diff --git a/.common-ci.yml b/.common-ci.yml index 86ffca2f0..f9d651fc3 100644 --- a/.common-ci.yml +++ b/.common-ci.yml @@ -137,7 +137,7 @@ trigger-pipeline: # Download the regctl binary for use in the release steps .regctl-setup: before_script: - - export REGCTL_VERSION=v0.11.1 + - export REGCTL_VERSION=v0.11.2 - apk add --no-cache curl - mkdir -p bin - curl -sSLo bin/regctl https://github.com/regclient/regclient/releases/download/${REGCTL_VERSION}/regctl-linux-amd64 diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0f1dcc19d..9092544b1 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -409,7 +409,7 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@148669fe4b19151fcab6e00c6df2db43b9e2b097 with: - release: v0.11.1 + release: v0.11.2 - name: Set environment variables id: vars run: | diff --git a/go.mod b/go.mod index f5d522026..1d299fa39 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/operator-framework/api v0.39.0 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.89.0 github.com/prometheus/client_golang v1.23.2 - github.com/regclient/regclient v0.11.1 + github.com/regclient/regclient v0.11.2 github.com/sirupsen/logrus v1.9.4 github.com/stretchr/testify v1.11.1 github.com/urfave/cli/v3 v3.6.2 @@ -79,7 +79,7 @@ require ( github.com/huandu/xstrings v1.5.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.18.2 // indirect + github.com/klauspost/compress v1.18.4 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect @@ -113,7 +113,7 @@ require ( golang.org/x/oauth2 v0.34.0 // indirect golang.org/x/sync v0.19.0 // indirect golang.org/x/sys v0.41.0 // indirect - golang.org/x/term v0.39.0 // indirect + golang.org/x/term v0.40.0 // indirect golang.org/x/text v0.33.0 // indirect golang.org/x/time v0.14.0 // indirect golang.org/x/tools v0.41.0 // indirect diff --git a/go.sum b/go.sum index a6c925896..271c0411c 100644 --- a/go.sum +++ b/go.sum @@ -101,8 +101,8 @@ github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6 github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/goccy/go-yaml v1.19.0 h1:EmkZ9RIsX+Uq4DYFowegAuJo8+xdX3T/2dwNPXbxEYE= -github.com/goccy/go-yaml v1.19.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= +github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM= +github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg= @@ -130,8 +130,8 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk= -github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= +github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c= +github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -195,8 +195,8 @@ github.com/prometheus/common v0.67.5 h1:pIgK94WWlQt1WLwAC5j2ynLaBRDiinoAb86HZHTU github.com/prometheus/common v0.67.5/go.mod h1:SjE/0MzDEEAyrdr5Gqc6G+sXI67maCxzaT3A2+HqjUw= github.com/prometheus/procfs v0.19.2 h1:zUMhqEW66Ex7OXIiDkll3tl9a1ZdilUOd/F6ZXw4Vws= github.com/prometheus/procfs v0.19.2/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw= -github.com/regclient/regclient v0.11.1 h1:MtxUaEVh2bgBzAX9wqH71cB4NWom4EdZ/31Z9f7ZwCU= -github.com/regclient/regclient v0.11.1/go.mod h1:4Wu8lxr/v0QzrIId6cJj/2BH8gP3dUHes37lZJP0J90= +github.com/regclient/regclient v0.11.2 h1:BMBxbXpJkia8CPnGTbJoQnt980NDh9dKNFxX57ah1/Q= +github.com/regclient/regclient v0.11.2/go.mod h1:AWbO1F0DJGP7MNlwmDHjYbgOEftZsTB0N0AXT6pN2C4= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= @@ -278,8 +278,8 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY= -golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww= +golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg= +golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE= diff --git a/vendor/github.com/klauspost/compress/README.md b/vendor/github.com/klauspost/compress/README.md index af2ef6395..5125c1f26 100644 --- a/vendor/github.com/klauspost/compress/README.md +++ b/vendor/github.com/klauspost/compress/README.md @@ -7,7 +7,7 @@ This package provides various compression algorithms. * Optimized [deflate](https://godoc.org/github.com/klauspost/compress/flate) packages which can be used as a dropin replacement for [gzip](https://godoc.org/github.com/klauspost/compress/gzip), [zip](https://godoc.org/github.com/klauspost/compress/zip) and [zlib](https://godoc.org/github.com/klauspost/compress/zlib). * [snappy](https://github.com/klauspost/compress/tree/master/snappy) is a drop-in replacement for `github.com/golang/snappy` offering better compression and concurrent streams. * [huff0](https://github.com/klauspost/compress/tree/master/huff0) and [FSE](https://github.com/klauspost/compress/tree/master/fse) implementations for raw entropy encoding. -* [gzhttp](https://github.com/klauspost/compress/tree/master/gzhttp) Provides client and server wrappers for handling gzipped requests efficiently. +* [gzhttp](https://github.com/klauspost/compress/tree/master/gzhttp) Provides client and server wrappers for handling gzipped/zstd HTTP requests efficiently. * [pgzip](https://github.com/klauspost/pgzip) is a separate package that provides a very fast parallel gzip implementation. [![Go Reference](https://pkg.go.dev/badge/klauspost/compress.svg)](https://pkg.go.dev/github.com/klauspost/compress?tab=subdirectories) @@ -26,8 +26,14 @@ This package will support the current Go version and 2 versions back. Use the links above for more information on each. # changelog +* Jan 16th, 2026 [1.18.3](https://github.com/klauspost/compress/releases/tag/v1.18.3) + * Downstream CVE-2025-61728. See [golang/go#77102](https://github.com/golang/go/issues/77102). -* Oct 20, 2025 - [1.18.1](https://github.com/klauspost/compress/releases/tag/v1.18.1) +* Dec 1st, 2025 - [1.18.2](https://github.com/klauspost/compress/releases/tag/v1.18.2) + * flate: Fix invalid encoding on level 9 with single value input in https://github.com/klauspost/compress/pull/1115 + * flate: reduce stateless allocations by @RXamzin in https://github.com/klauspost/compress/pull/1106 + +* Oct 20, 2025 - [1.18.1](https://github.com/klauspost/compress/releases/tag/v1.18.1) - RETRACTED * zstd: Add simple zstd EncodeTo/DecodeTo functions https://github.com/klauspost/compress/pull/1079 * zstd: Fix incorrect buffer size in dictionary encodes https://github.com/klauspost/compress/pull/1059 * s2: check for cap, not len of buffer in EncodeBetter/Best by @vdarulis in https://github.com/klauspost/compress/pull/1080 @@ -603,7 +609,7 @@ While the release has been extensively tested, it is recommended to testing when # deflate usage -The packages are drop-in replacements for standard libraries. Simply replace the import path to use them: +The packages are drop-in replacements for standard library [deflate](https://godoc.org/github.com/klauspost/compress/flate), [gzip](https://godoc.org/github.com/klauspost/compress/gzip), [zip](https://godoc.org/github.com/klauspost/compress/zip), and [zlib](https://godoc.org/github.com/klauspost/compress/zlib). Simply replace the import path to use them: Typical speed is about 2x of the standard library packages. @@ -614,17 +620,15 @@ Typical speed is about 2x of the standard library packages. | `archive/zip` | `github.com/klauspost/compress/zip` | [zip](https://pkg.go.dev/github.com/klauspost/compress/zip?tab=doc) | | `compress/flate` | `github.com/klauspost/compress/flate` | [flate](https://pkg.go.dev/github.com/klauspost/compress/flate?tab=doc) | -* Optimized [deflate](https://godoc.org/github.com/klauspost/compress/flate) packages which can be used as a dropin replacement for [gzip](https://godoc.org/github.com/klauspost/compress/gzip), [zip](https://godoc.org/github.com/klauspost/compress/zip) and [zlib](https://godoc.org/github.com/klauspost/compress/zlib). - -You may also be interested in [pgzip](https://github.com/klauspost/pgzip), which is a drop in replacement for gzip, which support multithreaded compression on big files and the optimized [crc32](https://github.com/klauspost/crc32) package used by these packages. +You may also be interested in [pgzip](https://github.com/klauspost/pgzip), which is a drop-in replacement for gzip, which support multithreaded compression on big files and the optimized [crc32](https://github.com/klauspost/crc32) package used by these packages. -The packages contains the same as the standard library, so you can use the godoc for that: [gzip](http://golang.org/pkg/compress/gzip/), [zip](http://golang.org/pkg/archive/zip/), [zlib](http://golang.org/pkg/compress/zlib/), [flate](http://golang.org/pkg/compress/flate/). +The packages implement the same API as the standard library, so you can use the original godoc documentation: [gzip](http://golang.org/pkg/compress/gzip/), [zip](http://golang.org/pkg/archive/zip/), [zlib](http://golang.org/pkg/compress/zlib/), [flate](http://golang.org/pkg/compress/flate/). Currently there is only minor speedup on decompression (mostly CRC32 calculation). Memory usage is typically 1MB for a Writer. stdlib is in the same range. If you expect to have a lot of concurrently allocated Writers consider using -the stateless compress described below. +the stateless compression described below. For compression performance, see: [this spreadsheet](https://docs.google.com/spreadsheets/d/1nuNE2nPfuINCZJRMt6wFWhKpToF95I47XjSsc-1rbPQ/edit?usp=sharing). @@ -684,3 +688,6 @@ Here are other packages of good quality and pure Go (no cgo wrappers or autoconv This code is licensed under the same conditions as the original Go code. See LICENSE file. + + + diff --git a/vendor/github.com/klauspost/compress/zstd/decoder.go b/vendor/github.com/klauspost/compress/zstd/decoder.go index 30df5513d..c7e500f02 100644 --- a/vendor/github.com/klauspost/compress/zstd/decoder.go +++ b/vendor/github.com/klauspost/compress/zstd/decoder.go @@ -39,9 +39,6 @@ type Decoder struct { frame *frameDec - // Custom dictionaries. - dicts map[uint32]*dict - // streamWg is the waitgroup for all streams streamWg sync.WaitGroup } @@ -101,12 +98,10 @@ func NewReader(r io.Reader, opts ...DOption) (*Decoder, error) { d.current.err = ErrDecoderNilInput } - // Transfer option dicts. - d.dicts = make(map[uint32]*dict, len(d.o.dicts)) - for _, dc := range d.o.dicts { - d.dicts[dc.id] = dc + // Initialize dict map if needed. + if d.o.dicts == nil { + d.o.dicts = make(map[uint32]*dict) } - d.o.dicts = nil // Create decoders d.decoders = make(chan *blockDec, d.o.concurrent) @@ -238,6 +233,21 @@ func (d *Decoder) Reset(r io.Reader) error { return nil } +// ResetWithOptions will reset the decoder and apply the given options +// for the next stream or DecodeAll operation. +// Options are applied on top of the existing options. +// Some options cannot be changed on reset and will return an error. +func (d *Decoder) ResetWithOptions(r io.Reader, opts ...DOption) error { + d.o.resetOpt = true + defer func() { d.o.resetOpt = false }() + for _, o := range opts { + if err := o(&d.o); err != nil { + return err + } + } + return d.Reset(r) +} + // drainOutput will drain the output until errEndOfStream is sent. func (d *Decoder) drainOutput() { if d.current.cancel != nil { @@ -930,7 +940,7 @@ decodeStream: } func (d *Decoder) setDict(frame *frameDec) (err error) { - dict, ok := d.dicts[frame.DictionaryID] + dict, ok := d.o.dicts[frame.DictionaryID] if ok { if debugDecoder { println("setting dict", frame.DictionaryID) diff --git a/vendor/github.com/klauspost/compress/zstd/decoder_options.go b/vendor/github.com/klauspost/compress/zstd/decoder_options.go index 774c5f00f..537627a07 100644 --- a/vendor/github.com/klauspost/compress/zstd/decoder_options.go +++ b/vendor/github.com/klauspost/compress/zstd/decoder_options.go @@ -20,10 +20,11 @@ type decoderOptions struct { concurrent int maxDecodedSize uint64 maxWindowSize uint64 - dicts []*dict + dicts map[uint32]*dict ignoreChecksum bool limitToCap bool decodeBufsBelow int + resetOpt bool } func (o *decoderOptions) setDefault() { @@ -42,8 +43,15 @@ func (o *decoderOptions) setDefault() { // WithDecoderLowmem will set whether to use a lower amount of memory, // but possibly have to allocate more while running. +// Cannot be changed with ResetWithOptions. func WithDecoderLowmem(b bool) DOption { - return func(o *decoderOptions) error { o.lowMem = b; return nil } + return func(o *decoderOptions) error { + if o.resetOpt && b != o.lowMem { + return errors.New("WithDecoderLowmem cannot be changed on Reset") + } + o.lowMem = b + return nil + } } // WithDecoderConcurrency sets the number of created decoders. @@ -53,18 +61,23 @@ func WithDecoderLowmem(b bool) DOption { // inflight blocks. // When decoding streams and setting maximum to 1, // no async decoding will be done. +// The value supplied must be at least 0. // When a value of 0 is provided GOMAXPROCS will be used. // By default this will be set to 4 or GOMAXPROCS, whatever is lower. +// Cannot be changed with ResetWithOptions. func WithDecoderConcurrency(n int) DOption { return func(o *decoderOptions) error { if n < 0 { - return errors.New("concurrency must be at least 1") + return errors.New("concurrency must be at least 0") } + newVal := n if n == 0 { - o.concurrent = runtime.GOMAXPROCS(0) - } else { - o.concurrent = n + newVal = runtime.GOMAXPROCS(0) } + if o.resetOpt && newVal != o.concurrent { + return errors.New("WithDecoderConcurrency cannot be changed on Reset") + } + o.concurrent = newVal return nil } } @@ -73,6 +86,7 @@ func WithDecoderConcurrency(n int) DOption { // non-streaming operations or maximum window size for streaming operations. // This can be used to control memory usage of potentially hostile content. // Maximum is 1 << 63 bytes. Default is 64GiB. +// Can be changed with ResetWithOptions. func WithDecoderMaxMemory(n uint64) DOption { return func(o *decoderOptions) error { if n == 0 { @@ -92,16 +106,20 @@ func WithDecoderMaxMemory(n uint64) DOption { // "zstd --train" from the Zstandard reference implementation. // // If several dictionaries with the same ID are provided, the last one will be used. +// Can be changed with ResetWithOptions. // // [dictionary format]: https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#dictionary-format func WithDecoderDicts(dicts ...[]byte) DOption { return func(o *decoderOptions) error { + if o.dicts == nil { + o.dicts = make(map[uint32]*dict) + } for _, b := range dicts { d, err := loadDict(b) if err != nil { return err } - o.dicts = append(o.dicts, d) + o.dicts[d.id] = d } return nil } @@ -109,12 +127,16 @@ func WithDecoderDicts(dicts ...[]byte) DOption { // WithDecoderDictRaw registers a dictionary that may be used by the decoder. // The slice content can be arbitrary data. +// Can be changed with ResetWithOptions. func WithDecoderDictRaw(id uint32, content []byte) DOption { return func(o *decoderOptions) error { if bits.UintSize > 32 && uint(len(content)) > dictMaxLength { return fmt.Errorf("dictionary of size %d > 2GiB too large", len(content)) } - o.dicts = append(o.dicts, &dict{id: id, content: content, offsets: [3]int{1, 4, 8}}) + if o.dicts == nil { + o.dicts = make(map[uint32]*dict) + } + o.dicts[id] = &dict{id: id, content: content, offsets: [3]int{1, 4, 8}} return nil } } @@ -124,6 +146,7 @@ func WithDecoderDictRaw(id uint32, content []byte) DOption { // The Decoder will likely allocate more memory based on the WithDecoderLowmem setting. // If WithDecoderMaxMemory is set to a lower value, that will be used. // Default is 512MB, Maximum is ~3.75 TB as per zstandard spec. +// Can be changed with ResetWithOptions. func WithDecoderMaxWindow(size uint64) DOption { return func(o *decoderOptions) error { if size < MinWindowSize { @@ -141,6 +164,7 @@ func WithDecoderMaxWindow(size uint64) DOption { // or any size set in WithDecoderMaxMemory. // This can be used to limit decoding to a specific maximum output size. // Disabled by default. +// Can be changed with ResetWithOptions. func WithDecodeAllCapLimit(b bool) DOption { return func(o *decoderOptions) error { o.limitToCap = b @@ -153,17 +177,37 @@ func WithDecodeAllCapLimit(b bool) DOption { // This typically uses less allocations but will have the full decompressed object in memory. // Note that DecodeAllCapLimit will disable this, as well as giving a size of 0 or less. // Default is 128KiB. +// Cannot be changed with ResetWithOptions. func WithDecodeBuffersBelow(size int) DOption { return func(o *decoderOptions) error { + if o.resetOpt && size != o.decodeBufsBelow { + return errors.New("WithDecodeBuffersBelow cannot be changed on Reset") + } o.decodeBufsBelow = size return nil } } // IgnoreChecksum allows to forcibly ignore checksum checking. +// Can be changed with ResetWithOptions. func IgnoreChecksum(b bool) DOption { return func(o *decoderOptions) error { o.ignoreChecksum = b return nil } } + +// WithDecoderDictDelete removes dictionaries by ID. +// If no ids are passed, all dictionaries are deleted. +// Should be used with ResetWithOptions. +func WithDecoderDictDelete(ids ...uint32) DOption { + return func(o *decoderOptions) error { + if len(ids) == 0 { + clear(o.dicts) + } + for _, id := range ids { + delete(o.dicts, id) + } + return nil + } +} diff --git a/vendor/github.com/klauspost/compress/zstd/encoder.go b/vendor/github.com/klauspost/compress/zstd/encoder.go index 8f8223cd3..19e730acc 100644 --- a/vendor/github.com/klauspost/compress/zstd/encoder.go +++ b/vendor/github.com/klauspost/compress/zstd/encoder.go @@ -131,6 +131,22 @@ func (e *Encoder) Reset(w io.Writer) { s.frameContentSize = 0 } +// ResetWithOptions will re-initialize the writer and apply the given options +// as a new, independent stream. +// Options are applied on top of the existing options. +// Some options cannot be changed on reset and will return an error. +func (e *Encoder) ResetWithOptions(w io.Writer, opts ...EOption) error { + e.o.resetOpt = true + defer func() { e.o.resetOpt = false }() + for _, o := range opts { + if err := o(&e.o); err != nil { + return err + } + } + e.Reset(w) + return nil +} + // ResetContentSize will reset and set a content size for the next stream. // If the bytes written does not match the size given an error will be returned // when calling Close(). diff --git a/vendor/github.com/klauspost/compress/zstd/encoder_options.go b/vendor/github.com/klauspost/compress/zstd/encoder_options.go index 20671dcb9..8e0f5cac7 100644 --- a/vendor/github.com/klauspost/compress/zstd/encoder_options.go +++ b/vendor/github.com/klauspost/compress/zstd/encoder_options.go @@ -14,6 +14,7 @@ type EOption func(*encoderOptions) error // options retains accumulated state of multiple options. type encoderOptions struct { + resetOpt bool concurrent int level EncoderLevel single *bool @@ -71,19 +72,28 @@ func (o encoderOptions) encoder() encoder { // WithEncoderCRC will add CRC value to output. // Output will be 4 bytes larger. +// Can be changed with ResetWithOptions. func WithEncoderCRC(b bool) EOption { return func(o *encoderOptions) error { o.crc = b; return nil } } // WithEncoderConcurrency will set the concurrency, // meaning the maximum number of encoders to run concurrently. -// The value supplied must be at least 1. +// The value supplied must be at least 0. +// When a value of 0 is provided GOMAXPROCS will be used. // For streams, setting a value of 1 will disable async compression. // By default this will be set to GOMAXPROCS. +// Cannot be changed with ResetWithOptions. func WithEncoderConcurrency(n int) EOption { return func(o *encoderOptions) error { - if n <= 0 { - return fmt.Errorf("concurrency must be at least 1") + if n < 0 { + return errors.New("concurrency must at least 0") + } + if n == 0 { + n = runtime.GOMAXPROCS(0) + } + if o.resetOpt && n != o.concurrent { + return errors.New("WithEncoderConcurrency cannot be changed on Reset") } o.concurrent = n return nil @@ -95,6 +105,7 @@ func WithEncoderConcurrency(n int) EOption { // A larger value will enable better compression but allocate more memory and, // for above-default values, take considerably longer. // The default value is determined by the compression level and max 8MB. +// Cannot be changed with ResetWithOptions. func WithWindowSize(n int) EOption { return func(o *encoderOptions) error { switch { @@ -105,6 +116,9 @@ func WithWindowSize(n int) EOption { case (n & (n - 1)) != 0: return errors.New("window size must be a power of 2") } + if o.resetOpt && n != o.windowSize { + return errors.New("WithWindowSize cannot be changed on Reset") + } o.windowSize = n o.customWindow = true @@ -122,6 +136,7 @@ func WithWindowSize(n int) EOption { // n must be > 0 and <= 1GB, 1<<30 bytes. // The padded area will be filled with data from crypto/rand.Reader. // If `EncodeAll` is used with data already in the destination, the total size will be multiple of this. +// Can be changed with ResetWithOptions. func WithEncoderPadding(n int) EOption { return func(o *encoderOptions) error { if n <= 0 { @@ -215,12 +230,16 @@ func (e EncoderLevel) String() string { } // WithEncoderLevel specifies a predefined compression level. +// Cannot be changed with ResetWithOptions. func WithEncoderLevel(l EncoderLevel) EOption { return func(o *encoderOptions) error { switch { case l <= speedNotSet || l >= speedLast: return fmt.Errorf("unknown encoder level") } + if o.resetOpt && l != o.level { + return errors.New("WithEncoderLevel cannot be changed on Reset") + } o.level = l if !o.customWindow { switch o.level { @@ -248,6 +267,7 @@ func WithEncoderLevel(l EncoderLevel) EOption { // WithZeroFrames will encode 0 length input as full frames. // This can be needed for compatibility with zstandard usage, // but is not needed for this package. +// Can be changed with ResetWithOptions. func WithZeroFrames(b bool) EOption { return func(o *encoderOptions) error { o.fullZero = b @@ -259,6 +279,7 @@ func WithZeroFrames(b bool) EOption { // Disabling this will skip incompressible data faster, but in cases with no matches but // skewed character distribution compression is lost. // Default value depends on the compression level selected. +// Can be changed with ResetWithOptions. func WithAllLitEntropyCompression(b bool) EOption { return func(o *encoderOptions) error { o.customALEntropy = true @@ -270,6 +291,7 @@ func WithAllLitEntropyCompression(b bool) EOption { // WithNoEntropyCompression will always skip entropy compression of literals. // This can be useful if content has matches, but unlikely to benefit from entropy // compression. Usually the slight speed improvement is not worth enabling this. +// Can be changed with ResetWithOptions. func WithNoEntropyCompression(b bool) EOption { return func(o *encoderOptions) error { o.noEntropy = b @@ -287,6 +309,7 @@ func WithNoEntropyCompression(b bool) EOption { // This is only a recommendation, each decoder is free to support higher or lower limits, depending on local limitations. // If this is not specified, block encodes will automatically choose this based on the input size and the window size. // This setting has no effect on streamed encodes. +// Can be changed with ResetWithOptions. func WithSingleSegment(b bool) EOption { return func(o *encoderOptions) error { o.single = &b @@ -298,8 +321,12 @@ func WithSingleSegment(b bool) EOption { // slower encoding speed. // This will not change the window size which is the primary function for reducing // memory usage. See WithWindowSize. +// Cannot be changed with ResetWithOptions. func WithLowerEncoderMem(b bool) EOption { return func(o *encoderOptions) error { + if o.resetOpt && b != o.lowMem { + return errors.New("WithLowerEncoderMem cannot be changed on Reset") + } o.lowMem = b return nil } @@ -311,6 +338,7 @@ func WithLowerEncoderMem(b bool) EOption { // "zstd --train" from the Zstandard reference implementation. // // The encoder *may* choose to use no dictionary instead for certain payloads. +// Can be changed with ResetWithOptions. // // [dictionary format]: https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#dictionary-format func WithEncoderDict(dict []byte) EOption { @@ -328,6 +356,7 @@ func WithEncoderDict(dict []byte) EOption { // // The slice content may contain arbitrary data. It will be used as an initial // history. +// Can be changed with ResetWithOptions. func WithEncoderDictRaw(id uint32, content []byte) EOption { return func(o *encoderOptions) error { if bits.UintSize > 32 && uint(len(content)) > dictMaxLength { @@ -337,3 +366,12 @@ func WithEncoderDictRaw(id uint32, content []byte) EOption { return nil } } + +// WithEncoderDictDelete clears the dictionary, so no dictionary will be used. +// Should be used with ResetWithOptions. +func WithEncoderDictDelete() EOption { + return func(o *encoderOptions) error { + o.dict = nil + return nil + } +} diff --git a/vendor/github.com/regclient/regclient/.osv-scanner.toml b/vendor/github.com/regclient/regclient/.osv-scanner.toml index 232496617..69916f390 100644 --- a/vendor/github.com/regclient/regclient/.osv-scanner.toml +++ b/vendor/github.com/regclient/regclient/.osv-scanner.toml @@ -1 +1 @@ -GoVersionOverride = "1.25.5" +GoVersionOverride = "1.26.0" diff --git a/vendor/github.com/regclient/regclient/.version-bump.lock b/vendor/github.com/regclient/regclient/.version-bump.lock index 4750377cc..a90946541 100644 --- a/vendor/github.com/regclient/regclient/.version-bump.lock +++ b/vendor/github.com/regclient/regclient/.version-bump.lock @@ -1,53 +1,53 @@ -{"name":"docker-arg-alpine-digest","key":"docker.io/library/alpine:3.23.0","version":"sha256:51183f2cfa6320055da30872f211093f9ff1d3cf06f39a0bdb212314c5dc7375"} -{"name":"docker-arg-alpine-tag","key":"docker.io/library/alpine","version":"3.23.0"} +{"name":"docker-arg-alpine-digest","key":"docker.io/library/alpine:3.23.3","version":"sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659"} +{"name":"docker-arg-alpine-tag","key":"docker.io/library/alpine","version":"3.23.3"} {"name":"docker-arg-ecr","key":"https://github.com/awslabs/amazon-ecr-credential-helper.git","version":"v0.11.0"} -{"name":"docker-arg-gcr","key":"https://github.com/GoogleCloudPlatform/docker-credential-gcr.git","version":"v2.1.30"} -{"name":"docker-arg-go-digest","key":"docker.io/library/golang:1.25.5-alpine","version":"sha256:26111811bc967321e7b6f852e914d14bede324cd1accb7f81811929a6a57fea9"} -{"name":"docker-arg-go-tag","key":"docker.io/library/golang","version":"1.25.5"} -{"name":"docker-arg-lunajson","key":"https://github.com/grafi-tt/lunajson.git:master","version":"3d10600874527d71519b33ecbb314eb93ccd1df6"} +{"name":"docker-arg-gcr","key":"https://github.com/GoogleCloudPlatform/docker-credential-gcr.git","version":"v2.1.32"} +{"name":"docker-arg-go-digest","key":"docker.io/library/golang:1.26.0-alpine","version":"sha256:d4c4845f5d60c6a974c6000ce58ae079328d03ab7f721a0734277e69905473e5"} +{"name":"docker-arg-go-tag","key":"docker.io/library/golang","version":"1.26.0"} +{"name":"docker-arg-lunajson","key":"https://github.com/grafi-tt/lunajson.git:master","version":"e3a9666eb1275741e887e29926b144f8daee3bef"} {"name":"docker-arg-semver","key":"https://github.com/kikito/semver.lua.git:master","version":"a4b708ba243208d46e575da870af969dca46a94d"} -{"name":"gha-alpine-digest","key":"docker.io/library/alpine:3.23.0","version":"sha256:51183f2cfa6320055da30872f211093f9ff1d3cf06f39a0bdb212314c5dc7375"} +{"name":"gha-alpine-digest","key":"docker.io/library/alpine:3.23.3","version":"sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659"} {"name":"gha-alpine-tag-base","key":"docker.io/library/alpine","version":"3"} -{"name":"gha-alpine-tag-comment","key":"docker.io/library/alpine","version":"3.23.0"} -{"name":"gha-cosign-version","key":"https://github.com/sigstore/cosign.git","version":"v3.0.2"} -{"name":"gha-golang-matrix","key":"golang-matrix","version":"[\"1.24\", \"1.25\"]"} -{"name":"gha-golang-release","key":"golang-latest","version":"1.25"} -{"name":"gha-syft-version","key":"docker.io/anchore/syft","version":"v1.38.0"} -{"name":"gha-uses-commit","key":"https://github.com/actions/checkout.git:v6.0.1","version":"8e8c483db84b4bee98b60c0593521ed34d9990e8"} -{"name":"gha-uses-commit","key":"https://github.com/actions/setup-go.git:v6.1.0","version":"4dc6199c7b1a012772edbd06daecab0f50c9053c"} -{"name":"gha-uses-commit","key":"https://github.com/actions/stale.git:v10.1.1","version":"997185467fa4f803885201cee163a9f38240193d"} -{"name":"gha-uses-commit","key":"https://github.com/actions/upload-artifact.git:v5.0.0","version":"330a01c490aca151604b8cf639adc76d48f6c5d4"} -{"name":"gha-uses-commit","key":"https://github.com/anchore/sbom-action.git:v0.20.10","version":"fbfd9c6c189226748411491745178e0c2017392d"} -{"name":"gha-uses-commit","key":"https://github.com/docker/build-push-action.git:v6.18.0","version":"263435318d21b8e681c14492fe198d362a7d2c83"} -{"name":"gha-uses-commit","key":"https://github.com/docker/login-action.git:v3.6.0","version":"5e57cd118135c172c3672efd75eb46360885c0ef"} -{"name":"gha-uses-commit","key":"https://github.com/docker/setup-buildx-action.git:v3.11.1","version":"e468171a9de216ec08956ac3ada2f0791b6bd435"} -{"name":"gha-uses-commit","key":"https://github.com/regclient/actions.git:main","version":"1ea6cfdb5365b98ff1201dde150f417efc4a2079"} +{"name":"gha-alpine-tag-comment","key":"docker.io/library/alpine","version":"3.23.3"} +{"name":"gha-cosign-version","key":"https://github.com/sigstore/cosign.git","version":"v3.0.5"} +{"name":"gha-golang-matrix","key":"golang-matrix","version":"[\"1.25\", \"1.26\"]"} +{"name":"gha-golang-release","key":"golang-latest","version":"1.26"} +{"name":"gha-syft-version","key":"docker.io/anchore/syft","version":"v1.42.1"} +{"name":"gha-uses-commit","key":"https://github.com/actions/checkout.git:v6.0.2","version":"de0fac2e4500dabe0009e67214ff5f5447ce83dd"} +{"name":"gha-uses-commit","key":"https://github.com/actions/setup-go.git:v6.2.0","version":"7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5"} +{"name":"gha-uses-commit","key":"https://github.com/actions/stale.git:v10.2.0","version":"b5d41d4e1d5dceea10e7104786b73624c18a190f"} +{"name":"gha-uses-commit","key":"https://github.com/actions/upload-artifact.git:v6.0.0","version":"b7c566a772e6b6bfb58ed0dc250532a479d7789f"} +{"name":"gha-uses-commit","key":"https://github.com/anchore/sbom-action.git:v0.22.2","version":"28d71544de8eaf1b958d335707167c5f783590ad"} +{"name":"gha-uses-commit","key":"https://github.com/docker/build-push-action.git:v6.19.2","version":"10e90e3645eae34f1e60eeb005ba3a3d33f178e8"} +{"name":"gha-uses-commit","key":"https://github.com/docker/login-action.git:v3.7.0","version":"c94ce9fb468520275223c153574b00df6fe4bcc9"} +{"name":"gha-uses-commit","key":"https://github.com/docker/setup-buildx-action.git:v3.12.0","version":"8d2750c68a42422c14e847fe6c8ac0403b4cbd6f"} +{"name":"gha-uses-commit","key":"https://github.com/regclient/actions.git:main","version":"da9319db8e44e8b062b3a147e1dfb2f574d41a03"} {"name":"gha-uses-commit","key":"https://github.com/sigstore/cosign-installer.git:v4.0.0","version":"faadad0cce49287aee09b3a48701e75088a2c6ad"} {"name":"gha-uses-commit","key":"https://github.com/softprops/action-gh-release.git:v2.5.0","version":"a06a81a03ee405af7f2048a818ed3f03bbf83c7b"} -{"name":"gha-uses-semver","key":"https://github.com/actions/checkout.git","version":"v6.0.1"} -{"name":"gha-uses-semver","key":"https://github.com/actions/setup-go.git","version":"v6.1.0"} -{"name":"gha-uses-semver","key":"https://github.com/actions/stale.git","version":"v10.1.1"} -{"name":"gha-uses-semver","key":"https://github.com/actions/upload-artifact.git","version":"v5.0.0"} -{"name":"gha-uses-semver","key":"https://github.com/anchore/sbom-action.git","version":"v0.20.10"} -{"name":"gha-uses-semver","key":"https://github.com/docker/build-push-action.git","version":"v6.18.0"} -{"name":"gha-uses-semver","key":"https://github.com/docker/login-action.git","version":"v3.6.0"} -{"name":"gha-uses-semver","key":"https://github.com/docker/setup-buildx-action.git","version":"v3.11.1"} +{"name":"gha-uses-semver","key":"https://github.com/actions/checkout.git","version":"v6.0.2"} +{"name":"gha-uses-semver","key":"https://github.com/actions/setup-go.git","version":"v6.2.0"} +{"name":"gha-uses-semver","key":"https://github.com/actions/stale.git","version":"v10.2.0"} +{"name":"gha-uses-semver","key":"https://github.com/actions/upload-artifact.git","version":"v6.0.0"} +{"name":"gha-uses-semver","key":"https://github.com/anchore/sbom-action.git","version":"v0.22.2"} +{"name":"gha-uses-semver","key":"https://github.com/docker/build-push-action.git","version":"v6.19.2"} +{"name":"gha-uses-semver","key":"https://github.com/docker/login-action.git","version":"v3.7.0"} +{"name":"gha-uses-semver","key":"https://github.com/docker/setup-buildx-action.git","version":"v3.12.0"} {"name":"gha-uses-semver","key":"https://github.com/sigstore/cosign-installer.git","version":"v4.0.0"} {"name":"gha-uses-semver","key":"https://github.com/softprops/action-gh-release.git","version":"v2.5.0"} -{"name":"go-mod-golang-release","key":"golang-oldest","version":"1.24.0"} +{"name":"go-mod-golang-release","key":"golang-oldest","version":"1.25.0"} {"name":"makefile-ci-distribution","key":"docker.io/library/registry","version":"3.0.0"} -{"name":"makefile-ci-zot","key":"ghcr.io/project-zot/zot-linux-amd64","version":"v2.1.11"} +{"name":"makefile-ci-zot","key":"ghcr.io/project-zot/zot-linux-amd64","version":"v2.1.14"} {"name":"makefile-go-vulncheck","key":"https://go.googlesource.com/vuln.git","version":"v1.1.4"} {"name":"makefile-gofumpt","key":"https://github.com/mvdan/gofumpt.git","version":"v0.9.2"} {"name":"makefile-gomajor","key":"https://github.com/icholy/gomajor.git","version":"v0.15.0"} -{"name":"makefile-gosec","key":"https://github.com/securego/gosec.git","version":"v2.22.10"} -{"name":"makefile-markdown-lint","key":"docker.io/davidanson/markdownlint-cli2","version":"v0.20.0"} -{"name":"makefile-osv-scanner","key":"https://github.com/google/osv-scanner.git","version":"v2.3.0"} -{"name":"makefile-staticcheck","key":"https://github.com/dominikh/go-tools.git","version":"v0.6.1"} -{"name":"makefile-syft-container-digest","key":"anchore/syft:v1.38.0","version":"sha256:825cad3a952c87676a6d07e9a3bb05ac9c401d598360070e970aa46d54c1727e"} -{"name":"makefile-syft-container-tag","key":"anchore/syft","version":"v1.38.0"} -{"name":"makefile-syft-version","key":"docker.io/anchore/syft","version":"v1.38.0"} -{"name":"osv-golang-release","key":"docker.io/library/golang","version":"1.25.5"} -{"name":"shell-alpine-digest","key":"docker.io/library/alpine:3.23.0","version":"sha256:51183f2cfa6320055da30872f211093f9ff1d3cf06f39a0bdb212314c5dc7375"} +{"name":"makefile-gosec","key":"https://github.com/securego/gosec.git","version":"v2.23.0"} +{"name":"makefile-markdown-lint","key":"docker.io/davidanson/markdownlint-cli2","version":"v0.21.0"} +{"name":"makefile-osv-scanner","key":"https://github.com/google/osv-scanner.git","version":"v2.3.3"} +{"name":"makefile-staticcheck","key":"https://github.com/dominikh/go-tools.git","version":"v0.7.0"} +{"name":"makefile-syft-container-digest","key":"anchore/syft:v1.42.1","version":"sha256:392b65f29a410d2c1294d347bb3ad6f37608345ab6e7b43d2df03ea18bd6f5b0"} +{"name":"makefile-syft-container-tag","key":"anchore/syft","version":"v1.42.1"} +{"name":"makefile-syft-version","key":"docker.io/anchore/syft","version":"v1.42.1"} +{"name":"osv-golang-release","key":"docker.io/library/golang","version":"1.26.0"} +{"name":"shell-alpine-digest","key":"docker.io/library/alpine:3.23.3","version":"sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659"} {"name":"shell-alpine-tag-base","key":"docker.io/library/alpine","version":"3"} -{"name":"shell-alpine-tag-comment","key":"docker.io/library/alpine","version":"3.23.0"} +{"name":"shell-alpine-tag-comment","key":"docker.io/library/alpine","version":"3.23.3"} diff --git a/vendor/github.com/regclient/regclient/Makefile b/vendor/github.com/regclient/regclient/Makefile index 56ea1143b..6ecc2e65c 100644 --- a/vendor/github.com/regclient/regclient/Makefile +++ b/vendor/github.com/regclient/regclient/Makefile @@ -35,31 +35,31 @@ ifeq "$(strip $(VER_BUMP))" '' -u "$(shell id -u):$(shell id -g)" \ $(VER_BUMP_CONTAINER) endif -MARKDOWN_LINT_VER?=v0.20.0 +MARKDOWN_LINT_VER?=v0.21.0 GOFUMPT_VER?=v0.9.2 GOMAJOR_VER?=v0.15.0 -GOSEC_VER?=v2.22.10 +GOSEC_VER?=v2.23.0 GO_VULNCHECK_VER?=v1.1.4 -OSV_SCANNER_VER?=v2.3.0 +OSV_SCANNER_VER?=v2.3.3 SYFT?=$(shell command -v syft 2>/dev/null) SYFT_CMD_VER:=$(shell [ -x "$(SYFT)" ] && echo "v$$($(SYFT) version | awk '/^Version: / {print $$2}')" || echo "0") -SYFT_VERSION?=v1.38.0 -SYFT_CONTAINER?=anchore/syft:v1.38.0@sha256:825cad3a952c87676a6d07e9a3bb05ac9c401d598360070e970aa46d54c1727e +SYFT_VERSION?=v1.42.1 +SYFT_CONTAINER?=anchore/syft:v1.42.1@sha256:392b65f29a410d2c1294d347bb3ad6f37608345ab6e7b43d2df03ea18bd6f5b0 ifneq "$(SYFT_CMD_VER)" "$(SYFT_VERSION)" SYFT=docker run --rm \ -v "$(shell pwd)/:$(shell pwd)/" -w "$(shell pwd)" \ -u "$(shell id -u):$(shell id -g)" \ $(SYFT_CONTAINER) endif -STATICCHECK_VER?=v0.6.1 +STATICCHECK_VER?=v0.7.0 CI_DISTRIBUTION_VER?=3.0.0 -CI_ZOT_VER?=v2.1.11 +CI_ZOT_VER?=v2.1.14 .PHONY: .FORCE .FORCE: .PHONY: all -all: fmt gofumpt goimports vet test lint binaries ## Full build of Go binaries (including fmt, vet, test, and lint) +all: fmt gofumpt gofix goimports vet test lint binaries ## Full build of Go binaries (including fmt, vet, test, and lint) .PHONY: fmt fmt: ## go fmt @@ -69,6 +69,10 @@ fmt: ## go fmt gofumpt: $(GOPATH)/bin/gofumpt ## gofumpt is a stricter alternative to go fmt gofumpt -l -w . +.PHONY: gofix +gofix: ## go fix + go fix ./... + goimports: $(GOPATH)/bin/goimports $(GOPATH)/bin/goimports -w -format-only -local github.com/regclient . @@ -87,6 +91,7 @@ lint: lint-go lint-goimports lint-md lint-gosec ## Run all linting lint-go: $(GOPATH)/bin/gofumpt $(GOPATH)/bin/staticcheck .FORCE ## Run linting for Go $(GOPATH)/bin/staticcheck -checks all ./... $(GOPATH)/bin/gofumpt -l -d . + errors=$$(go fix -diff ./...); if [ "$${errors}" != "" ]; then echo "$${errors}"; exit 1; fi lint-goimports: $(GOPATH)/bin/goimports @if [ -n "$$($(GOPATH)/bin/goimports -l -format-only -local github.com/regclient .)" ]; then \ @@ -246,11 +251,11 @@ $(GOPATH)/bin/gomajor: .FORCE || go install github.com/icholy/gomajor@$(GOMAJOR_VER) $(GOPATH)/bin/goimports: .FORCE - @[ -f "$(GOPATH)/bin/goimports" ] \ + @[ -f "$(GOPATH)/bin/goimports" ] && [ "$$(go version | cut -f3 -d' ')" = "$$(go version $(GOPATH)/bin/goimports | cut -f2 -d' ')" ] \ || go install golang.org/x/tools/cmd/goimports@latest $(GOPATH)/bin/gorelease: .FORCE - @[ -f "$(GOPATH)/bin/gorelease" ] \ + @[ -f "$(GOPATH)/bin/gorelease" ] && [ "$$(go version | cut -f3 -d' ')" = "$$(go version $(GOPATH)/bin/gorelease | cut -f2 -d' ')" ] \ || go install golang.org/x/exp/cmd/gorelease@latest $(GOPATH)/bin/gosec: .FORCE diff --git a/vendor/github.com/regclient/regclient/blob.go b/vendor/github.com/regclient/regclient/blob.go index 4bea46791..a55d281b0 100644 --- a/vendor/github.com/regclient/regclient/blob.go +++ b/vendor/github.com/regclient/regclient/blob.go @@ -23,7 +23,8 @@ import ( const blobCBFreq = time.Millisecond * 100 type blobOpt struct { - callback func(kind types.CallbackKind, instance string, state types.CallbackState, cur, total int64) + callback func(kind types.CallbackKind, instance string, state types.CallbackState, cur, total int64) + readerHook func(*blob.BReader) (*blob.BReader, error) } // BlobOpts define options for the Image* commands. @@ -36,6 +37,15 @@ func BlobWithCallback(callback func(kind types.CallbackKind, instance string, st } } +// BlobWithReaderHook is called in [RegClient.BlobCopy] with the blob source. +// The returned [blob.BReader] is pushed to the target. +// If the hook returns an error, the copy will fail. +func BlobWithReaderHook(hook func(*blob.BReader) (*blob.BReader, error)) BlobOpts { + return func(opts *blobOpt) { + opts.readerHook = hook + } +} + // BlobCopy copies a blob between two locations. // If the blob already exists in the target, the copy is skipped. // A server side cross repository blob mount is attempted. @@ -162,6 +172,15 @@ func (rc *RegClient) BlobCopy(ctx context.Context, refSrc ref.Ref, refTgt ref.Re } }() } + if opt.readerHook != nil { + blobIO, err = opt.readerHook(blobIO) + if err != nil { + rc.slog.Warn("Failed to apply reader hook to blob", + slog.String("src", refSrc.Reference), + slog.String("err", err.Error())) + return err + } + } defer blobIO.Close() if _, err := rc.BlobPut(ctx, refTgt, blobIO.GetDescriptor(), blobIO); err != nil { if !errors.Is(err, context.Canceled) { diff --git a/vendor/github.com/regclient/regclient/config/credhelper.go b/vendor/github.com/regclient/regclient/config/credhelper.go index 3aa2e73fb..413e70404 100644 --- a/vendor/github.com/regclient/regclient/config/credhelper.go +++ b/vendor/github.com/regclient/regclient/config/credhelper.go @@ -37,7 +37,7 @@ func (ch *credHelper) run(arg string, input io.Reader) ([]byte, error) { type credStore struct { ServerURL string `json:"ServerURL"` Username string `json:"Username"` - Secret string `json:"Secret"` + Secret string `json:"Secret"` //#nosec G117 exported struct intentionally holds secrets } // get requests a credential from the helper for a given host. diff --git a/vendor/github.com/regclient/regclient/config/docker.go b/vendor/github.com/regclient/regclient/config/docker.go index b4b91a0ef..cb73a60e6 100644 --- a/vendor/github.com/regclient/regclient/config/docker.go +++ b/vendor/github.com/regclient/regclient/config/docker.go @@ -49,7 +49,7 @@ type dockerProxyConfig struct { // dockerAuthConfig contains the auths type dockerAuthConfig struct { Username string `json:"username,omitempty"` - Password string `json:"password,omitempty"` + Password string `json:"password,omitempty"` //#nosec G117 exported struct intentionally holds secrets Auth string `json:"auth,omitempty"` ServerAddress string `json:"serveraddress,omitempty"` @@ -70,7 +70,10 @@ func DockerLoad() ([]Host, error) { hosts := []Host{} errList := []error{} // load from a file - cf := conffile.New(conffile.WithDirName(dockerDir, dockerConfFile), conffile.WithEnvDir(dockerEnv, dockerConfFile)) + cf := conffile.New( + conffile.WithHomeDir(dockerDir, dockerConfFile, true), + conffile.WithEnvDir(dockerEnv, dockerConfFile), + ) rdr, err := cf.Open() if err != nil && !errors.Is(err, fs.ErrNotExist) { errList = append(errList, err) diff --git a/vendor/github.com/regclient/regclient/config/host.go b/vendor/github.com/regclient/regclient/config/host.go index d68f83337..8d751482e 100644 --- a/vendor/github.com/regclient/regclient/config/host.go +++ b/vendor/github.com/regclient/regclient/config/host.go @@ -104,10 +104,10 @@ type Host struct { TLS TLSConf `json:"tls,omitempty" yaml:"tls"` // TLS setting: enabled (default), disabled, insecure RegCert string `json:"regcert,omitempty" yaml:"regcert"` // public pem cert of registry ClientCert string `json:"clientCert,omitempty" yaml:"clientCert"` // public pem cert for client (mTLS) - ClientKey string `json:"clientKey,omitempty" yaml:"clientKey"` // private pem cert for client (mTLS) + ClientKey string `json:"clientKey,omitempty" yaml:"clientKey"` //#nosec G117 private pem cert for client (mTLS) Hostname string `json:"hostname,omitempty" yaml:"hostname"` // hostname of registry, default is the registry name User string `json:"user,omitempty" yaml:"user"` // username, not used with credHelper - Pass string `json:"pass,omitempty" yaml:"pass"` // password, not used with credHelper + Pass string `json:"pass,omitempty" yaml:"pass"` //#nosec G117 password, not used with credHelper Token string `json:"token,omitempty" yaml:"token"` // token, experimental for specific APIs CredHelper string `json:"credHelper,omitempty" yaml:"credHelper"` // credential helper command for requesting logins CredExpire timejson.Duration `json:"credExpire,omitempty" yaml:"credExpire"` // time until credential expires @@ -128,7 +128,7 @@ type Host struct { // Cred defines a user credential for accessing a registry. type Cred struct { - User, Password, Token string + User, Password, Token string //#nosec G117 exported struct intentionally holds secrets } // HostNew creates a default Host entry. @@ -171,9 +171,7 @@ func HostNewDefName(def *Host, name string) *Host { if len(h.APIOpts) > 0 { orig := h.APIOpts h.APIOpts = map[string]string{} - for k, v := range orig { - h.APIOpts[k] = v - } + maps.Copy(h.APIOpts, orig) } if h.Mirrors != nil { orig := h.Mirrors @@ -235,12 +233,11 @@ func (host *Host) refreshHelper() { // IsZero returns true if the struct is set to the zero value or the result of [HostNew]. func (host Host) IsZero() bool { - if host.Name != "" || - (host.TLS != TLSUndefined && host.TLS != TLSEnabled) || + if (host.TLS != TLSUndefined && host.TLS != TLSEnabled) || host.RegCert != "" || host.ClientCert != "" || host.ClientKey != "" || - host.Hostname != "" || + (host.Hostname != "" && host.Hostname != host.Name) || host.User != "" || host.Pass != "" || host.Token != "" || diff --git a/vendor/github.com/regclient/regclient/image.go b/vendor/github.com/regclient/regclient/image.go index c282fc5ac..6a9a0c877 100644 --- a/vendor/github.com/regclient/regclient/image.go +++ b/vendor/github.com/regclient/regclient/image.go @@ -107,6 +107,7 @@ type imageOpt struct { mu sync.Mutex seen map[string]*imageSeen finalFn []func(context.Context) error + blobReaderHook func(*blob.BReader) (*blob.BReader, error) } type imageSeen struct { @@ -117,6 +118,16 @@ type imageSeen struct { // ImageOpts define options for the Image* commands. type ImageOpts func(*imageOpt) +// ImageWithBlobReaderHook calls the given function on every blob copy in [RegClient.ImageCopy]. +// The hook receives a [blob.BReader] from getting the blob from the source. +// The returned [blob.BReader] will be used for pushing the blob to the target. +// If the hook returns an error on any blob, the image copy may fail. +func ImageWithBlobReaderHook(fn func(*blob.BReader) (*blob.BReader, error)) ImageOpts { + return func(opts *imageOpt) { + opts.blobReaderHook = fn + } +} + // ImageWithCallback provides progress data to a callback function. func ImageWithCallback(callback func(kind types.CallbackKind, instance string, state types.CallbackState, cur, total int64)) ImageOpts { return func(opts *imageOpt) { @@ -627,6 +638,9 @@ func (rc *RegClient) imageCopyOpt(ctx context.Context, refSrc ref.Ref, refTgt re if opt.callback != nil { bOpt = append(bOpt, BlobWithCallback(opt.callback)) } + if opt.blobReaderHook != nil { + bOpt = append(bOpt, BlobWithReaderHook(opt.blobReaderHook)) + } waitCh := make(chan error) waitCount := 0 ctx, cancel := context.WithCancel(ctx) diff --git a/vendor/github.com/regclient/regclient/internal/auth/auth.go b/vendor/github.com/regclient/regclient/internal/auth/auth.go index a39bcfe8d..cbe7885e8 100644 --- a/vendor/github.com/regclient/regclient/internal/auth/auth.go +++ b/vendor/github.com/regclient/regclient/internal/auth/auth.go @@ -55,6 +55,7 @@ type CredsFn func(host string) Cred // Else if user and password are provided, they are attempted with all auth methods. // Else if neither are provided and auth method is bearer, an anonymous login is attempted. type Cred struct { + //#nosec G117 exported struct intentionally holds secrets User, Password string // clear text username and password Token string // refresh token only used for bearer auth } @@ -505,10 +506,10 @@ type bearerHandler struct { // bearerToken is the json response to the Bearer request type bearerToken struct { Token string `json:"token"` - AccessToken string `json:"access_token"` + AccessToken string `json:"access_token"` //#nosec G117 exported struct intentionally holds secrets ExpiresIn int `json:"expires_in"` IssuedAt time.Time `json:"issued_at"` - RefreshToken string `json:"refresh_token"` + RefreshToken string `json:"refresh_token"` //#nosec G117 exported struct intentionally holds secrets Scope string `json:"scope"` } @@ -700,6 +701,7 @@ func (b *bearerHandler) tryGet(cred Cred) error { req.Header.Add("User-Agent", b.clientID) req.URL.RawQuery = reqParams.Encode() + //#nosec G704 inputs are user controlled or follow specification resp, err := b.client.Do(req) if err != nil { return err @@ -738,6 +740,7 @@ func (b *bearerHandler) tryPost(cred Cred) error { req.Header.Set("Content-Type", "application/x-www-form-urlencoded; charset=utf-8") req.Header.Add("User-Agent", b.clientID) + //#nosec G704 inputs are user controlled or follow specification resp, err := b.client.Do(req) if err != nil { return err @@ -827,12 +830,12 @@ type jwtHubHandler struct { type jwtHubPost struct { User string `json:"username"` - Pass string `json:"password"` + Pass string `json:"password"` //#nosec G117 exported struct intentionally holds secrets } type jwtHubResp struct { Detail string `json:"detail"` Token string `json:"token"` - RefreshToken string `json:"refresh_token"` + RefreshToken string `json:"refresh_token"` //#nosec G117 exported struct intentionally holds secrets } // NewJWTHubHandler creates a new JWTHandler for Docker Hub. @@ -881,6 +884,7 @@ func (j *jwtHubHandler) ProcessChallenge(c challenge) error { req.Header.Add("Accept", "application/json") req.Header.Add("User-Agent", j.clientID) + //#nosec G704 inputs are user controlled or follow specification requirements resp, err := j.client.Do(req) if err != nil { return err diff --git a/vendor/github.com/regclient/regclient/internal/cache/cache.go b/vendor/github.com/regclient/regclient/internal/cache/cache.go index 4bc4523e4..a08def82d 100644 --- a/vendor/github.com/regclient/regclient/internal/cache/cache.go +++ b/vendor/github.com/regclient/regclient/internal/cache/cache.go @@ -1,5 +1,4 @@ //go:build go1.18 -// +build go1.18 // Package cache is used to store values with limits. // Items are automatically pruned when too many entries are stored, or values become stale. diff --git a/vendor/github.com/regclient/regclient/internal/conffile/conffile.go b/vendor/github.com/regclient/regclient/internal/conffile/conffile.go index 0ed84a9e5..ba8f7aa85 100644 --- a/vendor/github.com/regclient/regclient/internal/conffile/conffile.go +++ b/vendor/github.com/regclient/regclient/internal/conffile/conffile.go @@ -7,6 +7,7 @@ import ( "io" "io/fs" "os" + "os/user" "path/filepath" ) @@ -17,7 +18,8 @@ type File struct { type Opt func(*File) -// New returns a new File +// New returns a new File. +// The last successful option determines the filename. func New(opts ...Opt) *File { f := File{perms: 0o600} for _, fn := range opts { @@ -29,15 +31,34 @@ func New(opts ...Opt) *File { return &f } -// WithDirName determines the filename from a subdirectory in the user's HOME -// e.g. dir=".app", name="config.json", sets the fullname to "$HOME/.app/config.json" -func WithDirName(dir, name string) Opt { +// WithAppDir determines the filename from the XDG or Windows specification. +// By default, this is based in $HOME/.config on Linux and %APPDATA% on Windows. +// If the file does not exist, this will set the filename only if "force" is true. +func WithAppDir(unixDir, winDir, name string, force bool) Opt { + var dir string + if winDir == "" { + dir = unixDir + } else { + dir = osString(unixDir, winDir) + } return func(f *File) { - f.fullname = filepath.Join(homedir(), dir, name) + fullname := filepath.Join(appDir(), dir, name) + if force || exists(fullname) { + f.fullname = fullname + } } } -// WithEnvFile sets the fullname to the environment value if defined +// WithDirName determines the filename from a subdirectory in the user's HOME. +// +// Deprecated: Replace with [WithHomeDir] +// +//go:fix inline +func WithDirName(dir, name string) Opt { + return WithHomeDir(dir, name, true) +} + +// WithEnvFile sets the fullname to the environment value if defined. func WithEnvFile(envVar string) Opt { return func(f *File) { val := os.Getenv(envVar) @@ -47,7 +68,7 @@ func WithEnvFile(envVar string) Opt { } } -// WithEnvDir sets the fullname to the environment value + filename if the environment variable is defined +// WithEnvDir sets the fullname to the environment value + filename if the environment variable is defined. func WithEnvDir(envVar, name string) Opt { return func(f *File) { val := os.Getenv(envVar) @@ -57,14 +78,27 @@ func WithEnvDir(envVar, name string) Opt { } } -// WithFullname specifies the filename +// WithFullname specifies the filename. +// This will always set the filename even if the file does not exist. func WithFullname(fullname string) Opt { return func(f *File) { f.fullname = fullname } } -// WithPerms specifies the permissions to create a file with (default 0600) +// WithHomeDir determines the filename from a subdirectory in the user's HOME +// e.g. dir=".app", name="config.json", sets the fullname to "$HOME/.app/config.json". +// If the file does not exist, this will set the filename only if "force" is true. +func WithHomeDir(dir, name string, force bool) Opt { + return func(f *File) { + filename := filepath.Join(homeDir(), dir, name) + if force || exists(filename) { + f.fullname = filename + } + } +} + +// WithPerms specifies the permissions to create a file with (default 0600). func WithPerms(perms int) Opt { return func(f *File) { f.perms = perms @@ -124,12 +158,31 @@ func (f *File) Write(rdr io.Reader) error { } // update mode and owner of temp file + //#nosec G703 tempfile location is user controlled if err := os.Chmod(tmpFullname, mode); err != nil { return err } if uid > 0 && gid > 0 { + //#nosec G703 tempfile location is user controlled _ = os.Chown(tmpFullname, uid, gid) } // move temp file to target filename + //#nosec G703 tempfile location is user controlled return os.Rename(tmpFullname, f.fullname) } + +func exists(name string) bool { + _, err := os.Stat(name) + return err == nil +} + +func homeDir() string { + home := os.Getenv(homeEnv) + if home == "" { + u, err := user.Current() + if err == nil { + home = u.HomeDir + } + } + return home +} diff --git a/vendor/github.com/regclient/regclient/internal/conffile/conffile_unix.go b/vendor/github.com/regclient/regclient/internal/conffile/conffile_unix.go index 1b1dca47b..ffb1fd1b9 100644 --- a/vendor/github.com/regclient/regclient/internal/conffile/conffile_unix.go +++ b/vendor/github.com/regclient/regclient/internal/conffile/conffile_unix.go @@ -1,14 +1,27 @@ //go:build !windows -// +build !windows package conffile import ( "io/fs" + "os" + "path/filepath" "syscall" ) -const homeEnv = "HOME" +const ( + appDirEnv = "XDG_CONFIG_HOME" + homeEnv = "HOME" +) + +func appDir() string { + appDir := os.Getenv(appDirEnv) + if appDir == "" { + home := homeDir() + appDir = filepath.Join(home, ".config") + } + return appDir +} func getFileOwner(stat fs.FileInfo) (int, int, error) { var uid, gid int @@ -18,3 +31,7 @@ func getFileOwner(stat fs.FileInfo) (int, int, error) { } return uid, gid, nil } + +func osString(unix, _ string) string { + return unix +} diff --git a/vendor/github.com/regclient/regclient/internal/conffile/conffile_windows.go b/vendor/github.com/regclient/regclient/internal/conffile/conffile_windows.go index eb2f5558f..5008dd477 100644 --- a/vendor/github.com/regclient/regclient/internal/conffile/conffile_windows.go +++ b/vendor/github.com/regclient/regclient/internal/conffile/conffile_windows.go @@ -1,14 +1,31 @@ //go:build windows -// +build windows package conffile import ( "io/fs" + "os" + "path/filepath" ) -const homeEnv = "USERPROFILE" +const ( + appDirEnv = "APPDATA" + homeEnv = "USERPROFILE" +) + +func appDir() string { + appDir := os.Getenv(appDirEnv) + if appDir == "" { + home := homeDir() + appDir = filepath.Join(home, "AppData") + } + return appDir +} -func getFileOwner(stat fs.FileInfo) (int, int, error) { +func getFileOwner(_ fs.FileInfo) (int, int, error) { return 0, 0, nil } + +func osString(_, win string) string { + return win +} diff --git a/vendor/github.com/regclient/regclient/internal/conffile/homedir.go b/vendor/github.com/regclient/regclient/internal/conffile/homedir.go deleted file mode 100644 index 782cddc67..000000000 --- a/vendor/github.com/regclient/regclient/internal/conffile/homedir.go +++ /dev/null @@ -1,17 +0,0 @@ -package conffile - -import ( - "os" - "os/user" -) - -func homedir() string { - home := os.Getenv(homeEnv) - if home == "" { - u, err := user.Current() - if err == nil { - home = u.HomeDir - } - } - return home -} diff --git a/vendor/github.com/regclient/regclient/internal/reghttp/http.go b/vendor/github.com/regclient/regclient/internal/reghttp/http.go index a9a3309fa..7f857881c 100644 --- a/vendor/github.com/regclient/regclient/internal/reghttp/http.go +++ b/vendor/github.com/regclient/regclient/internal/reghttp/http.go @@ -429,6 +429,7 @@ func (resp *Resp) next() error { // send request hc := h.getHTTPClient(req.Repository) + //#nosec G704 inputs are user controlled and sanitized resp.resp, err = hc.Do(httpReq) if err != nil { c.slog.Debug("Request failed", diff --git a/vendor/github.com/regclient/regclient/internal/sloghandle/logrus.go b/vendor/github.com/regclient/regclient/internal/sloghandle/logrus.go index 4f7ec4bf3..ac549d18a 100644 --- a/vendor/github.com/regclient/regclient/internal/sloghandle/logrus.go +++ b/vendor/github.com/regclient/regclient/internal/sloghandle/logrus.go @@ -1,5 +1,4 @@ //go:build !wasm -// +build !wasm // Package sloghandle provides a transition handler for migrating from logrus to slog. package sloghandle diff --git a/vendor/github.com/regclient/regclient/internal/version/version_buildinfo.go b/vendor/github.com/regclient/regclient/internal/version/version_buildinfo.go index bf94cd6af..cd7ce60c2 100644 --- a/vendor/github.com/regclient/regclient/internal/version/version_buildinfo.go +++ b/vendor/github.com/regclient/regclient/internal/version/version_buildinfo.go @@ -1,5 +1,4 @@ //go:build go1.18 -// +build go1.18 package version diff --git a/vendor/github.com/regclient/regclient/internal/version/version_old.go b/vendor/github.com/regclient/regclient/internal/version/version_old.go index 83f35decc..beb1c42ab 100644 --- a/vendor/github.com/regclient/regclient/internal/version/version_old.go +++ b/vendor/github.com/regclient/regclient/internal/version/version_old.go @@ -1,5 +1,4 @@ //go:build !go1.18 -// +build !go1.18 package version diff --git a/vendor/github.com/regclient/regclient/regclient_nowasm.go b/vendor/github.com/regclient/regclient/regclient_nowasm.go index d99ca1eda..bde8e8e89 100644 --- a/vendor/github.com/regclient/regclient/regclient_nowasm.go +++ b/vendor/github.com/regclient/regclient/regclient_nowasm.go @@ -1,5 +1,4 @@ //go:build !wasm -// +build !wasm package regclient diff --git a/vendor/github.com/regclient/regclient/release.md b/vendor/github.com/regclient/regclient/release.md index c17200a71..104aad395 100644 --- a/vendor/github.com/regclient/regclient/release.md +++ b/vendor/github.com/regclient/regclient/release.md @@ -1,19 +1,36 @@ -# Release v0.11.1 +# Release v0.11.2 -Security: +Features: -- Go 1.25.5 fixes CVE-2025-61729 ([PR 1025][pr-1025]) -- Go 1.25.5 fixes CVE-2025-61727 ([PR 1025][pr-1025]) +- Add support for regctl config in XDG and APPDATA. ([PR 1038][pr-1038]) +- Add `ImageWithBlobReaderHook` for callbacks per layer when copying an image. ([PR 1046][pr-1046]) Fixes: -- Correct selection of previous tag for releases. ([PR 1023][pr-1023]) -- Make sure ContentLength is correctly set in the request. ([PR 1024][pr-1024]) +- Do not sign released images multiple times. ([PR 1027][pr-1027]) +- regctl/action update for path fix. ([PR 1031][pr-1031]) +- Remove default values from regctl config. ([PR 1039][pr-1039]) +- Apply Go modernizations with `go fix` from 1.26.0. ([PR 1053][pr-1053]) +- Adjust test repo names to avoid races. ([PR 1054][pr-1054]) +- Automatically upgrade goimports and gorelease. ([PR 1056][pr-1056]) + +Other Changes: + +- Add `REGCTL_CONFIG` to `regctl` help messages. ([PR 1037][pr-1037]) +- Go upgrade fixes CVE-2025-68121, govulncheck indicates this project is not vulnerable. ([PR 1047][pr-1047]) Contributors: - @sudo-bmitch +- @vrajashkr -[pr-1023]: https://github.com/regclient/regclient/pull/1023 -[pr-1024]: https://github.com/regclient/regclient/pull/1024 -[pr-1025]: https://github.com/regclient/regclient/pull/1025 +[pr-1027]: https://github.com/regclient/regclient/pull/1027 +[pr-1031]: https://github.com/regclient/regclient/pull/1031 +[pr-1037]: https://github.com/regclient/regclient/pull/1037 +[pr-1038]: https://github.com/regclient/regclient/pull/1038 +[pr-1039]: https://github.com/regclient/regclient/pull/1039 +[pr-1047]: https://github.com/regclient/regclient/pull/1047 +[pr-1046]: https://github.com/regclient/regclient/pull/1046 +[pr-1053]: https://github.com/regclient/regclient/pull/1053 +[pr-1054]: https://github.com/regclient/regclient/pull/1054 +[pr-1056]: https://github.com/regclient/regclient/pull/1056 diff --git a/vendor/github.com/regclient/regclient/scheme/ocidir/blob.go b/vendor/github.com/regclient/regclient/scheme/ocidir/blob.go index e4580792e..64f78b562 100644 --- a/vendor/github.com/regclient/regclient/scheme/ocidir/blob.go +++ b/vendor/github.com/regclient/regclient/scheme/ocidir/blob.go @@ -144,6 +144,7 @@ func (o *OCIDir) BlobPut(ctx context.Context, r ref.Ref, d descriptor.Descriptor return d, fmt.Errorf("unexpected blob length, expected %d, received %d", d.Size, i) } file := path.Join(r.Path, "blobs", d.Digest.Algorithm().String(), d.Digest.Encoded()) + //#nosec G703 inputs are user controlled err = os.Rename(path.Join(dir, tmpName), file) if err != nil { return d, fmt.Errorf("failed to write blob (rename tmp file %s to %s): %w", path.Join(dir, tmpName), file, err) diff --git a/vendor/github.com/regclient/regclient/scheme/ocidir/manifest.go b/vendor/github.com/regclient/regclient/scheme/ocidir/manifest.go index 6c2fc9fa2..3ef9c40fa 100644 --- a/vendor/github.com/regclient/regclient/scheme/ocidir/manifest.go +++ b/vendor/github.com/regclient/regclient/scheme/ocidir/manifest.go @@ -272,6 +272,7 @@ func (o *OCIDir) manifestPut(ctx context.Context, r ref.Ref, m manifest.Manifest return fmt.Errorf("failed to close manifest tmpfile: %w", errC) } file := path.Join(dir, desc.Digest.Encoded()) + //#nosec G703 inputs are user controlled err = os.Rename(path.Join(dir, tmpName), file) if err != nil { return fmt.Errorf("failed to write manifest (rename tmpfile): %w", err) diff --git a/vendor/github.com/regclient/regclient/scheme/ocidir/ocidir.go b/vendor/github.com/regclient/regclient/scheme/ocidir/ocidir.go index f612202ea..91a95f840 100644 --- a/vendor/github.com/regclient/regclient/scheme/ocidir/ocidir.go +++ b/vendor/github.com/regclient/regclient/scheme/ocidir/ocidir.go @@ -281,6 +281,7 @@ func (o *OCIDir) writeIndex(r ref.Ref, i v1.Index, locked bool) error { return fmt.Errorf("cannot close index: %w", errC) } indexFile := path.Join(r.Path, "index.json") + //#nosec G703 inputs are user controlled err = os.Rename(path.Join(r.Path, tmpName), indexFile) if err != nil { return fmt.Errorf("cannot rename tmpfile to index: %w", err) diff --git a/vendor/github.com/regclient/regclient/scheme/ocidir/ocidir_nowasm.go b/vendor/github.com/regclient/regclient/scheme/ocidir/ocidir_nowasm.go index 901439455..50ec0519b 100644 --- a/vendor/github.com/regclient/regclient/scheme/ocidir/ocidir_nowasm.go +++ b/vendor/github.com/regclient/regclient/scheme/ocidir/ocidir_nowasm.go @@ -1,5 +1,4 @@ //go:build !wasm -// +build !wasm package ocidir diff --git a/vendor/github.com/regclient/regclient/scheme/reg/reg_nowasm.go b/vendor/github.com/regclient/regclient/scheme/reg/reg_nowasm.go index 82a5a82f8..e01ba090a 100644 --- a/vendor/github.com/regclient/regclient/scheme/reg/reg_nowasm.go +++ b/vendor/github.com/regclient/regclient/scheme/reg/reg_nowasm.go @@ -1,5 +1,4 @@ //go:build !wasm -// +build !wasm package reg diff --git a/vendor/github.com/regclient/regclient/types/manifest/manifest.go b/vendor/github.com/regclient/regclient/types/manifest/manifest.go index 4aa17915f..1c035994e 100644 --- a/vendor/github.com/regclient/regclient/types/manifest/manifest.go +++ b/vendor/github.com/regclient/regclient/types/manifest/manifest.go @@ -296,7 +296,7 @@ func OCIIndexFromAny(orig any) (v1.Index, error) { func OCIIndexToAny(ociI v1.Index, origP any) error { // reflect is used to handle both *interface and *Manifest rv := reflect.ValueOf(origP) - for rv.IsValid() && rv.Type().Kind() == reflect.Ptr { + for rv.IsValid() && rv.Type().Kind() == reflect.Pointer { rv = rv.Elem() } if !rv.IsValid() { @@ -344,7 +344,7 @@ func OCIManifestFromAny(orig any) (v1.Manifest, error) { func OCIManifestToAny(ociM v1.Manifest, origP any) error { // reflect is used to handle both *interface and *Manifest rv := reflect.ValueOf(origP) - for rv.IsValid() && rv.Type().Kind() == reflect.Ptr { + for rv.IsValid() && rv.Type().Kind() == reflect.Pointer { rv = rv.Elem() } if !rv.IsValid() { diff --git a/vendor/github.com/regclient/regclient/types/oci/v1/config.go b/vendor/github.com/regclient/regclient/types/oci/v1/config.go index 6448f134b..497eef897 100644 --- a/vendor/github.com/regclient/regclient/types/oci/v1/config.go +++ b/vendor/github.com/regclient/regclient/types/oci/v1/config.go @@ -109,7 +109,7 @@ type Image struct { platform.Platform // Config defines the execution parameters which should be used as a base when running a container using the image. - Config ImageConfig `json:"config,omitempty"` + Config ImageConfig `json:"config,omitzero"` // RootFS references the layer content addresses used by the image. RootFS RootFS `json:"rootfs"` diff --git a/vendor/github.com/regclient/regclient/types/platform/cpuinfo_armx.go b/vendor/github.com/regclient/regclient/types/platform/cpuinfo_armx.go index 60940dfac..e0802608f 100644 --- a/vendor/github.com/regclient/regclient/types/platform/cpuinfo_armx.go +++ b/vendor/github.com/regclient/regclient/types/platform/cpuinfo_armx.go @@ -1,5 +1,4 @@ //go:build arm || arm64 -// +build arm arm64 package platform diff --git a/vendor/github.com/regclient/regclient/types/platform/cpuinfo_other.go b/vendor/github.com/regclient/regclient/types/platform/cpuinfo_other.go index 5ac63b2e1..9623828db 100644 --- a/vendor/github.com/regclient/regclient/types/platform/cpuinfo_other.go +++ b/vendor/github.com/regclient/regclient/types/platform/cpuinfo_other.go @@ -1,5 +1,4 @@ //go:build !386 && !amd64 && !amd64p32 && !arm && !arm64 -// +build !386,!amd64,!amd64p32,!arm,!arm64 package platform diff --git a/vendor/github.com/regclient/regclient/types/platform/cpuinfo_x86.go b/vendor/github.com/regclient/regclient/types/platform/cpuinfo_x86.go index 75f9e57ce..27e53e06c 100644 --- a/vendor/github.com/regclient/regclient/types/platform/cpuinfo_x86.go +++ b/vendor/github.com/regclient/regclient/types/platform/cpuinfo_x86.go @@ -1,5 +1,4 @@ //go:build 386 || amd64 || amd64p32 -// +build 386 amd64 amd64p32 package platform diff --git a/vendor/github.com/regclient/regclient/types/platform/os_darwin.go b/vendor/github.com/regclient/regclient/types/platform/os_darwin.go index 161f89eda..bcd887752 100644 --- a/vendor/github.com/regclient/regclient/types/platform/os_darwin.go +++ b/vendor/github.com/regclient/regclient/types/platform/os_darwin.go @@ -1,5 +1,4 @@ //go:build darwin -// +build darwin package platform diff --git a/vendor/github.com/regclient/regclient/types/platform/os_other.go b/vendor/github.com/regclient/regclient/types/platform/os_other.go index 01b004e6a..56796a605 100644 --- a/vendor/github.com/regclient/regclient/types/platform/os_other.go +++ b/vendor/github.com/regclient/regclient/types/platform/os_other.go @@ -1,5 +1,4 @@ //go:build !darwin -// +build !darwin package platform diff --git a/vendor/github.com/regclient/regclient/types/platform/platform_other.go b/vendor/github.com/regclient/regclient/types/platform/platform_other.go index be99816e3..1bb9b5d0b 100644 --- a/vendor/github.com/regclient/regclient/types/platform/platform_other.go +++ b/vendor/github.com/regclient/regclient/types/platform/platform_other.go @@ -1,5 +1,4 @@ //go:build !windows -// +build !windows package platform diff --git a/vendor/github.com/regclient/regclient/types/platform/platform_windows.go b/vendor/github.com/regclient/regclient/types/platform/platform_windows.go index d0dda6a47..b2b491182 100644 --- a/vendor/github.com/regclient/regclient/types/platform/platform_windows.go +++ b/vendor/github.com/regclient/regclient/types/platform/platform_windows.go @@ -1,5 +1,4 @@ //go:build windows -// +build windows package platform diff --git a/vendor/github.com/regclient/regclient/types/tag/taglist.go b/vendor/github.com/regclient/regclient/types/tag/taglist.go index 2c72e423a..5aec60f5c 100644 --- a/vendor/github.com/regclient/regclient/types/tag/taglist.go +++ b/vendor/github.com/regclient/regclient/types/tag/taglist.go @@ -5,6 +5,7 @@ import ( "encoding/json" "fmt" "io" + "maps" "net/http" "net/url" "sort" @@ -197,9 +198,7 @@ func (l *List) Append(add *List) error { if l.Manifests == nil { l.Manifests = add.Manifests } else { - for k, v := range add.Manifests { - l.Manifests[k] = v - } + maps.Copy(l.Manifests, add.Manifests) } } return nil diff --git a/vendor/modules.txt b/vendor/modules.txt index 5ae47653f..ad2168062 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -191,7 +191,7 @@ github.com/inconshreveable/mousetrap # github.com/json-iterator/go v1.1.12 ## explicit; go 1.12 github.com/json-iterator/go -# github.com/klauspost/compress v1.18.2 +# github.com/klauspost/compress v1.18.4 ## explicit; go 1.23 github.com/klauspost/compress github.com/klauspost/compress/fse @@ -332,8 +332,8 @@ github.com/prometheus/common/model github.com/prometheus/procfs github.com/prometheus/procfs/internal/fs github.com/prometheus/procfs/internal/util -# github.com/regclient/regclient v0.11.1 -## explicit; go 1.24.0 +# github.com/regclient/regclient v0.11.2 +## explicit; go 1.25.0 github.com/regclient/regclient github.com/regclient/regclient/config github.com/regclient/regclient/internal/auth @@ -460,7 +460,7 @@ golang.org/x/sync/errgroup golang.org/x/sys/plan9 golang.org/x/sys/unix golang.org/x/sys/windows -# golang.org/x/term v0.39.0 +# golang.org/x/term v0.40.0 ## explicit; go 1.24.0 golang.org/x/term # golang.org/x/text v0.33.0