diff --git a/.common-ci.yml b/.common-ci.yml index f9d651fc3..3d5c64c5e 100644 --- a/.common-ci.yml +++ b/.common-ci.yml @@ -137,7 +137,7 @@ trigger-pipeline: # Download the regctl binary for use in the release steps .regctl-setup: before_script: - - export REGCTL_VERSION=v0.11.2 + - export REGCTL_VERSION=v0.11.3 - apk add --no-cache curl - mkdir -p bin - curl -sSLo bin/regctl https://github.com/regclient/regclient/releases/download/${REGCTL_VERSION}/regctl-linux-amd64 diff --git a/.github/workflows/forward-compatibility.yaml b/.github/workflows/forward-compatibility.yaml index 46e3999bb..6a9bf673d 100644 --- a/.github/workflows/forward-compatibility.yaml +++ b/.github/workflows/forward-compatibility.yaml @@ -37,7 +37,7 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@148669fe4b19151fcab6e00c6df2db43b9e2b097 with: - release: v0.11.1 + release: v0.11.3 - name: Get latest component images and generate values override file env: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6bba8ac23..5baa42b4f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -71,7 +71,7 @@ jobs: - name: Install regctl uses: regclient/actions/regctl-installer@148669fe4b19151fcab6e00c6df2db43b9e2b097 with: - release: v0.11.1 + release: v0.11.3 - name: Retag gpu-operator env: OPERATOR_IMAGE_SOURCE: ${{ needs.variables.outputs.operator_image_source }} diff --git a/go.mod b/go.mod index 1b66a11aa..d77bab2b8 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/operator-framework/api v0.41.0 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.90.0 github.com/prometheus/client_golang v1.23.2 - github.com/regclient/regclient v0.11.2 + github.com/regclient/regclient v0.11.3 github.com/sirupsen/logrus v1.9.4 github.com/stretchr/testify v1.11.1 github.com/urfave/cli/v3 v3.8.0 @@ -78,7 +78,7 @@ require ( github.com/huandu/xstrings v1.5.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.18.4 // indirect + github.com/klauspost/compress v1.18.5 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect @@ -111,8 +111,8 @@ require ( golang.org/x/net v0.52.0 // indirect golang.org/x/oauth2 v0.34.0 // indirect golang.org/x/sync v0.20.0 // indirect - golang.org/x/sys v0.42.0 // indirect - golang.org/x/term v0.41.0 // indirect + golang.org/x/sys v0.43.0 // indirect + golang.org/x/term v0.42.0 // indirect golang.org/x/text v0.35.0 // indirect golang.org/x/time v0.14.0 // indirect golang.org/x/tools v0.43.0 // indirect diff --git a/go.sum b/go.sum index 650b356c1..841080904 100644 --- a/go.sum +++ b/go.sum @@ -128,8 +128,8 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c= -github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= +github.com/klauspost/compress v1.18.5 h1:/h1gH5Ce+VWNLSWqPzOVn6XBO+vJbCNGvjoaGBFW2IE= +github.com/klauspost/compress v1.18.5/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -193,8 +193,8 @@ github.com/prometheus/common v0.67.5 h1:pIgK94WWlQt1WLwAC5j2ynLaBRDiinoAb86HZHTU github.com/prometheus/common v0.67.5/go.mod h1:SjE/0MzDEEAyrdr5Gqc6G+sXI67maCxzaT3A2+HqjUw= github.com/prometheus/procfs v0.19.2 h1:zUMhqEW66Ex7OXIiDkll3tl9a1ZdilUOd/F6ZXw4Vws= github.com/prometheus/procfs v0.19.2/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw= -github.com/regclient/regclient v0.11.2 h1:BMBxbXpJkia8CPnGTbJoQnt980NDh9dKNFxX57ah1/Q= -github.com/regclient/regclient v0.11.2/go.mod h1:AWbO1F0DJGP7MNlwmDHjYbgOEftZsTB0N0AXT6pN2C4= +github.com/regclient/regclient v0.11.3 h1:aTnVRsgFaOmezgKp7caL3zINrZKAXsMbzS1oCgD7/cA= +github.com/regclient/regclient v0.11.3/go.mod h1:a4PDi+VyEbBuV/5hCfMjnYH8jvB7NgD0mdggwNRECy8= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= @@ -274,10 +274,10 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= -golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= -golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= -golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= +golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= +golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY= +golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= diff --git a/vendor/github.com/klauspost/compress/.goreleaser.yml b/vendor/github.com/klauspost/compress/.goreleaser.yml index 4528059ca..804a20181 100644 --- a/vendor/github.com/klauspost/compress/.goreleaser.yml +++ b/vendor/github.com/klauspost/compress/.goreleaser.yml @@ -31,6 +31,9 @@ builds: - mips64le goarm: - 7 + ignore: + - goos: windows + goarch: arm - id: "s2d" binary: s2d @@ -57,6 +60,9 @@ builds: - mips64le goarm: - 7 + ignore: + - goos: windows + goarch: arm - id: "s2sx" binary: s2sx @@ -84,6 +90,9 @@ builds: - mips64le goarm: - 7 + ignore: + - goos: windows + goarch: arm archives: - @@ -91,7 +100,7 @@ archives: name_template: "s2-{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" format_overrides: - goos: windows - format: zip + formats: ['zip'] files: - unpack/* - s2/LICENSE diff --git a/vendor/github.com/klauspost/compress/README.md b/vendor/github.com/klauspost/compress/README.md index 5125c1f26..e839fe9c6 100644 --- a/vendor/github.com/klauspost/compress/README.md +++ b/vendor/github.com/klauspost/compress/README.md @@ -26,6 +26,12 @@ This package will support the current Go version and 2 versions back. Use the links above for more information on each. # changelog + +* Feb 9th, 2026 [1.18.4](https://github.com/klauspost/compress/releases/tag/v1.18.4) + * gzhttp: Add zstandard to server handler wrapper https://github.com/klauspost/compress/pull/1121 + * zstd: Add ResetWithOptions to encoder/decoder https://github.com/klauspost/compress/pull/1122 + * gzhttp: preserve qvalue when extra parameters follow in Accept-Encoding by @analytically in https://github.com/klauspost/compress/pull/1116 + * Jan 16th, 2026 [1.18.3](https://github.com/klauspost/compress/releases/tag/v1.18.3) * Downstream CVE-2025-61728. See [golang/go#77102](https://github.com/golang/go/issues/77102). @@ -691,3 +697,4 @@ This code is licensed under the same conditions as the original Go code. See LIC + diff --git a/vendor/github.com/klauspost/compress/huff0/decompress_amd64.go b/vendor/github.com/klauspost/compress/huff0/decompress_amd64.go index 99ddd4af9..2d6ef64be 100644 --- a/vendor/github.com/klauspost/compress/huff0/decompress_amd64.go +++ b/vendor/github.com/klauspost/compress/huff0/decompress_amd64.go @@ -1,5 +1,4 @@ //go:build amd64 && !appengine && !noasm && gc -// +build amd64,!appengine,!noasm,gc // This file contains the specialisation of Decoder.Decompress4X // and Decoder.Decompress1X that use an asm implementation of thir main loops. diff --git a/vendor/github.com/klauspost/compress/huff0/decompress_generic.go b/vendor/github.com/klauspost/compress/huff0/decompress_generic.go index 908c17de6..610392322 100644 --- a/vendor/github.com/klauspost/compress/huff0/decompress_generic.go +++ b/vendor/github.com/klauspost/compress/huff0/decompress_generic.go @@ -1,5 +1,4 @@ //go:build !amd64 || appengine || !gc || noasm -// +build !amd64 appengine !gc noasm // This file contains a generic implementation of Decoder.Decompress4X. package huff0 diff --git a/vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.go b/vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.go index e802579c4..b97f9056f 100644 --- a/vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.go +++ b/vendor/github.com/klauspost/compress/internal/cpuinfo/cpuinfo_amd64.go @@ -1,5 +1,4 @@ //go:build amd64 && !appengine && !noasm && gc -// +build amd64,!appengine,!noasm,gc package cpuinfo diff --git a/vendor/github.com/klauspost/compress/zstd/blockenc.go b/vendor/github.com/klauspost/compress/zstd/blockenc.go index fd35ea148..0e33aea44 100644 --- a/vendor/github.com/klauspost/compress/zstd/blockenc.go +++ b/vendor/github.com/klauspost/compress/zstd/blockenc.go @@ -78,6 +78,7 @@ func (b *blockEnc) initNewEncode() { b.recentOffsets = [3]uint32{1, 4, 8} b.litEnc.Reuse = huff0.ReusePolicyNone b.coders.setPrev(nil, nil, nil) + b.dictLitEnc = nil } // reset will reset the block for a new encode, but in the same stream, diff --git a/vendor/github.com/klauspost/compress/zstd/enc_base.go b/vendor/github.com/klauspost/compress/zstd/enc_base.go index c1192ec38..c4de134a7 100644 --- a/vendor/github.com/klauspost/compress/zstd/enc_base.go +++ b/vendor/github.com/klauspost/compress/zstd/enc_base.go @@ -21,7 +21,7 @@ type fastBase struct { crc *xxhash.Digest tmp [8]byte blk *blockEnc - lastDictID uint32 + lastDict *dict lowMem bool } diff --git a/vendor/github.com/klauspost/compress/zstd/enc_best.go b/vendor/github.com/klauspost/compress/zstd/enc_best.go index c1581cfcb..851799322 100644 --- a/vendor/github.com/klauspost/compress/zstd/enc_best.go +++ b/vendor/github.com/klauspost/compress/zstd/enc_best.go @@ -479,10 +479,13 @@ func (e *bestFastEncoder) Reset(d *dict, singleBlock bool) { if d == nil { return } + dictChanged := d != e.lastDict // Init or copy dict table - if len(e.dictTable) != len(e.table) || d.id != e.lastDictID { + if len(e.dictTable) != len(e.table) || dictChanged { if len(e.dictTable) != len(e.table) { e.dictTable = make([]prevEntry, len(e.table)) + } else { + clear(e.dictTable) } end := int32(len(d.content)) - 8 + e.maxMatchOff for i := e.maxMatchOff; i < end; i += 4 { @@ -510,13 +513,14 @@ func (e *bestFastEncoder) Reset(d *dict, singleBlock bool) { offset: i + 3, } } - e.lastDictID = d.id } - // Init or copy dict table - if len(e.dictLongTable) != len(e.longTable) || d.id != e.lastDictID { + // Init or copy dict long table + if len(e.dictLongTable) != len(e.longTable) || dictChanged { if len(e.dictLongTable) != len(e.longTable) { e.dictLongTable = make([]prevEntry, len(e.longTable)) + } else { + clear(e.dictLongTable) } if len(d.content) >= 8 { cv := load6432(d.content, 0) @@ -538,8 +542,8 @@ func (e *bestFastEncoder) Reset(d *dict, singleBlock bool) { off++ } } - e.lastDictID = d.id } + e.lastDict = d // Reset table to initial state copy(e.longTable[:], e.dictLongTable) diff --git a/vendor/github.com/klauspost/compress/zstd/enc_better.go b/vendor/github.com/klauspost/compress/zstd/enc_better.go index 85dcd28c3..3305f0924 100644 --- a/vendor/github.com/klauspost/compress/zstd/enc_better.go +++ b/vendor/github.com/klauspost/compress/zstd/enc_better.go @@ -1102,10 +1102,13 @@ func (e *betterFastEncoderDict) Reset(d *dict, singleBlock bool) { if d == nil { return } + dictChanged := d != e.lastDict // Init or copy dict table - if len(e.dictTable) != len(e.table) || d.id != e.lastDictID { + if len(e.dictTable) != len(e.table) || dictChanged { if len(e.dictTable) != len(e.table) { e.dictTable = make([]tableEntry, len(e.table)) + } else { + clear(e.dictTable) } end := int32(len(d.content)) - 8 + e.maxMatchOff for i := e.maxMatchOff; i < end; i += 4 { @@ -1133,14 +1136,15 @@ func (e *betterFastEncoderDict) Reset(d *dict, singleBlock bool) { offset: i + 3, } } - e.lastDictID = d.id e.allDirty = true } - // Init or copy dict table - if len(e.dictLongTable) != len(e.longTable) || d.id != e.lastDictID { + // Init or copy dict long table + if len(e.dictLongTable) != len(e.longTable) || dictChanged { if len(e.dictLongTable) != len(e.longTable) { e.dictLongTable = make([]prevEntry, len(e.longTable)) + } else { + clear(e.dictLongTable) } if len(d.content) >= 8 { cv := load6432(d.content, 0) @@ -1162,9 +1166,9 @@ func (e *betterFastEncoderDict) Reset(d *dict, singleBlock bool) { off++ } } - e.lastDictID = d.id e.allDirty = true } + e.lastDict = d // Reset table to initial state { diff --git a/vendor/github.com/klauspost/compress/zstd/enc_dfast.go b/vendor/github.com/klauspost/compress/zstd/enc_dfast.go index cf8cad00d..2fb6da112 100644 --- a/vendor/github.com/klauspost/compress/zstd/enc_dfast.go +++ b/vendor/github.com/klauspost/compress/zstd/enc_dfast.go @@ -1040,15 +1040,18 @@ func (e *doubleFastEncoder) Reset(d *dict, singleBlock bool) { // ResetDict will reset and set a dictionary if not nil func (e *doubleFastEncoderDict) Reset(d *dict, singleBlock bool) { allDirty := e.allDirty + dictChanged := d != e.lastDict e.fastEncoderDict.Reset(d, singleBlock) if d == nil { return } // Init or copy dict table - if len(e.dictLongTable) != len(e.longTable) || d.id != e.lastDictID { + if len(e.dictLongTable) != len(e.longTable) || dictChanged { if len(e.dictLongTable) != len(e.longTable) { e.dictLongTable = make([]tableEntry, len(e.longTable)) + } else { + clear(e.dictLongTable) } if len(d.content) >= 8 { cv := load6432(d.content, 0) @@ -1065,7 +1068,6 @@ func (e *doubleFastEncoderDict) Reset(d *dict, singleBlock bool) { } } } - e.lastDictID = d.id allDirty = true } // Reset table to initial state diff --git a/vendor/github.com/klauspost/compress/zstd/enc_fast.go b/vendor/github.com/klauspost/compress/zstd/enc_fast.go index 9180a3a58..5e104f1a4 100644 --- a/vendor/github.com/klauspost/compress/zstd/enc_fast.go +++ b/vendor/github.com/klauspost/compress/zstd/enc_fast.go @@ -805,9 +805,11 @@ func (e *fastEncoderDict) Reset(d *dict, singleBlock bool) { } // Init or copy dict table - if len(e.dictTable) != len(e.table) || d.id != e.lastDictID { + if len(e.dictTable) != len(e.table) || d != e.lastDict { if len(e.dictTable) != len(e.table) { e.dictTable = make([]tableEntry, len(e.table)) + } else { + clear(e.dictTable) } if true { end := e.maxMatchOff + int32(len(d.content)) - 8 @@ -827,7 +829,7 @@ func (e *fastEncoderDict) Reset(d *dict, singleBlock bool) { } } } - e.lastDictID = d.id + e.lastDict = d e.allDirty = true } diff --git a/vendor/github.com/klauspost/compress/zstd/encoder.go b/vendor/github.com/klauspost/compress/zstd/encoder.go index 19e730acc..0f2a00a00 100644 --- a/vendor/github.com/klauspost/compress/zstd/encoder.go +++ b/vendor/github.com/klauspost/compress/zstd/encoder.go @@ -138,11 +138,18 @@ func (e *Encoder) Reset(w io.Writer) { func (e *Encoder) ResetWithOptions(w io.Writer, opts ...EOption) error { e.o.resetOpt = true defer func() { e.o.resetOpt = false }() + hadDict := e.o.dict != nil for _, o := range opts { if err := o(&e.o); err != nil { return err } } + hasDict := e.o.dict != nil + if hadDict != hasDict { + // Dict presence changed — encoder type must be recreated. + e.state.encoder = nil + e.init = sync.Once{} + } e.Reset(w) return nil } @@ -448,6 +455,12 @@ func (e *Encoder) Close() error { if s.encoder == nil { return nil } + if s.w == nil { + if len(s.filling) == 0 && !s.headerWritten && !s.eofWritten && s.nInput == 0 { + return nil + } + return errors.New("zstd: encoder has no writer") + } err := e.nextBlock(true) if err != nil { if errors.Is(s.err, ErrEncoderClosed) { diff --git a/vendor/github.com/klauspost/compress/zstd/encoder_options.go b/vendor/github.com/klauspost/compress/zstd/encoder_options.go index 8e0f5cac7..e217be0a1 100644 --- a/vendor/github.com/klauspost/compress/zstd/encoder_options.go +++ b/vendor/github.com/klauspost/compress/zstd/encoder_options.go @@ -42,6 +42,7 @@ func (o *encoderOptions) setDefault() { level: SpeedDefault, allLitEntropy: false, lowMem: false, + fullZero: true, } } diff --git a/vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.go b/vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.go index d04a829b0..b8c8607b5 100644 --- a/vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.go +++ b/vendor/github.com/klauspost/compress/zstd/fse_decoder_amd64.go @@ -1,5 +1,4 @@ //go:build amd64 && !appengine && !noasm && gc -// +build amd64,!appengine,!noasm,gc package zstd diff --git a/vendor/github.com/klauspost/compress/zstd/fse_decoder_generic.go b/vendor/github.com/klauspost/compress/zstd/fse_decoder_generic.go index 8adfebb02..2138f8091 100644 --- a/vendor/github.com/klauspost/compress/zstd/fse_decoder_generic.go +++ b/vendor/github.com/klauspost/compress/zstd/fse_decoder_generic.go @@ -1,5 +1,4 @@ //go:build !amd64 || appengine || !gc || noasm -// +build !amd64 appengine !gc noasm package zstd diff --git a/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_other.go b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_other.go index 0be16cefc..9576426e6 100644 --- a/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_other.go +++ b/vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_other.go @@ -1,5 +1,4 @@ //go:build (!amd64 && !arm64) || appengine || !gc || purego || noasm -// +build !amd64,!arm64 appengine !gc purego noasm package xxhash diff --git a/vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go b/vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go index f41932b7a..1ed18927f 100644 --- a/vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go +++ b/vendor/github.com/klauspost/compress/zstd/matchlen_amd64.go @@ -1,5 +1,4 @@ //go:build amd64 && !appengine && !noasm && gc -// +build amd64,!appengine,!noasm,gc // Copyright 2019+ Klaus Post. All rights reserved. // License information can be found in the LICENSE file. diff --git a/vendor/github.com/klauspost/compress/zstd/matchlen_generic.go b/vendor/github.com/klauspost/compress/zstd/matchlen_generic.go index bea1779e9..379746c96 100644 --- a/vendor/github.com/klauspost/compress/zstd/matchlen_generic.go +++ b/vendor/github.com/klauspost/compress/zstd/matchlen_generic.go @@ -1,5 +1,4 @@ //go:build !amd64 || appengine || !gc || noasm -// +build !amd64 appengine !gc noasm // Copyright 2019+ Klaus Post. All rights reserved. // License information can be found in the LICENSE file. diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go index 1f8c3cec2..18c3703dd 100644 --- a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go +++ b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.go @@ -1,5 +1,4 @@ //go:build amd64 && !appengine && !noasm && gc -// +build amd64,!appengine,!noasm,gc package zstd diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go b/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go index 7cec2197c..516cd9b07 100644 --- a/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go +++ b/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go @@ -1,5 +1,4 @@ //go:build !amd64 || appengine || !gc || noasm -// +build !amd64 appengine !gc noasm package zstd diff --git a/vendor/github.com/regclient/regclient/.osv-scanner.toml b/vendor/github.com/regclient/regclient/.osv-scanner.toml index 69916f390..6c1b6aa8a 100644 --- a/vendor/github.com/regclient/regclient/.osv-scanner.toml +++ b/vendor/github.com/regclient/regclient/.osv-scanner.toml @@ -1 +1 @@ -GoVersionOverride = "1.26.0" +GoVersionOverride = "1.26.2" diff --git a/vendor/github.com/regclient/regclient/.version-bump.lock b/vendor/github.com/regclient/regclient/.version-bump.lock index a90946541..2f3b4f0c1 100644 --- a/vendor/github.com/regclient/regclient/.version-bump.lock +++ b/vendor/github.com/regclient/regclient/.version-bump.lock @@ -1,53 +1,53 @@ {"name":"docker-arg-alpine-digest","key":"docker.io/library/alpine:3.23.3","version":"sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659"} {"name":"docker-arg-alpine-tag","key":"docker.io/library/alpine","version":"3.23.3"} -{"name":"docker-arg-ecr","key":"https://github.com/awslabs/amazon-ecr-credential-helper.git","version":"v0.11.0"} +{"name":"docker-arg-ecr","key":"https://github.com/awslabs/amazon-ecr-credential-helper.git","version":"v0.12.0"} {"name":"docker-arg-gcr","key":"https://github.com/GoogleCloudPlatform/docker-credential-gcr.git","version":"v2.1.32"} -{"name":"docker-arg-go-digest","key":"docker.io/library/golang:1.26.0-alpine","version":"sha256:d4c4845f5d60c6a974c6000ce58ae079328d03ab7f721a0734277e69905473e5"} -{"name":"docker-arg-go-tag","key":"docker.io/library/golang","version":"1.26.0"} +{"name":"docker-arg-go-digest","key":"docker.io/library/golang:1.26.2-alpine","version":"sha256:c2a1f7b2095d046ae14b286b18413a05bb82c9bca9b25fe7ff5efef0f0826166"} +{"name":"docker-arg-go-tag","key":"docker.io/library/golang","version":"1.26.2"} {"name":"docker-arg-lunajson","key":"https://github.com/grafi-tt/lunajson.git:master","version":"e3a9666eb1275741e887e29926b144f8daee3bef"} {"name":"docker-arg-semver","key":"https://github.com/kikito/semver.lua.git:master","version":"a4b708ba243208d46e575da870af969dca46a94d"} {"name":"gha-alpine-digest","key":"docker.io/library/alpine:3.23.3","version":"sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659"} {"name":"gha-alpine-tag-base","key":"docker.io/library/alpine","version":"3"} {"name":"gha-alpine-tag-comment","key":"docker.io/library/alpine","version":"3.23.3"} -{"name":"gha-cosign-version","key":"https://github.com/sigstore/cosign.git","version":"v3.0.5"} +{"name":"gha-cosign-version","key":"https://github.com/sigstore/cosign.git","version":"v3.0.6"} {"name":"gha-golang-matrix","key":"golang-matrix","version":"[\"1.25\", \"1.26\"]"} {"name":"gha-golang-release","key":"golang-latest","version":"1.26"} -{"name":"gha-syft-version","key":"docker.io/anchore/syft","version":"v1.42.1"} +{"name":"gha-syft-version","key":"docker.io/anchore/syft","version":"v1.42.4"} {"name":"gha-uses-commit","key":"https://github.com/actions/checkout.git:v6.0.2","version":"de0fac2e4500dabe0009e67214ff5f5447ce83dd"} -{"name":"gha-uses-commit","key":"https://github.com/actions/setup-go.git:v6.2.0","version":"7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5"} +{"name":"gha-uses-commit","key":"https://github.com/actions/setup-go.git:v6.4.0","version":"4a3601121dd01d1626a1e23e37211e3254c1c06c"} {"name":"gha-uses-commit","key":"https://github.com/actions/stale.git:v10.2.0","version":"b5d41d4e1d5dceea10e7104786b73624c18a190f"} -{"name":"gha-uses-commit","key":"https://github.com/actions/upload-artifact.git:v6.0.0","version":"b7c566a772e6b6bfb58ed0dc250532a479d7789f"} -{"name":"gha-uses-commit","key":"https://github.com/anchore/sbom-action.git:v0.22.2","version":"28d71544de8eaf1b958d335707167c5f783590ad"} -{"name":"gha-uses-commit","key":"https://github.com/docker/build-push-action.git:v6.19.2","version":"10e90e3645eae34f1e60eeb005ba3a3d33f178e8"} -{"name":"gha-uses-commit","key":"https://github.com/docker/login-action.git:v3.7.0","version":"c94ce9fb468520275223c153574b00df6fe4bcc9"} -{"name":"gha-uses-commit","key":"https://github.com/docker/setup-buildx-action.git:v3.12.0","version":"8d2750c68a42422c14e847fe6c8ac0403b4cbd6f"} -{"name":"gha-uses-commit","key":"https://github.com/regclient/actions.git:main","version":"da9319db8e44e8b062b3a147e1dfb2f574d41a03"} -{"name":"gha-uses-commit","key":"https://github.com/sigstore/cosign-installer.git:v4.0.0","version":"faadad0cce49287aee09b3a48701e75088a2c6ad"} -{"name":"gha-uses-commit","key":"https://github.com/softprops/action-gh-release.git:v2.5.0","version":"a06a81a03ee405af7f2048a818ed3f03bbf83c7b"} +{"name":"gha-uses-commit","key":"https://github.com/actions/upload-artifact.git:v7.0.1","version":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a"} +{"name":"gha-uses-commit","key":"https://github.com/anchore/sbom-action.git:v0.24.0","version":"e22c389904149dbc22b58101806040fa8d37a610"} +{"name":"gha-uses-commit","key":"https://github.com/docker/build-push-action.git:v7.1.0","version":"bcafcacb16a39f128d818304e6c9c0c18556b85f"} +{"name":"gha-uses-commit","key":"https://github.com/docker/login-action.git:v4.1.0","version":"4907a6ddec9925e35a0a9e82d7399ccc52663121"} +{"name":"gha-uses-commit","key":"https://github.com/docker/setup-buildx-action.git:v4.0.0","version":"4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd"} +{"name":"gha-uses-commit","key":"https://github.com/regclient/actions.git:main","version":"f07124ffba4b0cbf96b2a666d481ed9d44b5e7e4"} +{"name":"gha-uses-commit","key":"https://github.com/sigstore/cosign-installer.git:v4.1.1","version":"cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003"} +{"name":"gha-uses-commit","key":"https://github.com/softprops/action-gh-release.git:v3.0.0","version":"b4309332981a82ec1c5618f44dd2e27cc8bfbfda"} {"name":"gha-uses-semver","key":"https://github.com/actions/checkout.git","version":"v6.0.2"} -{"name":"gha-uses-semver","key":"https://github.com/actions/setup-go.git","version":"v6.2.0"} +{"name":"gha-uses-semver","key":"https://github.com/actions/setup-go.git","version":"v6.4.0"} {"name":"gha-uses-semver","key":"https://github.com/actions/stale.git","version":"v10.2.0"} -{"name":"gha-uses-semver","key":"https://github.com/actions/upload-artifact.git","version":"v6.0.0"} -{"name":"gha-uses-semver","key":"https://github.com/anchore/sbom-action.git","version":"v0.22.2"} -{"name":"gha-uses-semver","key":"https://github.com/docker/build-push-action.git","version":"v6.19.2"} -{"name":"gha-uses-semver","key":"https://github.com/docker/login-action.git","version":"v3.7.0"} -{"name":"gha-uses-semver","key":"https://github.com/docker/setup-buildx-action.git","version":"v3.12.0"} -{"name":"gha-uses-semver","key":"https://github.com/sigstore/cosign-installer.git","version":"v4.0.0"} -{"name":"gha-uses-semver","key":"https://github.com/softprops/action-gh-release.git","version":"v2.5.0"} +{"name":"gha-uses-semver","key":"https://github.com/actions/upload-artifact.git","version":"v7.0.1"} +{"name":"gha-uses-semver","key":"https://github.com/anchore/sbom-action.git","version":"v0.24.0"} +{"name":"gha-uses-semver","key":"https://github.com/docker/build-push-action.git","version":"v7.1.0"} +{"name":"gha-uses-semver","key":"https://github.com/docker/login-action.git","version":"v4.1.0"} +{"name":"gha-uses-semver","key":"https://github.com/docker/setup-buildx-action.git","version":"v4.0.0"} +{"name":"gha-uses-semver","key":"https://github.com/sigstore/cosign-installer.git","version":"v4.1.1"} +{"name":"gha-uses-semver","key":"https://github.com/softprops/action-gh-release.git","version":"v3.0.0"} {"name":"go-mod-golang-release","key":"golang-oldest","version":"1.25.0"} -{"name":"makefile-ci-distribution","key":"docker.io/library/registry","version":"3.0.0"} -{"name":"makefile-ci-zot","key":"ghcr.io/project-zot/zot-linux-amd64","version":"v2.1.14"} +{"name":"makefile-ci-distribution","key":"docker.io/library/registry","version":"3.1.0"} +{"name":"makefile-ci-zot","key":"ghcr.io/project-zot/zot-linux-amd64","version":"v2.1.15"} {"name":"makefile-go-vulncheck","key":"https://go.googlesource.com/vuln.git","version":"v1.1.4"} {"name":"makefile-gofumpt","key":"https://github.com/mvdan/gofumpt.git","version":"v0.9.2"} {"name":"makefile-gomajor","key":"https://github.com/icholy/gomajor.git","version":"v0.15.0"} -{"name":"makefile-gosec","key":"https://github.com/securego/gosec.git","version":"v2.23.0"} -{"name":"makefile-markdown-lint","key":"docker.io/davidanson/markdownlint-cli2","version":"v0.21.0"} -{"name":"makefile-osv-scanner","key":"https://github.com/google/osv-scanner.git","version":"v2.3.3"} +{"name":"makefile-gosec","key":"https://github.com/securego/gosec.git","version":"v2.25.0"} +{"name":"makefile-markdown-lint","key":"docker.io/davidanson/markdownlint-cli2","version":"v0.22.0"} +{"name":"makefile-osv-scanner","key":"https://github.com/google/osv-scanner.git","version":"v2.3.5"} {"name":"makefile-staticcheck","key":"https://github.com/dominikh/go-tools.git","version":"v0.7.0"} -{"name":"makefile-syft-container-digest","key":"anchore/syft:v1.42.1","version":"sha256:392b65f29a410d2c1294d347bb3ad6f37608345ab6e7b43d2df03ea18bd6f5b0"} -{"name":"makefile-syft-container-tag","key":"anchore/syft","version":"v1.42.1"} -{"name":"makefile-syft-version","key":"docker.io/anchore/syft","version":"v1.42.1"} -{"name":"osv-golang-release","key":"docker.io/library/golang","version":"1.26.0"} +{"name":"makefile-syft-container-digest","key":"anchore/syft:v1.42.4","version":"sha256:e9f29bec38cc856bfd3a7966d2f99711b5b244a531bf121da9de3b47789eecfa"} +{"name":"makefile-syft-container-tag","key":"anchore/syft","version":"v1.42.4"} +{"name":"makefile-syft-version","key":"docker.io/anchore/syft","version":"v1.42.4"} +{"name":"osv-golang-release","key":"docker.io/library/golang","version":"1.26.2"} {"name":"shell-alpine-digest","key":"docker.io/library/alpine:3.23.3","version":"sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659"} {"name":"shell-alpine-tag-base","key":"docker.io/library/alpine","version":"3"} {"name":"shell-alpine-tag-comment","key":"docker.io/library/alpine","version":"3.23.3"} diff --git a/vendor/github.com/regclient/regclient/Makefile b/vendor/github.com/regclient/regclient/Makefile index 6ecc2e65c..fded4ae90 100644 --- a/vendor/github.com/regclient/regclient/Makefile +++ b/vendor/github.com/regclient/regclient/Makefile @@ -35,16 +35,16 @@ ifeq "$(strip $(VER_BUMP))" '' -u "$(shell id -u):$(shell id -g)" \ $(VER_BUMP_CONTAINER) endif -MARKDOWN_LINT_VER?=v0.21.0 +MARKDOWN_LINT_VER?=v0.22.0 GOFUMPT_VER?=v0.9.2 GOMAJOR_VER?=v0.15.0 -GOSEC_VER?=v2.23.0 +GOSEC_VER?=v2.25.0 GO_VULNCHECK_VER?=v1.1.4 -OSV_SCANNER_VER?=v2.3.3 +OSV_SCANNER_VER?=v2.3.5 SYFT?=$(shell command -v syft 2>/dev/null) SYFT_CMD_VER:=$(shell [ -x "$(SYFT)" ] && echo "v$$($(SYFT) version | awk '/^Version: / {print $$2}')" || echo "0") -SYFT_VERSION?=v1.42.1 -SYFT_CONTAINER?=anchore/syft:v1.42.1@sha256:392b65f29a410d2c1294d347bb3ad6f37608345ab6e7b43d2df03ea18bd6f5b0 +SYFT_VERSION?=v1.42.4 +SYFT_CONTAINER?=anchore/syft:v1.42.4@sha256:e9f29bec38cc856bfd3a7966d2f99711b5b244a531bf121da9de3b47789eecfa ifneq "$(SYFT_CMD_VER)" "$(SYFT_VERSION)" SYFT=docker run --rm \ -v "$(shell pwd)/:$(shell pwd)/" -w "$(shell pwd)" \ @@ -52,8 +52,8 @@ ifneq "$(SYFT_CMD_VER)" "$(SYFT_VERSION)" $(SYFT_CONTAINER) endif STATICCHECK_VER?=v0.7.0 -CI_DISTRIBUTION_VER?=3.0.0 -CI_ZOT_VER?=v2.1.14 +CI_DISTRIBUTION_VER?=3.1.0 +CI_ZOT_VER?=v2.1.15 .PHONY: .FORCE .FORCE: diff --git a/vendor/github.com/regclient/regclient/internal/auth/auth.go b/vendor/github.com/regclient/regclient/internal/auth/auth.go index cbe7885e8..56475c90f 100644 --- a/vendor/github.com/regclient/regclient/internal/auth/auth.go +++ b/vendor/github.com/regclient/regclient/internal/auth/auth.go @@ -677,6 +677,7 @@ func (b *bearerHandler) isExpired() bool { // tryGet requests a new token with a GET request func (b *bearerHandler) tryGet(cred Cred) error { + //#nosec G704 inputs follow specification req, err := http.NewRequest("GET", b.tokenURL.String(), nil) if err != nil { return err @@ -701,7 +702,7 @@ func (b *bearerHandler) tryGet(cred Cred) error { req.Header.Add("User-Agent", b.clientID) req.URL.RawQuery = reqParams.Encode() - //#nosec G704 inputs are user controlled or follow specification + //#nosec G704 inputs follow specification resp, err := b.client.Do(req) if err != nil { return err @@ -733,6 +734,7 @@ func (b *bearerHandler) tryPost(cred Cred) error { form.Set("password", cred.Password) } + //#nosec G704 inputs are user controlled or follow specification req, err := http.NewRequest("POST", b.tokenURL.String(), strings.NewReader(form.Encode())) if err != nil { return err @@ -870,7 +872,7 @@ func (j *jwtHubHandler) ProcessChallenge(c challenge) error { // send a login request to hub bodyBytes, err := json.Marshal(jwtHubPost{ User: cred.User, - Pass: cred.Password, + Pass: cred.Password, //#nosec G117 field name follows spec }) if err != nil { return err diff --git a/vendor/github.com/regclient/regclient/pkg/archive/tar.go b/vendor/github.com/regclient/regclient/pkg/archive/tar.go index b6a18ce3b..e9f2347e6 100644 --- a/vendor/github.com/regclient/regclient/pkg/archive/tar.go +++ b/vendor/github.com/regclient/regclient/pkg/archive/tar.go @@ -84,7 +84,7 @@ func Tar(ctx context.Context, path string, w io.Writer, opts ...TarOpts) error { // open file and copy contents into tar writer if header.Typeflag == tar.TypeReg && header.Size > 0 { - //#nosec G304 filename is limited to provided path directory + //#nosec G122 G304 filename is limited to provided path directory f, err := os.Open(file) if err != nil { return err diff --git a/vendor/github.com/regclient/regclient/release.md b/vendor/github.com/regclient/regclient/release.md index 104aad395..1c36f3f19 100644 --- a/vendor/github.com/regclient/regclient/release.md +++ b/vendor/github.com/regclient/regclient/release.md @@ -1,36 +1,22 @@ -# Release v0.11.2 +# Release v0.11.3 -Features: - -- Add support for regctl config in XDG and APPDATA. ([PR 1038][pr-1038]) -- Add `ImageWithBlobReaderHook` for callbacks per layer when copying an image. ([PR 1046][pr-1046]) +Security: -Fixes: +- Go 1.26.2 release fixes CVE-2026-32280 ([PR 1072][pr-1072]) +- Go 1.26.2 release fixes CVE-2026-32281 ([PR 1072][pr-1072]) +- Go 1.26.2 release fixes CVE-2026-32283 ([PR 1072][pr-1072]) +- Go 1.26.2 release fixes CVE-2026-32288 ([PR 1072][pr-1072]) +- Go 1.26.2 release fixes CVE-2026-33810 ([PR 1072][pr-1072]) -- Do not sign released images multiple times. ([PR 1027][pr-1027]) -- regctl/action update for path fix. ([PR 1031][pr-1031]) -- Remove default values from regctl config. ([PR 1039][pr-1039]) -- Apply Go modernizations with `go fix` from 1.26.0. ([PR 1053][pr-1053]) -- Adjust test repo names to avoid races. ([PR 1054][pr-1054]) -- Automatically upgrade goimports and gorelease. ([PR 1056][pr-1056]) - -Other Changes: +Features: -- Add `REGCTL_CONFIG` to `regctl` help messages. ([PR 1037][pr-1037]) -- Go upgrade fixes CVE-2025-68121, govulncheck indicates this project is not vulnerable. ([PR 1047][pr-1047]) +- Add support for pushing digest with tags. ([PR 1062][pr-1062]) +- Handle OCI-Tag headers with comma separators. ([PR 1070][pr-1070]) Contributors: - @sudo-bmitch -- @vrajashkr -[pr-1027]: https://github.com/regclient/regclient/pull/1027 -[pr-1031]: https://github.com/regclient/regclient/pull/1031 -[pr-1037]: https://github.com/regclient/regclient/pull/1037 -[pr-1038]: https://github.com/regclient/regclient/pull/1038 -[pr-1039]: https://github.com/regclient/regclient/pull/1039 -[pr-1047]: https://github.com/regclient/regclient/pull/1047 -[pr-1046]: https://github.com/regclient/regclient/pull/1046 -[pr-1053]: https://github.com/regclient/regclient/pull/1053 -[pr-1054]: https://github.com/regclient/regclient/pull/1054 -[pr-1056]: https://github.com/regclient/regclient/pull/1056 +[pr-1062]: https://github.com/regclient/regclient/pull/1062 +[pr-1070]: https://github.com/regclient/regclient/pull/1070 +[pr-1072]: https://github.com/regclient/regclient/pull/1072 diff --git a/vendor/github.com/regclient/regclient/scheme/reg/manifest.go b/vendor/github.com/regclient/regclient/scheme/reg/manifest.go index c9789da7f..85114c4ca 100644 --- a/vendor/github.com/regclient/regclient/scheme/reg/manifest.go +++ b/vendor/github.com/regclient/regclient/scheme/reg/manifest.go @@ -8,7 +8,9 @@ import ( "log/slog" "net/http" "net/url" + "slices" "strconv" + "strings" "github.com/opencontainers/go-digest" @@ -222,7 +224,6 @@ func (reg *Reg) ManifestPut(ctx context.Context, r ref.Ref, m manifest.Manifest, if w := warning.FromContext(ctx); w == nil { ctx = warning.NewContext(ctx, &warning.Warning{Hook: warning.DefaultHook()}) } - // create the request body mj, err := m.MarshalJSON() if err != nil { @@ -231,20 +232,35 @@ func (reg *Reg) ManifestPut(ctx context.Context, r ref.Ref, m manifest.Manifest, slog.String("err", err.Error())) return fmt.Errorf("error marshalling manifest for %s: %w", r.CommonName(), err) } - // limit length if reg.manifestMaxPush > 0 && int64(len(mj)) > reg.manifestMaxPush { return fmt.Errorf("manifest too large, calculated %d, limit %d: %s%.0w", len(mj), reg.manifestMaxPush, r.CommonName(), errs.ErrSizeLimitExceeded) } + // if the ref provides a digest, verify it matches the manifest being pushed + desc := m.GetDescriptor() + if err := desc.Digest.Validate(); err != nil { + return fmt.Errorf("invalid digest for manifest: %s: %w", string(desc.Digest), err) + } + if r.Digest != "" && desc.Digest.String() != r.Digest { + // Digest algorithm may have changed, try recreating the manifest with the provided ref. + // This will fail if the ref digest does not match the manifest. + m, err = manifest.New(manifest.WithRef(r), manifest.WithRaw(mj)) + if err != nil { + return fmt.Errorf("failed to rebuilding manifest with ref \"%s\": %w", r.CommonName(), err) + } + } // build/send request + expectTags := []string{} headers := http.Header{ "Content-Type": []string{manifest.GetMediaType(m)}, } q := url.Values{} if tagOrDigest == r.Tag && m.GetDescriptor().Digest.Algorithm() != digest.Canonical { - // TODO(bmitch): EXPERIMENTAL parameter, registry support and OCI spec change needed - q.Add(paramManifestDigest, m.GetDescriptor().Digest.String()) + // TODO(bmitch): EXPERIMENTAL support for pushing tags with a digest: + tagOrDigest = m.GetDescriptor().Digest.String() + q.Add("tag", r.Tag) + expectTags = append(expectTags, r.Tag) } req := ®http.Req{ MetaKind: reqmeta.Manifest, @@ -269,6 +285,55 @@ func (reg *Reg) ManifestPut(ctx context.Context, r ref.Ref, m manifest.Manifest, if resp.HTTPResponse().StatusCode != 201 { return fmt.Errorf("failed to put manifest %s: %w", r.CommonName(), reghttp.HTTPError(resp.HTTPResponse().StatusCode)) } + // if Docker-Content-Digest header was returned, verify the digest matches + if dig := resp.HTTPResponse().Header.Get("Docker-Content-Digest"); dig != "" && dig != m.GetDescriptor().Digest.String() { + return fmt.Errorf("failed to put manifest, unexpected digest returned, expected %s, received %s", m.GetDescriptor().Digest.String(), dig) + } + + // if pushing tags by digest fails, fall back to pushing individual tags + respTags := []string{} + for _, hv := range resp.HTTPResponse().Header.Values("OCI-Tag") { + for sv := range strings.SplitSeq(hv, ",") { + respTags = append(respTags, strings.TrimSpace(sv)) + } + } + for _, t := range expectTags { + if slices.Contains(respTags, t) { + continue + } + q := url.Values{} + if m.GetDescriptor().Digest.Algorithm() != digest.Canonical { + // TODO(bmitch): EXPERIMENTAL parameter, registry support and OCI spec change needed: + q.Add(paramManifestDigest, m.GetDescriptor().Digest.String()) + } + req := ®http.Req{ + MetaKind: reqmeta.Manifest, + Host: r.Registry, + NoMirrors: true, + Method: "PUT", + Repository: r.Repository, + Path: "manifests/" + t, + Query: q, + Headers: headers, + BodyLen: int64(len(mj)), + BodyBytes: mj, + } + resp, err := reg.reghttp.Do(ctx, req) + if err != nil { + return fmt.Errorf("failed to put manifest %s: %w", r.CommonName(), err) + } + err = resp.Close() + if err != nil { + return fmt.Errorf("failed to close request: %w", err) + } + if resp.HTTPResponse().StatusCode != 201 { + return fmt.Errorf("failed to put manifest %s: %w", r.CommonName(), reghttp.HTTPError(resp.HTTPResponse().StatusCode)) + } + // if Docker-Content-Digest header was returned, verify the digest matches + if dig := resp.HTTPResponse().Header.Get("Docker-Content-Digest"); dig != "" && dig != m.GetDescriptor().Digest.String() { + return fmt.Errorf("failed to put manifest, unexpected digest returned, expected %s, received %s", m.GetDescriptor().Digest.String(), dig) + } + } rCache := r.SetDigest(m.GetDescriptor().Digest.String()) reg.cacheMan.Set(rCache, m) diff --git a/vendor/golang.org/x/sys/windows/dll_windows.go b/vendor/golang.org/x/sys/windows/dll_windows.go index 3ca814f54..1157b06d8 100644 --- a/vendor/golang.org/x/sys/windows/dll_windows.go +++ b/vendor/golang.org/x/sys/windows/dll_windows.go @@ -163,42 +163,7 @@ func (p *Proc) Addr() uintptr { // (according to the semantics of the specific function being called) before consulting // the error. The error will be guaranteed to contain windows.Errno. func (p *Proc) Call(a ...uintptr) (r1, r2 uintptr, lastErr error) { - switch len(a) { - case 0: - return syscall.Syscall(p.Addr(), uintptr(len(a)), 0, 0, 0) - case 1: - return syscall.Syscall(p.Addr(), uintptr(len(a)), a[0], 0, 0) - case 2: - return syscall.Syscall(p.Addr(), uintptr(len(a)), a[0], a[1], 0) - case 3: - return syscall.Syscall(p.Addr(), uintptr(len(a)), a[0], a[1], a[2]) - case 4: - return syscall.Syscall6(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], 0, 0) - case 5: - return syscall.Syscall6(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], 0) - case 6: - return syscall.Syscall6(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5]) - case 7: - return syscall.Syscall9(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], 0, 0) - case 8: - return syscall.Syscall9(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], 0) - case 9: - return syscall.Syscall9(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8]) - case 10: - return syscall.Syscall12(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], 0, 0) - case 11: - return syscall.Syscall12(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], 0) - case 12: - return syscall.Syscall12(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11]) - case 13: - return syscall.Syscall15(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], 0, 0) - case 14: - return syscall.Syscall15(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13], 0) - case 15: - return syscall.Syscall15(p.Addr(), uintptr(len(a)), a[0], a[1], a[2], a[3], a[4], a[5], a[6], a[7], a[8], a[9], a[10], a[11], a[12], a[13], a[14]) - default: - panic("Call " + p.Name + " with too many arguments " + itoa(len(a)) + ".") - } + return syscall.SyscallN(p.Addr(), a...) } // A LazyDLL implements access to a single DLL. diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go index a8b0364c7..6c955cea1 100644 --- a/vendor/golang.org/x/sys/windows/security_windows.go +++ b/vendor/golang.org/x/sys/windows/security_windows.go @@ -1438,13 +1438,17 @@ func GetSecurityInfo(handle Handle, objectType SE_OBJECT_TYPE, securityInformati } // GetNamedSecurityInfo queries the security information for a given named object and returns the self-relative security -// descriptor result on the Go heap. +// descriptor result on the Go heap. The security descriptor might be nil, even when err is nil, if the object exists +// but has no security descriptor. func GetNamedSecurityInfo(objectName string, objectType SE_OBJECT_TYPE, securityInformation SECURITY_INFORMATION) (sd *SECURITY_DESCRIPTOR, err error) { var winHeapSD *SECURITY_DESCRIPTOR err = getNamedSecurityInfo(objectName, objectType, securityInformation, nil, nil, nil, nil, &winHeapSD) if err != nil { return } + if winHeapSD == nil { + return nil, nil + } defer LocalFree(Handle(unsafe.Pointer(winHeapSD))) return winHeapSD.copySelfRelativeSecurityDescriptor(), nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index 8fdc924b5..4db4a6542 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -188,8 +188,8 @@ github.com/inconshreveable/mousetrap # github.com/json-iterator/go v1.1.12 ## explicit; go 1.12 github.com/json-iterator/go -# github.com/klauspost/compress v1.18.4 -## explicit; go 1.23 +# github.com/klauspost/compress v1.18.5 +## explicit; go 1.24 github.com/klauspost/compress github.com/klauspost/compress/fse github.com/klauspost/compress/huff0 @@ -329,7 +329,7 @@ github.com/prometheus/common/model github.com/prometheus/procfs github.com/prometheus/procfs/internal/fs github.com/prometheus/procfs/internal/util -# github.com/regclient/regclient v0.11.2 +# github.com/regclient/regclient v0.11.3 ## explicit; go 1.25.0 github.com/regclient/regclient github.com/regclient/regclient/config @@ -453,12 +453,12 @@ golang.org/x/oauth2/internal # golang.org/x/sync v0.20.0 ## explicit; go 1.25.0 golang.org/x/sync/errgroup -# golang.org/x/sys v0.42.0 +# golang.org/x/sys v0.43.0 ## explicit; go 1.25.0 golang.org/x/sys/plan9 golang.org/x/sys/unix golang.org/x/sys/windows -# golang.org/x/term v0.41.0 +# golang.org/x/term v0.42.0 ## explicit; go 1.25.0 golang.org/x/term # golang.org/x/text v0.35.0