This repository was archived by the owner on Apr 19, 2024. It is now read-only.
Merge upstream conflicts #11
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a small regression introduced in #4349. Specifically, if the certificate chain verification succeeds we should return immediately instead of following up with further token verification checks. This commit fixes that: we only follow up with further token verifications if x5c header is missing. We've also refactored this method so it's hopefully clearer. Co-authored-by: Kyle Squizzato <ksquizz@gmail.com> Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
Signed-off-by: Liang Zheng <zhengliang0901@gmail.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.12 to 3.25.15. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v2.22.12...v3.25.15) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.5. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.3.0...v4.3.5) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.5 to 4.3.6. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.3.5...v4.3.6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.15 to 3.26.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v3.25.15...v3.26.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.0 to 3.26.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v3.26.0...v3.26.2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
#4146 introduced a new rewrite storage middleware but somehow missed to update the init logging message. This commit fixes that. Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
This change allows users to run the registry as a pull-through cache that can use a credential helper to authenticate against the upstream registry. Signed-off-by: Chun-Hung Hsiao <chhsiao@google.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.2 to 3.26.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v3.26.2...v3.26.3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matheus Macabu <macabu.matheus@gmail.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.3 to 3.26.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v3.26.3...v3.26.5) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
The latest golangci-lint spits out some govet issues. This commit fixes them. We are also bumping the linter version. Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
https://www.docker.com/blog/new-docker-compose-v2-and-v1-deprecation/ Signed-off-by: Tibor <tiborcasteleijn@gmail.com>
The manifest Exists() client call issued a HEAD without any Accept headers. Some OCI-focused registries require an explicit Accept for manifest content negotiation, causing HEAD to fail (404/406) even when the manifest exists. The Get() path already sets Accept; Exists() did not. This change adds all supported manifest media types from distribution.ManifestMediaTypes() as Accept headers to the Exists() HEAD request, aligning behavior with Get() and improving OCI interoperability. Tests: - Regression: Exists() returns true when Accept is present and false when stripped (negative path), mirroring real-world behavior. Risk/compatibility: - Low. Registries that ignore Accept on HEAD continue to work. - Redirect handling is unchanged; existing CheckRedirect preserves Accept. Signed-off-by: Artem Tkachuk <artemtkachuk@yahoo.com>
Signed-off-by: Artem Tkachuk <artemtkachuk@yahoo.com>
The `TestGracefulShutdown` test was failing intermittently, especially with stricter HTTP handling in newer Go versions (e.g., 1.25). This was caused by sending an incomplete HTTP request in two separate writes, creating a race condition where the server could shut down before receiving the full request. This commit fixes the test's flakiness by sending a single, complete, and valid HTTP/1.1 request before triggering the shutdown. This ensures the test accurately verifies the intended behavior: that a valid, in-flight request is fully processed while new connections are rejected. Fixes:#4696 Signed-off-by: Sumedh Vats <sumedhvats2004@gmail.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.30.8 to 4.30.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v4.30.8...v4.30.9) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.30.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
The log message "Challenge established with upstream" was using an incorrect format specifier (%s) when logging the challenge structs, causing garbled output. This commit updates the format specifier to %+v and removes the unnecessary challenge manager log. URLs are now Redacted() to prevent leaking credentials. Fixes: #4697 Co-authored-by: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com> Signed-off-by: Sumedh Vats <sumedhvats2004@gmail.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.30.9 to 4.31.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v4.30.9...v4.31.3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: efcking <efcking@outlook.com>
Signed-off-by: Dave Pedu <dave@davepedu.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.1 to 6.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v5.0.1...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: tranthang2404 <tranthang.mda@gmail.com>
Since version 3.0.0, the response completed log line is no longer present for HEAD requests to manifests that return 200. The regression is caused by the implicit handling of manifest HEAD responses that bypass the logging middleware when returning from `GetManifest`. This change ensures that the logging middleware handles responses for manifest HEAD requests by explicitly writing `StatusOK` into the response header before returning from `GetManifest`. Closes: #4733 Signed-off-by: Thomas Cuthbert <tom.cuthbert@elastic.co>
Signed-off-by: Raghav Mahajan <rmahajan@palantir.com>
Signed-off-by: Raghav Mahajan <rmahajan@palantir.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.