chore(deps): update module github.com/containers/image/v5 to v5.29.3 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/containers/image/v5	v5.25.0 -> v5.29.3

GitHub Vulnerability Alerts

CVE-2024-3727

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

---

Release Notes

containers/image (github.com/containers/image/v5)

v5.29.3

Compare Source

What's Changed

• Backport Docker Daemon fix #​2260, bump to 5.29.2, then 5.29.3-dev by @​TomSweeneyRedHat in https://github.com/containers/image/pull/2270
• [release-5.29] Fix CVE-2024-3727 by @​mtrmac in https://github.com/containers/image/pull/2418

Full Changelog: containers/image@v5.29.2...v5.29.3

v5.29.2

Compare Source

What's Changed

• [release-5.29] backport Docker Daemon fix by @​TomSweeneyRedHat in https://github.com/containers/image/pull/2270
• [release-5.29] Tag 5.29.1 by @​mtrmac in https://github.com/containers/image/pull/2253
• Use a stable Skopeo branch for testing the stable c/image branch by @​mtrmac in https://github.com/containers/image/pull/2262

Full Changelog: containers/image@v5.29.1...v5.29.2

v5.29.1

Compare Source

• Add support for pushing an image with unknown digest

v5.29.0

Compare Source

What's Changed

• Bump to v5.28.0 by @​rhatdan in https://github.com/containers/image/pull/2114
• fix(deps): update module github.com/containers/storage to v1.50.2 by @​renovate in https://github.com/containers/image/pull/2115
• Run codespell on code by @​rhatdan in https://github.com/containers/image/pull/2116
• fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5 by @​renovate in https://github.com/containers/image/pull/2117
• Use constants and types from opencontainers/image-spec/specs-go/v1 by @​mtrmac in https://github.com/containers/image/pull/2119
• progress: set Current before Refill by @​giuseppe in https://github.com/containers/image/pull/2121
• copy: fix nil pointer dereference when checking compression algorithm by @​crazy-max in https://github.com/containers/image/pull/2120
• fix(deps): update module github.com/klauspost/compress to v1.17.0 by @​renovate in https://github.com/containers/image/pull/2122
• fix(deps): update module github.com/sylabs/sif/v2 to v2.14.0 by @​renovate in https://github.com/containers/image/pull/2124
• ociarchive: Add new ArchiveFileNotFoundError by @​cgwalters in https://github.com/containers/image/pull/2123
• fix: typo by @​testwill in https://github.com/containers/image/pull/2125
• fix(deps): update module github.com/sylabs/sif/v2 to v2.14.1 by @​renovate in https://github.com/containers/image/pull/2126
• fix(deps): update golang.org/x/exp digest to 7918f67 by @​renovate in https://github.com/containers/image/pull/2130
• fix(deps): update module github.com/sylabs/sif/v2 to v2.15.0 by @​renovate in https://github.com/containers/image/pull/2137
• fix(deps): update module golang.org/x/oauth2 to v0.13.0 by @​renovate in https://github.com/containers/image/pull/2136
• Fix podman search for docker.io/library images by @​boaz0 in https://github.com/containers/image/pull/2133
• fix(deps): update module github.com/docker/distribution to v2.8.3+incompatible by @​renovate in https://github.com/containers/image/pull/2131
• fix(deps): update module github.com/sigstore/fulcio to v1.4.1 by @​renovate in https://github.com/containers/image/pull/2138
• fix(deps): update module github.com/sigstore/fulcio to v1.4.2 by @​renovate in https://github.com/containers/image/pull/2140
• Oci image deletion by @​Pvlerick in https://github.com/containers/image/pull/2003
• fix(deps): update module github.com/sigstore/fulcio to v1.4.3 by @​renovate in https://github.com/containers/image/pull/2142
• fix(deps): update module github.com/otiai10/copy to v1.14.0 by @​renovate in https://github.com/containers/image/pull/2144
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.2 by @​renovate in https://github.com/containers/image/pull/2146
• fix(deps): update module github.com/klauspost/compress to v1.17.1 by @​renovate in https://github.com/containers/image/pull/2148
• fix(deps): update module github.com/sigstore/sigstore to v1.7.4 by @​renovate in https://github.com/containers/image/pull/2145
• chore(deps): update dependency containers/automation_images to v20231004 by @​renovate in https://github.com/containers/image/pull/2150
• Fix conversion of Zstd images to non-OCI formats by @​mtrmac in https://github.com/containers/image/pull/2151
• Parse the body of (docker load) response to correctly handle errors by @​mtrmac in https://github.com/containers/image/pull/2153
• Fix a comment by @​mtrmac in https://github.com/containers/image/pull/2152
• fix(deps): update module github.com/klauspost/compress to v1.17.2 by @​renovate in https://github.com/containers/image/pull/2154
• Don't use append() on slices with unclear origin by @​mtrmac in https://github.com/containers/image/pull/2155
• Remove unused environment variables in Cirrus by @​mtrmac in https://github.com/containers/image/pull/2156
• Fix and simplify storage tests by @​mtrmac in https://github.com/containers/image/pull/2147
• Add image.UnparsedInstanceWithReference and storage.ResolveReference by @​mtrmac in https://github.com/containers/image/pull/2056
• fix(deps): update module github.com/docker/docker to v24.0.7+incompatible [security] by @​renovate in https://github.com/containers/image/pull/2163
• fix(deps): update module github.com/sigstore/sigstore to v1.7.5 by @​renovate in https://github.com/containers/image/pull/2159
• fix(deps): update module go.etcd.io/bbolt to v1.3.8 by @​renovate in https://github.com/containers/image/pull/2161
• Missed null check in docker_image_dest.go by @​bojidar-bg in https://github.com/containers/image/pull/2164
• Simplify storage test setup by @​mtrmac in https://github.com/containers/image/pull/2158
• fix(deps): update module github.com/containers/ocicrypt to v1.1.9 by @​renovate in https://github.com/containers/image/pull/2165
• docker, BlobInfoCache: try to reuse blobs from set of all known compressed blobs when pushing across registries by @​flouthoc in https://github.com/containers/image/pull/1645
• blobinfocache,sqlite: remove unnecessary compression check by @​flouthoc in https://github.com/containers/image/pull/2168
• fix(deps): update github.com/containers/storage digest to 6e72f11 by @​renovate in https://github.com/containers/image/pull/2166
• fix(deps): update github.com/cyberphone/json-canonicalization digest to 785e297 by @​renovate in https://github.com/containers/image/pull/2167
• Improve documentation of ResolveReference by @​mtrmac in https://github.com/containers/image/pull/2170
• Improve lint tool handling by @​mtrmac in https://github.com/containers/image/pull/2171
• [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2 by @​renovate in https://github.com/containers/image/pull/2172
• fix(deps): update module golang.org/x/sync to v0.5.0 by @​renovate in https://github.com/containers/image/pull/2175
• fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.18 by @​renovate in https://github.com/containers/image/pull/2174
• fix(deps): update module golang.org/x/term to v0.14.0 by @​renovate in https://github.com/containers/image/pull/2176
• fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.5 by @​renovate in https://github.com/containers/image/pull/2177
• fix(deps): update module golang.org/x/crypto to v0.15.0 by @​renovate in https://github.com/containers/image/pull/2178
• fix(deps): update module golang.org/x/oauth2 to v0.14.0 by @​renovate in https://github.com/containers/image/pull/2179
• Add DockerCompatAuthFilePath to allow login/logout to interoperate by @​mtrmac in https://github.com/containers/image/pull/2173
• fix(deps): update module github.com/docker/cli to v24.0.7+incompatible by @​renovate in https://github.com/containers/image/pull/2187
• Update github.com/go-jose/go-jose/v3 by @​mtrmac in https://github.com/containers/image/pull/2188
• Quote the response body in an error message by @​mtrmac in https://github.com/containers/image/pull/2186
• fix(deps): update module github.com/klauspost/compress to v1.17.3 by @​renovate in https://github.com/containers/image/pull/2190
• WIP HACK: Do not reuse zstd:chunked blobs by @​mtrmac in https://github.com/containers/image/pull/2185

New Contributors

• @​testwill made their first contribution in https://github.com/containers/image/pull/2125
• @​bojidar-bg made their first contribution in https://github.com/containers/image/pull/2164

Full Changelog: containers/image@v5.28.0...v5.29.0

v5.28.0

Compare Source

What's Changed

• Bump to v5.26.0 by @​TomSweeneyRedHat in https://github.com/containers/image/pull/2013
• fix(deps): update module github.com/sigstore/rekor to v1.2.2 by @​renovate in https://github.com/containers/image/pull/2014
• fix(deps): update module github.com/sigstore/fulcio to v1.3.2 by @​renovate in https://github.com/containers/image/pull/2016
• Adding IO decorator to copy progress bar by @​Pvlerick in https://github.com/containers/image/pull/2015
• Ensure we close HTTP connections on all paths by @​mtrmac in https://github.com/containers/image/pull/2017
• fix(deps): update module github.com/containers/storage to v1.48.0 by @​renovate in https://github.com/containers/image/pull/2018
• fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc4 by @​renovate in https://github.com/containers/image/pull/2020
• fix(deps): update github.com/cyberphone/json-canonicalization digest to 91eb5f1 by @​renovate in https://github.com/containers/image/pull/2021
• fix(deps): update golang.org/x/exp digest to 97b1e66 by @​renovate in https://github.com/containers/image/pull/2022
• fix(deps): update module github.com/klauspost/compress to v1.16.7 by @​renovate in https://github.com/containers/image/pull/2024
• fix(deps): update module github.com/docker/docker to v24.0.3+incompatible by @​renovate in https://github.com/containers/image/pull/2031
• fix(deps): update module golang.org/x/oauth2 to v0.10.0 by @​renovate in https://github.com/containers/image/pull/2028
• manifest: ListUpdate add imgspecv1.Platform field by @​flouthoc in https://github.com/containers/image/pull/2029
• fix(deps): update module github.com/docker/docker to v24.0.4+incompatible by @​renovate in https://github.com/containers/image/pull/2032
• pkg/docker: use the same default auth path as macOS on FreeBSD by @​dfr in https://github.com/containers/image/pull/2034
• fix(deps): update module github.com/sigstore/fulcio to v1.3.4 by @​renovate in https://github.com/containers/image/pull/2033
• blob: TryReusingBlobWithOptions consider RequiredCompression if set by @​flouthoc in https://github.com/containers/image/pull/2023
• Fix tests of the ostree transport by @​mtrmac in https://github.com/containers/image/pull/2037
• helpers_test,cleanup: correct argument order by @​flouthoc in https://github.com/containers/image/pull/2039
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.1 by @​renovate in https://github.com/containers/image/pull/2041
• Make temporary names container/image specific by @​rhatdan in https://github.com/containers/image/pull/2045
• listupdate,oci: instance show read-only annotations and CompressionAlgorithmNames by @​flouthoc in https://github.com/containers/image/pull/2040
• fix(deps): update module github.com/docker/docker-credential-helpers to v0.8.0 by @​renovate in https://github.com/containers/image/pull/2046
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.2 by @​renovate in https://github.com/containers/image/pull/2044
• Fix TestOCI1IndexChooseInstanceByCompression on non-amd64 by @​mtrmac in https://github.com/containers/image/pull/2043
• Refactor data passing in c/image/copy by @​mtrmac in https://github.com/containers/image/pull/2048
• Update module github.com/sigstore/fulcio to v1.4.0 by @​renovate in https://github.com/containers/image/pull/2049
• copy/multiple: instanceCopyCopy honor UpdateCompressionAlgorithms by @​flouthoc in https://github.com/containers/image/pull/2047
• Update vendor of containers/storage by @​rhatdan in https://github.com/containers/image/pull/2052
• copy/single: accept custom *Options and wrap arguments in copySingleImageOptions by @​flouthoc in https://github.com/containers/image/pull/2050
• Improve transport documentation by @​mtrmac in https://github.com/containers/image/pull/2042
• fix(deps): update module github.com/vbatts/tar-split to v0.11.5 by @​renovate in https://github.com/containers/image/pull/2053
• fix(deps): update module github.com/docker/docker to v24.0.5+incompatible by @​renovate in https://github.com/containers/image/pull/2055
• copy: implement instanceCopyClone for zstd compression by @​flouthoc in https://github.com/containers/image/pull/1987
• copy/multiple: priority of instanceCopyCopy must be higher than instanceCopyClone by @​flouthoc in https://github.com/containers/image/pull/2059
• Clarify where mirrors are used by @​mtrmac in https://github.com/containers/image/pull/2061
• fix(deps): update github.com/cyberphone/json-canonicalization digest to aa7fe85 by @​renovate in https://github.com/containers/image/pull/2064
• fix(deps): update github.com/containers/storage digest to c3da76f by @​renovate in https://github.com/containers/image/pull/2063
• Update x/exp/slices, and some small slice-related cleanups by @​mtrmac in https://github.com/containers/image/pull/2066
• Use consistent example domains in https://github.com/containers/image/pull/2069
• copy: add support for ForceCompressionFormat by @​flouthoc in https://github.com/containers/image/pull/2068
• fix(deps): update module golang.org/x/term to v0.11.0 by @​renovate in https://github.com/containers/image/pull/2073
• fix(deps): update module golang.org/x/crypto to v0.12.0 by @​renovate in https://github.com/containers/image/pull/2078
• fix(deps): update module golang.org/x/oauth2 to v0.11.0 by @​renovate in https://github.com/containers/image/pull/2080
• [release-5.27] Preparing 5.27 backport by @​mtrmac in https://github.com/containers/image/pull/2075
• Update to Go 1.19 by @​mtrmac in https://github.com/containers/image/pull/2079
• storage.storageImageDestination.Commit(): leverage image options by @​nalind in https://github.com/containers/image/pull/2067
• Rename SKOPEO_CI_TAG to SKOPEO_CI_BRANCH by @​mtrmac in https://github.com/containers/image/pull/2083
• [CI:DOCS] Add cirrus-cron retry/monitor jobs by @​cevich in https://github.com/containers/image/pull/2082
• chore(deps): update dependency containers/automation_images to v20230807 by @​renovate in https://github.com/containers/image/pull/2081
• [release-5.27] Fix the branch we use for determining a git-validation starting point by @​mtrmac in https://github.com/containers/image/pull/2084
• fix(deps): update golang.org/x/exp digest to 352e893 by @​renovate in https://github.com/containers/image/pull/2065
• fix(deps): update module github.com/sigstore/sigstore to v1.7.2 by @​renovate in https://github.com/containers/image/pull/2085
• OCI image-spec / distribution-spec v1.1 updates, first round by @​mtrmac in https://github.com/containers/image/pull/2062
• fix(deps): update module github.com/sylabs/sif/v2 to v2.12.0 by @​renovate in https://github.com/containers/image/pull/2087
• chore(deps): update dependency containers/automation_images to v20230809 by @​renovate in https://github.com/containers/image/pull/2089
• Merge release branch into main by @​mtrmac in https://github.com/containers/image/pull/2070
• BREAKING: Update for move of github.com/theupdateframework/go-tuf/encrypted by @​mtrmac in https://github.com/containers/image/pull/2054
• Update module github.com/containers/ocicrypt to v1.1.8 by @​renovate in https://github.com/containers/image/pull/2091
• chore(deps): update dependency containers/automation_images to v20230816 by @​renovate in https://github.com/containers/image/pull/2093
• fix(deps): update module github.com/containers/storage to v1.49.0 by @​renovate in https://github.com/containers/image/pull/2095
• fix(deps): update module github.com/sylabs/sif/v2 to v2.13.0 by @​renovate in https://github.com/containers/image/pull/2097
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.0 by @​renovate in https://github.com/containers/image/pull/2098
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.1 by @​renovate in https://github.com/containers/image/pull/2099
• fix(deps): update golang.org/x/exp digest to d852ddb by @​renovate in https://github.com/containers/image/pull/2101
• fix(deps): update module golang.org/x/term to v0.12.0 by @​renovate in https://github.com/containers/image/pull/2103
• fix(deps): update module github.com/sigstore/sigstore to v1.7.3 by @​renovate in https://github.com/containers/image/pull/2102
• fix removal of temp file in GetBlob on Windows by @​mikenorgate in https://github.com/containers/image/pull/2104
• fix(deps): update module golang.org/x/crypto to v0.13.0 by @​renovate in https://github.com/containers/image/pull/2106
• Fix build with golangci-lint 1.54.2 by @​mtrmac in https://github.com/containers/image/pull/2107
• fix(deps): update module golang.org/x/oauth2 to v0.12.0 by @​renovate in https://github.com/containers/image/pull/2108
• Implement, and default to, a SQLite BlobInfoCache instead of BoltDB by @​mtrmac in https://github.com/containers/image/pull/2092
• fix(deps): update module github.com/docker/docker to v24.0.6+incompatible by @​renovate in https://github.com/containers/image/pull/2109
• Update dependencies of docker/docker by @​mtrmac in https://github.com/containers/image/pull/2110
• Correctly handle encryption/decryption changes in non-OCI formats by @​mtrmac in https://github.com/containers/image/pull/1932
• chore(deps): update module github.com/cyphar/filepath-securejoin to v0.2.4 [security] by @​renovate in https://github.com/containers/image/pull/2111
• fix(deps): update module github.com/containers/storage to v1.50.1 by @​renovate in https://github.com/containers/image/pull/2112

New Contributors

• @​Pvlerick made their first contribution in https://github.com/containers/image/pull/2015
• @​mikenorgate made their first contribution in https://github.com/containers/image/pull/2104

Full Changelog: containers/image@v5.27.0...v5.28.0

v5.27.0

Compare Source

• New copy.Options.EnsureCompressionVariantsExist allows creating images that are consumable by existing gzip-only consumers, but include a Zstd-compressed version is preferred by c/image.
• OCI images using Zstd compression now carry a io.github.containers.compression.zstd annotation in the OCI image index.

v5.26.2

Compare Source

What's Changed

• [release-5.26] c/storage to 1.48, bump c/image to v5.26.1, and then to v5.26.2-dev by @​TomSweeneyRedHat in https://github.com/containers/image/pull/2019
• [release-5.26] Test the release-5.26 branch against the 1.13 branch of Skopeo by @​mtrmac in https://github.com/containers/image/pull/2090

Full Changelog: containers/image@v5.26.1...v5.26.2

v5.26.1

Compare Source

Full Changelog: containers/image@v5.26.0...v5.26.1
[release-5.26] Bump to v5.26.1
[release-5.26] Bump c/storage to 1.48.0

v5.26.0

Compare Source

What's Changed

• Release 5.25.0 by @​mtrmac in https://github.com/containers/image/pull/1909
• fix(deps): update module github.com/docker/docker to v23.0.3+incompatible by @​renovate in https://github.com/containers/image/pull/1910
• fix(deps): update module golang.org/x/term to v0.7.0 by @​renovate in https://github.com/containers/image/pull/1911
• fix(deps): update module github.com/klauspost/compress to v1.16.4 by @​renovate in https://github.com/containers/image/pull/1912
• fix(deps): update module github.com/sigstore/sigstore to v1.6.1 by @​renovate in https://github.com/containers/image/pull/1913
• chore(deps): update dependency containers/automation_images to v20230405 by @​renovate in https://github.com/containers/image/pull/1914
• fix(deps): update module golang.org/x/crypto to v0.8.0 by @​renovate in https://github.com/containers/image/pull/1915
• fix(deps): update module golang.org/x/oauth2 to v0.7.0 by @​renovate in https://github.com/containers/image/pull/1916
• fix(deps): update module github.com/containers/storage to v1.46.1 by @​renovate in https://github.com/containers/image/pull/1917
• fix(deps): update module github.com/sigstore/sigstore to v1.6.2 by @​renovate in https://github.com/containers/image/pull/1918
• Don't completely silently ignore non-OCI manifests in OCI layouts by @​mtrmac in https://github.com/containers/image/pull/1922
• fix(deps): update module github.com/klauspost/compress to v1.16.5 by @​renovate in https://github.com/containers/image/pull/1925
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.4.0 by @​renovate in https://github.com/containers/image/pull/1924
• fix(deps): update module github.com/docker/docker to v23.0.4+incompatible by @​renovate in https://github.com/containers/image/pull/1926
• Simplify the tarball: transport by @​mtrmac in https://github.com/containers/image/pull/1923
• fix(deps): update module github.com/sigstore/sigstore to v1.6.3 by @​renovate in https://github.com/containers/image/pull/1928
• Fix conversion determination when encrypting by @​mtrmac in https://github.com/containers/image/pull/1930
• fix(deps): update golang.org/x/exp digest to 47ecfdc by @​renovate in https://github.com/containers/image/pull/1934
• Update the docker-daemon: client, and docker/docker dependency by @​mtrmac in https://github.com/containers/image/pull/1937
• chore(deps): update dependency containers/automation_images to v20230426 by @​renovate in https://github.com/containers/image/pull/1939
• fix(deps): update module github.com/sylabs/sif/v2 to v2.11.3 by @​renovate in https://github.com/containers/image/pull/1936
• fix(deps): update module github.com/klauspost/pgzip to v1.2.6 by @​renovate in https://github.com/containers/image/pull/1941
• fix(deps): update module golang.org/x/sync to v0.2.0 by @​renovate in https://github.com/containers/image/pull/1942
• fix(deps): update module golang.org/x/term to v0.8.0 by @​renovate in https://github.com/containers/image/pull/1943
• fix(deps): update module github.com/sigstore/fulcio to v1.3.1 by @​renovate in https://github.com/containers/image/pull/1935
• fix(deps): update module github.com/sigstore/rekor to v1.1.1 by @​renovate in https://github.com/containers/image/pull/1940
• fix(deps): update module github.com/sigstore/sigstore to v1.6.4 by @​renovate in https://github.com/containers/image/pull/1945
• Update github.com/opencontainers/image-spec to v1.1.0-rc3 by @​mtrmac in https://github.com/containers/image/pull/1944
• fix(deps): update module golang.org/x/oauth2 to v0.8.0 by @​renovate in https://github.com/containers/image/pull/1949
• fix(deps): update module github.com/docker/docker to v23.0.6+incompatible by @​renovate in https://github.com/containers/image/pull/1931
• fix(deps): update module golang.org/x/crypto to v0.9.0 by @​renovate in https://github.com/containers/image/pull/1950
• Use a pointer receiver for internal/set.Set by @​mtrmac in https://github.com/containers/image/pull/1951
• fix(deps): update module github.com/docker/distribution to v2.8.2+incompatible by @​renovate in https://github.com/containers/image/pull/1955
• fix(deps): update module github.com/sylabs/sif/v2 to v2.11.4 by @​renovate in https://github.com/containers/image/pull/1956
• fix(deps): update module github.com/docker/docker to v24 by @​renovate in https://github.com/containers/image/pull/1958
• fix(deps): update module github.com/sirupsen/logrus to v1.9.2 by @​renovate in https://github.com/containers/image/pull/1957
• chore(deps): update dependency containers/automation_images to v20230517 by @​renovate in https://github.com/containers/image/pull/1959
• fix(deps): update module github.com/stretchr/testify to v1.8.3 by @​renovate in https://github.com/containers/image/pull/1960
• fix(deps): update module github.com/docker/docker to v24.0.1+incompatible by @​renovate in https://github.com/containers/image/pull/1961
• fix(deps): update module github.com/docker/docker to v24.0.2+incompatible by @​renovate in https://github.com/containers/image/pull/1965
• fix(deps): update module github.com/imdario/mergo to v0.3.16 by @​renovate in https://github.com/containers/image/pull/1967
• fix(deps): update module github.com/sigstore/rekor to v1.2.1 by @​renovate in https://github.com/containers/image/pull/1966
• Clean up auth.json documentation by @​mtrmac in https://github.com/containers/image/pull/1964
• fix(deps): update module github.com/stretchr/testify to v1.8.4 by @​renovate in https://github.com/containers/image/pull/1969
• fix(deps): update module github.com/burntsushi/toml to v1.3.0 by @​renovate in https://github.com/containers/image/pull/1970
• fix(deps): update module github.com/sigstore/sigstore to v1.6.5 by @​renovate in https://github.com/containers/image/pull/1971
• manifest: prepare internal EditInstances by @​flouthoc in https://github.com/containers/image/pull/1896
• fix(deps): update github.com/sigstore/rekor digest to 4c81ff2 by @​renovate in https://github.com/containers/image/pull/1974
• fix(deps): update github.com/cyberphone/json-canonicalization digest to 504adb8 by @​renovate in https://github.com/containers/image/pull/1973
• fix(deps): update golang.org/x/exp digest to 2e198f4 by @​renovate in https://github.com/containers/image/pull/1975
• chore(deps): update dependency containers/automation_images to v20230601 by @​renovate in https://github.com/containers/image/pull/1978
• copy/multiple: use more flexible EditInstances instead of UpdateInstances by @​flouthoc in https://github.com/containers/image/pull/1883
• fix(deps): update module github.com/sirupsen/logrus to v1.9.3 by @​renovate in https://github.com/containers/image/pull/1981
• Use x/exp/slices, and other small cleanups by @​mtrmac in https://github.com/containers/image/pull/1977
• copy/multiple: split selection of images to be copied in copyMultipleImages by @​flouthoc in https://github.com/containers/image/pull/1982
• fix(deps): update module github.com/burntsushi/toml to v1.3.1 by @​renovate in https://github.com/containers/image/pull/1984
• fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.3 by @​renovate in https://github.com/containers/image/pull/1985
• fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.4 by @​renovate in https://github.com/containers/image/pull/1986
• Don't claim that libostree is required by default. by @​mtrmac in https://github.com/containers/image/pull/1989
• fix(deps): update module github.com/burntsushi/toml to v1.3.2 by @​renovate in https://github.com/containers/image/pull/1990
• fix(deps): update module github.com/go-openapi/swag to v0.22.4 by @​renovate in https://github.com/containers/image/pull/1991
• fix(deps): update module golang.org/x/term to v0.9.0 by @​renovate in https://github.com/containers/image/pull/1993
• Stop having an opinion on TLS version by @​mtrmac in https://github.com/containers/image/pull/1963
• fix(deps): update module github.com/klauspost/compress to v1.16.6 by @​renovate in https://github.com/containers/image/pull/1994
• fix(deps): update module golang.org/x/crypto to v0.10.0 by @​renovate in https://github.com/containers/image/pull/1995
• fix(deps): update module github.com/sylabs/sif/v2 to v2.11.5 by @​renovate in https://github.com/containers/image/pull/1997
• fix(deps): update module golang.org/x/oauth2 to v0.9.0 by @​renovate in https://github.com/containers/image/pull/1996
• fix(deps): update module golang.org/x/sync to v0.3.0 by @​renovate in https://github.com/containers/image/pull/1999
• chore(deps): update dependency containers/automation_images to v20230614 by @​renovate in https://github.com/containers/image/pull/2000
• Don't store signatures if there is none of them by @​mike-sul in https://github.com/containers/image/pull/2001
• fix(deps): update module github.com/sigstore/sigstore to v1.7.0 by @​renovate in https://github.com/containers/image/pull/2002
• fix(deps): update module github.com/imdario/mergo to v1 by @​mtrmac in https://github.com/containers/image/pull/2006
• Clarify how oci and oci-archive parse colons by @​mtrmac in https://github.com/containers/image/pull/2007
• fix(deps): update module github.com/sigstore/sigstore to v1.7.1 by @​renovate in https://github.com/containers/image/pull/2008
• fix(deps): update module github.com/containers/storage to v1.47.0 by @​renovate in https://github.com/containers/image/pull/2011
• list,oci_index: automatically add inbuilt annotations on add by @​flouthoc in https://github.com/containers/image/pull/1992

New Contributors

• @​mike-sul made their first contribution in https://github.com/containers/image/pull/2001

Full Changelog: containers/image@v5.25.0...v5.26.0

---

Configuration

📅 Schedule: Branch creation - "" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 7 additional dependencies were updated

Details:

Package	Change
github.com/containers/storage	v1.48.0 -> v1.51.0
github.com/containers/ocicrypt	v1.1.7 -> v1.1.9
github.com/moby/sys/mountinfo	v0.6.2 -> v0.7.1
github.com/opencontainers/image-spec	v1.1.0-rc2.0.20221005185240-3a7f492d3f1b -> v1.1.0-rc5
github.com/opencontainers/runc	v1.1.7 -> v1.1.10
github.com/opencontainers/runtime-spec	v1.1.0-rc.3 -> v1.1.0
golang.org/x/exp	v0.0.0-20230321023759-10a507213a29 -> v0.0.0-20231006140011-7918f672742d