chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-alpha.1 to 3.0.0-rc.1 #553

dependabot · 2024-11-10T15:32:39Z

Bumps github.com/distribution/distribution/v3 from 3.0.0-alpha.1 to 3.0.0-rc.1.

Release notes

Sourced from github.com/distribution/distribution/v3's releases.

v3.0.0-rc.1

Welcome to the v3.0.0-rc.1 release of registry!

This is the the first release candidate of registry!

See the changelog below for full list of changes.

Deprecated

ManifestBuilder interface 3886

Versioned in favor of oci.Versioned 3887

Notable Changes

Attempt HeadObject on Stat call first before failing over to List in S3 driver 4401

Use a consistent multipart chunk size in S3 driver 4424

Build artifacts and images for linux/riscv64 4444

Fix token verification chain in auth 4415

Support custom exec-based credential helper in proxy mode distribution/distribution#4438

What's Changed

vendor: github.com/opencontainers/image-spec v1.1.0 by @thaJeztah in distribution/distribution#3889

Descriptor: do not implement Describable interface by @thaJeztah in distribution/distribution#3886

S3 driver: Attempt HeadObject on Stat first, fail over to List by @milosgajdos in distribution/distribution#4401

manifest: slight cleanup of init / registration by @thaJeztah in distribution/distribution#4403

ci:bump Go version by @milosgajdos in distribution/distribution#4402

deprecate Versioned in favor of oci.Versioned by @thaJeztah in distribution/distribution#3887

fix logic for handling regionEndpoint by @Ankurk99 in distribution/distribution#4341

fix nil pointer in s3 list api by @jkroepke in distribution/distribution#4412

build(deps): bump softprops/action-gh-release from 1 to 2 by @dependabot in distribution/distribution#4407

build(deps): bump docker/bake-action from 4 to 5 by @dependabot in distribution/distribution#4410

build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in distribution/distribution#4416

chore: fix typos returned in some errors by @milosgajdos in distribution/distribution#4414

auth: fix token verification chain by @milosgajdos in distribution/distribution#4415

build(deps): bump github/codeql-action from 2.22.12 to 3.25.15 by @dependabot in distribution/distribution#4426

build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @dependabot in distribution/distribution#4422

build(deps): bump actions/configure-pages from 4 to 5 by @dependabot in distribution/distribution#4409

fix: skip removing layer's link file when '--dry-run' option specified by @microyahoo in distribution/distribution#4425

build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.5 by @dependabot in distribution/distribution#4428

Use x.y.0 format for the go module version by @ialidzhikov in distribution/distribution#4423

build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by @dependabot in distribution/distribution#4430

build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by @dependabot in distribution/distribution#4431

build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by @dependabot in distribution/distribution#4434

chore: fix typo in rewrite storage middleware init by @milosgajdos in distribution/distribution#4435

build(deps): bump github/codeql-action from 3.26.2 to 3.26.3 by @dependabot in distribution/distribution#4441

Build artifacts and images for linux/riscv64 by @macabu in distribution/distribution#4444

build(deps): bump github/codeql-action from 3.26.3 to 3.26.5 by @dependabot in distribution/distribution#4446

chore: bump golangci-lint and fix govet issues by @milosgajdos in distribution/distribution#4454

Remove deprecated version field by @tiborrr in distribution/distribution#4459

Add a note regarding redirects to pre-signed URLs by @Felixoid in distribution/distribution#4466

... (truncated)

Commits

3ddd142 Prep for v3-rc.1 release (#4502)
4118c80 Prep for v3-rc.1 release
d67b46a Bump dependencies (#4498)
f7236ab feat: support custom exec-based credential helper in proxy mode (#4438)
099201a fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size (#...
3ac2285 Bump otel dependencies
bd52394 Update lint.Dockerfile
85e99bc docs: update hugo and theme versions (#4499)
da2f24e docs: update hugo and theme versions
5ee5aaa fix(registry/storage/driver/s3-aws): use a consistent multipart chunk size
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.0.0-alpha.1 to 3.0.0-rc.1. - [Release notes](https://github.com/distribution/distribution/releases) - [Commits](distribution/distribution@v3.0.0-alpha.1...v3.0.0-rc.1) --- updated-dependencies: - dependency-name: github.com/distribution/distribution/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2024-11-10T15:33:59Z

Mend Scan Summary: ❌

Repository: open-component-model/ocm-controller

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	4
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	0
LICENSE RISK HIGH	9
RESTRICTED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report
Mend UI

dependabot bot requested a review from a team as a code owner November 10, 2024 15:32

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Nov 10, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-alpha.1 to 3.0.0-rc.1 #553

chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-alpha.1 to 3.0.0-rc.1 #553

dependabot bot commented on behalf of github Nov 10, 2024

github-actions bot commented Nov 10, 2024

chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-alpha.1 to 3.0.0-rc.1 #553

Are you sure you want to change the base?

chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0-alpha.1 to 3.0.0-rc.1 #553

Conversation

dependabot bot commented on behalf of github Nov 10, 2024

v3.0.0-rc.1

Deprecated

Notable Changes

What's Changed

github-actions bot commented Nov 10, 2024

Mend Scan Summary: ❌

Repository: open-component-model/ocm-controller