go-containerregistry/go-containerregistry.changes

-------------------------------------------------------------------
Sat Nov 22 14:18:36 UTC 2025 - Dirk Müller <dmueller@suse.com>

- set version

-------------------------------------------------------------------
Mon Sep 29 10:06:16 UTC 2025 - Dirk Müller <dmueller@suse.com>

- update to 0.20.6:
  * Ensure that tag name is not empty if name contains colon
  * Bump some deps
- update to 0.20.5:
  * build(deps): bump docker/docker to v28.0.0+incompatible
  * Migrate linter to v2
  * bump go version + bump deps
  * implement TextMarshaler/JSONMarshaler more consistently
  * Update CodeQL permissions
  * Update goreleaser permissions
  * Update provenance action in release
  * Update validator action
- drop CVE-2025-22868.patch (merged upstream)

-------------------------------------------------------------------
Mon Mar 17 21:11:46 UTC 2025 - Dirk Müller <dmueller@suse.com>

- add CVE-2025-22868.patch (bsc#1239277, CVE-2025-22868)

-------------------------------------------------------------------
Fri Mar 14 09:53:13 UTC 2025 - Dirk Müller <dmueller@suse.com>

- update to 0.20.3:
  * remote/transport: Make bearer transport go-routine-safe
  * Expose compare package
  * fix: redact.URL uses (*URL).Redacted to omit basic-auth
    password
  * bump actions to latest
  * don't pin chainguard-dev/actions
  * Check for 406 status code when handling referrers API
    endpoint response
  * mutate: Create a defensive annotations copy
  * Detect zstd in crane append
  * bump deps using hack/bump-deps.sh
- update to 0.20.2:
  * deps: bump docker dep

-------------------------------------------------------------------
Thu Jul 18 08:46:33 UTC 2024 - Dirk Müller <dmueller@suse.com>

- update to 0.20.1:
  * Create `remote.Push`
- update to 0.20.0:
  * Referrer API must return correct Content-Type
  * POTENTIALLY BREAKING: Restore blind-write to remote.Put
- update to 0.19.2:
  * Add JSON marshalling funcs for Digest.
  * registry: Implement Range requests for blobs
  * Support podman auth file REGISTRY_AUTH_FILE.
  * feat: crane mutate platform
  * Add Context support to auth methods
  * Fix windows race condition when writing image with duplicate
    layers
  * Add -O shorthand for --omit-digest-tags to crane.
- update to 0.19.1:
  * Bump golang.org/x/net from 0.10.0 to 0.17.0 in
    /pkg/authn/k8schain
  * Bump golang.org/x/ packages
- update to 0.19.0:
  * Work around docker v25 tarballs
- update to 0.18.0:
  * fix: goreleaser config
  * Always print pushed digest in crane push

-------------------------------------------------------------------
Fri May 31 08:04:54 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>

- add completion subpackages (bash, fish, zsh)

-------------------------------------------------------------------
Wed Dec 27 21:21:47 UTC 2023 - Dirk Müller <dmueller@suse.com>

- update to 0.17.0:
  * Validate index architectures match children
  * Set Content-Length for blob uploads
  * Don't wrap DefaultKeychain with refreshes
  * Build releases with Go 1.21
  * fix: mimic oci-layout in diskblobhandler
  * tag: add command explanation to the long help
  * feat: implement gc command
  * feat: allow port and disk path to be overriden

-------------------------------------------------------------------
Sat Nov 25 19:39:18 UTC 2023 - Dirk Müller <dmueller@suse.com>

- update to 0.16.1:
  * bump deps using ./hack/bump-deps.sh
  * Allow crane to export schema 1 images
  * fixed a goroutine leak
  * retry HTTP 522 errors by default
  * Limit size of manifest
  * Add crane auth token
  * Bump codecov/codecov-action from 3.1.3 to 3.1.4
  * Pass scopes through crane auth token
  * fix: add bounds checking to addendum layer mutations to
    prevent panic
  * Surface better error messages in crane index
  * crane: add missing name option in crane index commands
  * crane: Respect cmd.OutOrStdout
  * Make ErrSchema1 checkable via errors.Is()
  * Don't load into daemon if the image already exists
  * add --blobs-to-disk to 'crane registry serve'
  * Correct crane registry help text
  * Allow concurrent blob Sets, use RWMutex
  * Use RWLock, limit scope of locking, write digest first
  * Let the filesystem handle atomicity
  * Don't try cross-origin mounting against dockerhub
  * Drop localhost to support crane registry serve in a container
  * Return OCI Index content-type for referrers response
  * Allow crane edit to generate non-image artifacts
  * Allow setting Content-Type in crane edit manifest
  * Avoid v1.Manifest in crane edit config (#1583)
  * Support for OCI 1.1+ referrers via API (#1546)
  * Support for OCI 1.1+ referrers via fallback tag
  * Update descriptor "data" field (when valid) during
    "crane edit config" (#1584)
  * Update release.yml (#1540)
  * authn: also read mount secrets (#1560)
  * bump deps using ./hack/bump-deps.sh (#1592)
  * crane: add --flatten for index append (#1566)
  * crane: add serve subcommand (#1586)
  * crane: support --omit-digest-tags in crane ls
  * fix(mutate): also set timestamps only present in
    some formats (#1550)
  * fix: Fix the crane release url and add more steps
  * hash: use generic instantiation (#1538)
  * replace manual slsa-verifier installation with
    action (#1585)
  * skip tls verification if default transport is used
    with insecure option (#1559)
  * tarball: pass imageToTags (#1563)

-------------------------------------------------------------------
Mon Jan  2 22:05:28 UTC 2023 - Dirk Müller <dmueller@suse.com>

- update to 0.12.1:
  * Fix context.DeadlineExceeded comparison (#1488)
  * Fix missing body.Close() in bearer auth (#1482)
  * bump version of slsa generator (#1468)
  * crane: add catalog argument use annotation (#1473)
  * k8schain: Log and proceed if secret or SA are not found

-------------------------------------------------------------------
Tue Dec 13 11:01:42 UTC 2022 - Dirk Müller <dmueller@suse.com>

- avoid file conflict on SLE15 and other older distributions

-------------------------------------------------------------------
Fri Oct 21 08:01:59 UTC 2022 - Dirk Müller <dmueller@suse.com>

- Initial package