docker/regclient
1
0
Fork 0
mirror of https://github.com/regclient/regclient.git synced 2025-04-18 22:44:00 +03:00
Code

Version bump

Browse Source 
- Go to v1.23.6
- ECR helper to latest commit
- sigstore/cosign to v2.4.2
- docker/setup-buildx-action to v3.9.0
- sigstore/cosign-installer to v3.8.0
- golang.org/x/sys to v0.30.0
- golang.org/x/term to v0.29.0

Security: the Go update fixes CVE-2025-22866
Signed-off-by: Brandon Mitchell <git@bmitch.net>
This commit is contained in:
Brandon Mitchell 2025-02-09 10:49:16 -05:00
parent dbb1434fd4
commit ba5783eeba
No known key found for this signature in database
GPG Key ID: 6E0FF28C767A8BEE
12 changed files with 33 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/docker.yml vendored
View File

@ -85,7 +85,7 @@ jobs:
echo "repo_url=${REPO_URL}" >>$GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
- name: Login to DockerHub
if: github.repository_owner == 'regclient'
@ -119,9 +119,9 @@ jobs:
- name: Install cosign
if: github.event_name != 'pull_request' && github.repository_owner == 'regclient'
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0
with:
cosign-release: "v2.4.1"
cosign-release: "v2.4.2"
- name: Install syft
if: github.event_name != 'pull_request' && github.repository_owner == 'regclient'

4
.github/workflows/go.yml vendored
View File

@ -71,9 +71,9 @@ jobs:
- name: Install cosign
if: ( startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main' ) && matrix.gover == env.RELEASE_GO_VER
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0
with:
cosign-release: "v2.4.1"
cosign-release: "v2.4.2"
- name: Package artifacts
if: ( startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main' ) && matrix.gover == env.RELEASE_GO_VER

2
.osv-scanner.toml
View File

@ -1 +1 @@
GoVersionOverride = "1.23.5"
GoVersionOverride = "1.23.6"

18
.version-bump.lock
View File

@ -1,15 +1,15 @@
{"name":"docker-arg-alpine-digest","key":"docker.io/library/alpine:3.21.2","version":"sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099"}
{"name":"docker-arg-alpine-tag","key":"docker.io/library/alpine","version":"3.21.2"}
{"name":"docker-arg-ecr","key":"https://github.com/awslabs/amazon-ecr-credential-helper.git:main","version":"14dfc70fe71ca1a2191d3f6a45bb3f4369bdd9b3"}
{"name":"docker-arg-ecr","key":"https://github.com/awslabs/amazon-ecr-credential-helper.git:main","version":"6540026091fe97d68c5e653b754cac6a3f5937ee"}
{"name":"docker-arg-gcr","key":"https://github.com/GoogleCloudPlatform/docker-credential-gcr.git","version":"v2.1.26"}
{"name":"docker-arg-go-digest","key":"docker.io/library/golang:1.23.5-alpine","version":"sha256:47d337594bd9e667d35514b241569f95fb6d95727c24b19468813d596d5ae596"}
{"name":"docker-arg-go-tag","key":"docker.io/library/golang","version":"1.23.5"}
{"name":"docker-arg-go-digest","key":"docker.io/library/golang:1.23.6-alpine","version":"sha256:2c49857f2295e89b23b28386e57e018a86620a8fede5003900f2d138ba9c4037"}
{"name":"docker-arg-go-tag","key":"docker.io/library/golang","version":"1.23.6"}
{"name":"docker-arg-lunajson","key":"https://github.com/grafi-tt/lunajson.git:master","version":"3d10600874527d71519b33ecbb314eb93ccd1df6"}
{"name":"docker-arg-semver","key":"https://github.com/kikito/semver.lua.git:master","version":"a4b708ba243208d46e575da870af969dca46a94d"}
{"name":"gha-alpine-digest","key":"docker.io/library/alpine:3.21.2","version":"sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099"}
{"name":"gha-alpine-tag-base","key":"docker.io/library/alpine","version":"3"}
{"name":"gha-alpine-tag-comment","key":"docker.io/library/alpine","version":"3.21.2"}
{"name":"gha-cosign-version","key":"https://github.com/sigstore/cosign.git","version":"v2.4.1"}
{"name":"gha-cosign-version","key":"https://github.com/sigstore/cosign.git","version":"v2.4.2"}
{"name":"gha-golang-matrix","key":"golang-matrix","version":"[\"1.21\", \"1.22\", \"1.23\"]"}
{"name":"gha-golang-release","key":"golang-latest","version":"1.23"}
{"name":"gha-syft-version","key":"docker.io/anchore/syft","version":"v1.19.0"}
@ -20,9 +20,9 @@
{"name":"gha-uses-commit","key":"https://github.com/anchore/sbom-action.git:v0.18.0","version":"f325610c9f50a54015d37c8d16cb3b0e2c8f4de0"}
{"name":"gha-uses-commit","key":"https://github.com/docker/build-push-action.git:v6.13.0","version":"ca877d9245402d1537745e0e356eab47c3520991"}
{"name":"gha-uses-commit","key":"https://github.com/docker/login-action.git:v3.3.0","version":"9780b0c442fbb1117ed29e0efdff1e18412f7567"}
{"name":"gha-uses-commit","key":"https://github.com/docker/setup-buildx-action.git:v3.8.0","version":"6524bf65af31da8d45b59e8c27de4bd072b392f5"}
{"name":"gha-uses-commit","key":"https://github.com/docker/setup-buildx-action.git:v3.9.0","version":"f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca"}
{"name":"gha-uses-commit","key":"https://github.com/regclient/actions.git:main","version":"ce5fd131e371ffcdd7508b478cb223b3511a9183"}
{"name":"gha-uses-commit","key":"https://github.com/sigstore/cosign-installer.git:v3.7.0","version":"dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da"}
{"name":"gha-uses-commit","key":"https://github.com/sigstore/cosign-installer.git:v3.8.0","version":"c56c2d3e59e4281cc41dea2217323ba5694b171e"}
{"name":"gha-uses-commit","key":"https://github.com/softprops/action-gh-release.git:v2.2.1","version":"c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda"}
{"name":"gha-uses-semver","key":"https://github.com/actions/checkout.git","version":"v4.2.2"}
{"name":"gha-uses-semver","key":"https://github.com/actions/setup-go.git","version":"v5.3.0"}
@ -31,8 +31,8 @@
{"name":"gha-uses-semver","key":"https://github.com/anchore/sbom-action.git","version":"v0.18.0"}
{"name":"gha-uses-semver","key":"https://github.com/docker/build-push-action.git","version":"v6.13.0"}
{"name":"gha-uses-semver","key":"https://github.com/docker/login-action.git","version":"v3.3.0"}
{"name":"gha-uses-semver","key":"https://github.com/docker/setup-buildx-action.git","version":"v3.8.0"}
{"name":"gha-uses-semver","key":"https://github.com/sigstore/cosign-installer.git","version":"v3.7.0"}
{"name":"gha-uses-semver","key":"https://github.com/docker/setup-buildx-action.git","version":"v3.9.0"}
{"name":"gha-uses-semver","key":"https://github.com/sigstore/cosign-installer.git","version":"v3.8.0"}
{"name":"gha-uses-semver","key":"https://github.com/softprops/action-gh-release.git","version":"v2.2.1"}
{"name":"go-mod-golang-release","key":"golang-oldest","version":"1.21"}
{"name":"makefile-ci-distribution","key":"docker.io/library/registry","version":"2.8.3"}
@ -46,7 +46,7 @@
{"name":"makefile-syft-container-digest","key":"anchore/syft:v1.19.0","version":"sha256:bc1ae555a43011d23bb011a4f50e175fc9a5984a008a3f8f2d692b211fcacd2a"}
{"name":"makefile-syft-container-tag","key":"anchore/syft","version":"v1.19.0"}
{"name":"makefile-syft-version","key":"docker.io/anchore/syft","version":"v1.19.0"}
{"name":"osv-golang-release","key":"docker.io/library/golang","version":"1.23.5"}
{"name":"osv-golang-release","key":"docker.io/library/golang","version":"1.23.6"}
{"name":"shell-alpine-digest","key":"docker.io/library/alpine:3.21.2","version":"sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099"}
{"name":"shell-alpine-tag-base","key":"docker.io/library/alpine","version":"3"}
{"name":"shell-alpine-tag-comment","key":"docker.io/library/alpine","version":"3.21.2"}

4
build/Dockerfile.regbot
View File

@ -1,7 +1,7 @@
ARG REGISTRY=docker.io
ARG ALPINE_VER=3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
ARG GO_VER=1.23.5-alpine@sha256:47d337594bd9e667d35514b241569f95fb6d95727c24b19468813d596d5ae596
ARG ECR_HELPER_VER=14dfc70fe71ca1a2191d3f6a45bb3f4369bdd9b3
ARG GO_VER=1.23.6-alpine@sha256:2c49857f2295e89b23b28386e57e018a86620a8fede5003900f2d138ba9c4037
ARG ECR_HELPER_VER=6540026091fe97d68c5e653b754cac6a3f5937ee
ARG GCR_HELPER_VER=v2.1.26
ARG LUNAJSON_COMMIT=3d10600874527d71519b33ecbb314eb93ccd1df6
ARG SEMVER_COMMIT=a4b708ba243208d46e575da870af969dca46a94d

4
build/Dockerfile.regbot.buildkit
View File

@ -2,8 +2,8 @@
ARG REGISTRY=docker.io
ARG ALPINE_VER=3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
ARG GO_VER=1.23.5-alpine@sha256:47d337594bd9e667d35514b241569f95fb6d95727c24b19468813d596d5ae596
ARG ECR_HELPER_VER=14dfc70fe71ca1a2191d3f6a45bb3f4369bdd9b3
ARG GO_VER=1.23.6-alpine@sha256:2c49857f2295e89b23b28386e57e018a86620a8fede5003900f2d138ba9c4037
ARG ECR_HELPER_VER=6540026091fe97d68c5e653b754cac6a3f5937ee
ARG GCR_HELPER_VER=v2.1.26
ARG LUNAJSON_COMMIT=3d10600874527d71519b33ecbb314eb93ccd1df6
ARG SEMVER_COMMIT=a4b708ba243208d46e575da870af969dca46a94d

4
build/Dockerfile.regctl
View File

@ -1,7 +1,7 @@
ARG REGISTRY=docker.io
ARG ALPINE_VER=3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
ARG GO_VER=1.23.5-alpine@sha256:47d337594bd9e667d35514b241569f95fb6d95727c24b19468813d596d5ae596
ARG ECR_HELPER_VER=14dfc70fe71ca1a2191d3f6a45bb3f4369bdd9b3
ARG GO_VER=1.23.6-alpine@sha256:2c49857f2295e89b23b28386e57e018a86620a8fede5003900f2d138ba9c4037
ARG ECR_HELPER_VER=6540026091fe97d68c5e653b754cac6a3f5937ee
ARG GCR_HELPER_VER=v2.1.26
FROM ${REGISTRY}/library/golang:${GO_VER} AS golang

4
build/Dockerfile.regctl.buildkit
View File

@ -2,8 +2,8 @@
ARG REGISTRY=docker.io
ARG ALPINE_VER=3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
ARG GO_VER=1.23.5-alpine@sha256:47d337594bd9e667d35514b241569f95fb6d95727c24b19468813d596d5ae596
ARG ECR_HELPER_VER=14dfc70fe71ca1a2191d3f6a45bb3f4369bdd9b3
ARG GO_VER=1.23.6-alpine@sha256:2c49857f2295e89b23b28386e57e018a86620a8fede5003900f2d138ba9c4037
ARG ECR_HELPER_VER=6540026091fe97d68c5e653b754cac6a3f5937ee
ARG GCR_HELPER_VER=v2.1.26
FROM --platform=$BUILDPLATFORM ${REGISTRY}/library/golang:${GO_VER} AS golang

4
build/Dockerfile.regsync
View File

@ -1,7 +1,7 @@
ARG REGISTRY=docker.io
ARG ALPINE_VER=3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
ARG GO_VER=1.23.5-alpine@sha256:47d337594bd9e667d35514b241569f95fb6d95727c24b19468813d596d5ae596
ARG ECR_HELPER_VER=14dfc70fe71ca1a2191d3f6a45bb3f4369bdd9b3
ARG GO_VER=1.23.6-alpine@sha256:2c49857f2295e89b23b28386e57e018a86620a8fede5003900f2d138ba9c4037
ARG ECR_HELPER_VER=6540026091fe97d68c5e653b754cac6a3f5937ee
ARG GCR_HELPER_VER=v2.1.26
FROM ${REGISTRY}/library/golang:${GO_VER} AS golang

4
build/Dockerfile.regsync.buildkit
View File

@ -2,8 +2,8 @@
ARG REGISTRY=docker.io
ARG ALPINE_VER=3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
ARG GO_VER=1.23.5-alpine@sha256:47d337594bd9e667d35514b241569f95fb6d95727c24b19468813d596d5ae596
ARG ECR_HELPER_VER=14dfc70fe71ca1a2191d3f6a45bb3f4369bdd9b3
ARG GO_VER=1.23.6-alpine@sha256:2c49857f2295e89b23b28386e57e018a86620a8fede5003900f2d138ba9c4037
ARG ECR_HELPER_VER=6540026091fe97d68c5e653b754cac6a3f5937ee
ARG GCR_HELPER_VER=v2.1.26
FROM --platform=$BUILDPLATFORM ${REGISTRY}/library/golang:${GO_VER} AS golang

4
go.mod
View File

@ -12,8 +12,8 @@ require (
github.com/spf13/cobra v1.8.1
github.com/ulikunitz/xz v0.5.12
github.com/yuin/gopher-lua v1.1.1
golang.org/x/sys v0.29.0
golang.org/x/term v0.28.0
golang.org/x/sys v0.30.0
golang.org/x/term v0.29.0
gopkg.in/yaml.v3 v3.0.1
)

8
go.sum
View File

@ -32,10 +32,10 @@ github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0o
github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=