.0
go: downloading github.com/spf13/cast v1.5.1
go: downloading github.com/inconshreveable/mousetrap v1.1.0
go: downloading golang.org/x/sync v0.5.0
go: downloading github.com/gogo/protobuf v1.3.2
go: downloading github.com/google/gofuzz v1.2.0
go: downloading github.com/imdario/mergo v0.3.13
go: downloading golang.org/x/crypto v0.15.0
go: downloading github.com/evanphx/json-patch v4.12.0+incompatible
go: downloading github.com/containers/ocicrypt v1.1.9
go: downloading github.com/opencontainers/go-digest v1.0.0
go: downloading github.com/opencontainers/image-spec v1.1.0-rc5
go: downloading github.com/sirupsen/logrus v1.9.3
go: downloading github.com/vbauerster/mpb/v8 v8.6.2
go: downloading golang.org/x/exp v0.0.0-20231006140011-7918f672742d
go: downloading golang.org/x/term v0.14.0
go: downloading github.com/containers/storage v1.51.0
go: downloading github.com/proglottis/gpgme v0.1.3
go: downloading github.com/sigstore/fulcio v1.4.3
go: downloading github.com/sigstore/sigstore v1.7.5
go: downloading github.com/gobuffalo/envy v1.10.1
go: downloading github.com/gobuffalo/packd v1.0.1
go: downloading golang.org/x/oauth2 v0.14.0
go: downloading github.com/sourcegraph/conc v0.3.0
go: downloading github.com/subosito/gotenv v1.6.0
go: downloading gopkg.in/ini.v1 v1.67.0
go: downloading github.com/magiconair/properties v1.8.7
go: downloading github.com/pelletier/go-toml/v2 v2.1.0
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading golang.org/x/text v0.14.0
go: downloading github.com/pelletier/go-toml v1.9.5
go: downloading github.com/golang/protobuf v1.5.3
go: downloading github.com/googleapis/gnostic v0.5.5
go: downloading golang.org/x/time v0.3.0
go: downloading k8s.io/utils v0.0.0-20230505201702-9f6742963106
go: downloading github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
go: downloading github.com/sergi/go-diff v1.3.1
go: downloading k8s.io/kube-openapi v0.0.0-20230303024457-afdc3dddf62d
go: downloading github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01
go: downloading github.com/klauspost/compress v1.17.3
go: downloading github.com/klauspost/pgzip v1.2.6
go: downloading github.com/ulikunitz/xz v0.5.11
go: downloading github.com/secure-systems-lab/go-securesystemslib v0.7.0
go: downloading github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
go: downloading github.com/mattn/go-runewidth v0.0.15
go: downloading github.com/VividCortex/ewma v1.2.0
go: downloading github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46
go: downloading github.com/sigstore/rekor v1.2.2
go: downloading github.com/docker/distribution v2.8.3+incompatible
go: downloading github.com/letsencrypt/boulder v0.0.0-20230213213521-fdfea0d469b6
go: downloading dario.cat/mergo v1.0.0
go: downloading github.com/opencontainers/selinux v1.11.0
go: downloading github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f
go: downloading github.com/vbatts/tar-split v0.11.5
go: downloading github.com/sylabs/sif/v2 v2.15.0
go: downloading github.com/joho/godotenv v1.4.0
go: downloading github.com/rogpeppe/go-internal v1.10.0
go: downloading github.com/gobuffalo/logger v1.0.6
go: downloading github.com/mholt/archiver/v3 v3.5.1
go: downloading k8s.io/component-base v0.26.5
go: downloading gopkg.in/square/go-jose.v2 v2.6.0
go: downloading cloud.google.com/go/compute/metadata v0.2.3
go: downloading cloud.google.com/go/compute v1.23.0
go: downloading cloud.google.com/go v0.110.7
go: downloading google.golang.org/appengine v1.6.8
go: downloading google.golang.org/protobuf v1.31.0
go: downloading github.com/json-iterator/go v1.1.12
go: downloading github.com/modern-go/reflect2 v1.0.2
go: downloading github.com/go-openapi/spec v0.20.9
go: downloading github.com/hashicorp/go-cleanhttp v0.5.2
go: downloading github.com/hashicorp/go-version v1.2.1
go: downloading github.com/mitchellh/go-testing-interface v1.14.1
go: downloading github.com/mattn/go-sqlite3 v1.14.18
go: downloading github.com/google/gnostic v0.6.9
go: downloading github.com/google/go-containerregistry v0.16.1
go: downloading github.com/go-jose/go-jose/v3 v3.0.1
go: downloading google.golang.org/grpc v1.58.3
go: downloading go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352
go: downloading github.com/miekg/pkcs11 v1.1.1
go: downloading github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980
go: downloading github.com/rivo/uniseg v0.4.4
go: downloading github.com/go-openapi/errors v0.20.4
go: downloading github.com/go-openapi/runtime v0.26.0
go: downloading github.com/go-openapi/strfmt v0.21.7
go: downloading github.com/go-openapi/swag v0.22.4
go: downloading github.com/go-openapi/validate v0.22.1
go: downloading github.com/docker/docker-credential-helpers v0.8.0
go: downloading github.com/hashicorp/go-multierror v1.1.1
go: downloading github.com/BurntSushi/toml v1.3.2
go: downloading github.com/distribution/reference v0.5.0
go: downloading github.com/gorilla/mux v1.8.0
go: downloading github.com/opencontainers/runtime-spec v1.1.0
go: downloading github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
go: downloading github.com/google/uuid v1.3.1
go: downloading github.com/google/go-intervals v0.0.2
go: downloading github.com/opencontainers/runc v1.1.10
go: downloading github.com/containerd/stargz-snapshotter/estargz v0.15.1
go: downloading github.com/cyphar/filepath-securejoin v0.2.4
go: downloading github.com/andybalholm/brotli v1.0.4
go: downloading github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5
go: downloading github.com/golang/snappy v0.0.4
go: downloading github.com/nwaples/rardecode v1.1.0
go: downloading github.com/pierrec/lz4/v4 v4.1.15
go: downloading github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79
go: downloading github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399
go: downloading github.com/russross/blackfriday v1.6.0
go: downloading github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1
go: downloading go.uber.org/multierr v1.11.0
go: downloading github.com/emicklei/go-restful/v3 v3.10.1
go: downloading github.com/go-openapi/jsonpointer v0.19.6
go: downloading github.com/go-openapi/jsonreference v0.20.2
go: downloading github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
go: downloading github.com/oklog/ulid v1.3.1
go: downloading go.mongodb.org/mongo-driver v1.11.3
go: downloading github.com/mailru/easyjson v0.7.7
go: downloading github.com/go-openapi/analysis v0.21.4
go: downloading github.com/go-openapi/loads v0.21.2
go: downloading github.com/hashicorp/errwrap v1.1.0
go: downloading github.com/docker/go-units v0.5.0
go: downloading github.com/containerd/containerd v1.7.0
go: downloading github.com/Microsoft/go-winio v0.6.1
go: downloading github.com/moby/sys/mountinfo v0.7.1
go: downloading github.com/tchap/go-patricia/v2 v2.3.1
go: downloading github.com/tchap/go-patricia v2.2.6+incompatible
go: downloading github.com/google/btree v1.1.2
go: downloading gopkg.in/go-jose/go-jose.v2 v2.6.1
go: downloading github.com/Masterminds/sprig/v3 v3.2.3
go: downloading github.com/Masterminds/sprig v2.22.0+incompatible
go: downloading github.com/gofrs/flock v0.8.1
go: downloading k8s.io/klog/v2 v2.100.1
go: downloading github.com/google/go-cmp v0.6.0
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13
go: downloading google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb
go: downloading github.com/pierrec/lz4 v2.6.1+incompatible
go: downloading github.com/josharian/intern v1.0.0
go: downloading golang.org/x/tools v0.14.0
go: downloading github.com/Microsoft/hcsshim v0.12.0-rc.1
go: downloading github.com/mistifyio/go-zfs/v3 v3.0.1
go: downloading github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible
go: downloading github.com/Masterminds/goutils v1.1.1
go: downloading github.com/huandu/xstrings v1.3.3
go: downloading github.com/mitchellh/copystructure v1.2.0
go: downloading github.com/shopspring/decimal v1.2.0
go: downloading github.com/fatih/color v1.15.0
go: downloading github.com/xeipuuv/gojsonschema v1.2.0
go: downloading github.com/go-logr/logr v1.2.4
go: downloading github.com/mattn/go-shellwords v1.0.12
go: downloading github.com/mitchellh/reflectwalk v1.0.2
go: downloading github.com/docker/cli v24.0.7+incompatible
go: downloading github.com/aws/aws-sdk-go v1.45.20
go: downloading github.com/ugorji/go/codec v1.2.7
go: downloading gocloud.dev v0.30.0
go: downloading github.com/ugorji/go v1.2.7
go: downloading go.opencensus.io v0.24.0
go: downloading github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1
go: downloading github.com/moby/locker v1.0.1
go: downloading github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb
go: downloading github.com/hashicorp/golang-lru v1.0.2
go: downloading github.com/hashicorp/vault/api v1.9.2
go: downloading github.com/hashicorp/consul/api v1.25.1
go: downloading cloud.google.com/go/iam v1.1.1
go: downloading cloud.google.com/go/storage v1.30.1
go: downloading github.com/google/wire v0.5.0
go: downloading github.com/googleapis/gax-go/v2 v2.12.0
go: downloading github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70
go: downloading github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0
go: downloading github.com/aws/aws-sdk-go-v2 v1.21.0
go: downloading google.golang.org/api v0.146.0
go: downloading github.com/aws/smithy-go v1.14.2
go: downloading golang.org/x/mod v0.13.0
go: downloading github.com/containerd/cgroups/v3 v3.0.2
go: downloading go.opentelemetry.io/otel v1.16.0
go: downloading github.com/containerd/cgroups v1.1.0
go: downloading go.opentelemetry.io/otel/trace v1.16.0
go: downloading github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
go: downloading github.com/jmespath/go-jmespath v0.4.0
go: downloading github.com/cenkalti/backoff/v3 v3.2.2
go: downloading github.com/cenkalti/backoff v2.2.1+incompatible
go: downloading github.com/hashicorp/go-retryablehttp v0.7.5
go: downloading github.com/hashicorp/go-rootcerts v1.0.2
go: downloading github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7
go: downloading github.com/hashicorp/go-secure-stdlib/strutil v0.1.2
go: downloading golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2
go: downloading github.com/hashicorp/go-hclog v1.5.0
go: downloading github.com/hashicorp/serf v0.10.1
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb
go: downloading github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10
go: downloading github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41
go: downloading github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26
go: downloading github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11
go: downloading github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29
go: downloading github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35
go: downloading github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3
go: downloading github.com/aws/aws-sdk-go-v2/config v1.18.37
go: downloading go.opentelemetry.io/otel/metric v1.16.0
go: downloading github.com/armon/go-metrics v0.4.1
go: downloading github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35
go: downloading github.com/google/s2a-go v0.1.7
go: downloading github.com/go-logr/stdr v1.2.2
go: downloading github.com/containerd/continuity v0.4.1
go: downloading github.com/googleapis/enterprise-certificate-proxy v0.3.1
go: downloading github.com/hashicorp/go-immutable-radix v1.3.1
go: downloading github.com/aws/aws-sdk-go-v2/credentials v1.13.35
go: downloading github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11
go: downloading github.com/aws/aws-sdk-go-v2/internal/ini v1.3.42
go: downloading github.com/aws/aws-sdk-go-v2/service/sso v1.13.5
go: downloading github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.5
go: downloading github.com/aws/aws-sdk-go-v2/service/sts v1.21.5
go: downloading github.com/prometheus/client_golang v1.17.0
go: downloading github.com/cespare/xxhash/v2 v2.2.0
go: downloading github.com/prometheus/client_model v0.5.0
go: downloading github.com/prometheus/common v0.44.0
go: downloading github.com/cespare/xxhash v1.1.0
go: downloading github.com/prometheus/procfs v0.11.1
go: downloading github.com/matttproud/golang_protobuf_extensions v1.0.4
go: downloading github.com/googleapis/gnostic v0.7.0
go: downloading k8s.io/api v0.30.3
go: github.com/qlik-oss/sense-installer/pkg/api imports
	k8s.io/client-go/kubernetes imports
	k8s.io/client-go/discovery imports
	github.com/googleapis/gnostic/OpenAPIv2: cannot find module providing package github.com/googleapis/gnostic/OpenAPIv2
go: github.com/qlik-oss/sense-installer/pkg/api imports
	k8s.io/client-go/kubernetes imports
	k8s.io/client-go/kubernetes/typed/auditregistration/v1alpha1 imports
	k8s.io/api/auditregistration/v1alpha1: cannot find module providing package k8s.io/api/auditregistration/v1alpha1
go: github.com/qlik-oss/sense-installer/pkg/api imports
	k8s.io/client-go/kubernetes imports
	k8s.io/client-go/kubernetes/typed/batch/v2alpha1 imports
	k8s.io/api/batch/v2alpha1: cannot find module providing package k8s.io/api/batch/v2alpha1
go: github.com/qlik-oss/sense-installer/pkg/api imports
	k8s.io/client-go/kubernetes imports
	k8s.io/client-go/kubernetes/typed/discovery/v1alpha1 imports
	k8s.io/api/discovery/v1alpha1: cannot find module providing package k8s.io/api/discovery/v1alpha1
go: github.com/qlik-oss/sense-installer/pkg/api imports
	k8s.io/client-go/kubernetes imports
	k8s.io/client-go/kubernetes/typed/settings/v1alpha1 imports
	k8s.io/api/settings/v1alpha1: cannot find module providing package k8s.io/api/settings/v1alpha1
go: github.com/qlik-oss/sense-installer/pkg/qliksense imports
	sigs.k8s.io/kustomize/api/krusty imports
	sigs.k8s.io/kustomize/api/internal/plugins/loader imports
	sigs.k8s.io/kustomize/api/internal/plugins/builtinhelpers imports
	sigs.k8s.io/kustomize/api/builtins_qlik imports
	helm.sh/helm/v3/pkg/action imports
	helm.sh/helm/v3/internal/experimental/registry imports
	github.com/deislabs/oras/pkg/auth/docker imports
	github.com/docker/cli/cli/config/credentials imports
	golang.org/x/sys/execabs: cannot find module providing package golang.org/x/sys/execabs