Skip to content

Bump github.com/distribution/distribution/v3 from 3.1.0 to 3.1.1#1973

Merged
openshift-merge-bot[bot] merged 1 commit into
masterfrom
dependabot/go_modules/github.com/distribution/distribution/v3-3.1.1
May 4, 2026
Merged

Bump github.com/distribution/distribution/v3 from 3.1.0 to 3.1.1#1973
openshift-merge-bot[bot] merged 1 commit into
masterfrom
dependabot/go_modules/github.com/distribution/distribution/v3-3.1.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 4, 2026
edited
Loading

Bumps github.com/distribution/distribution/v3 from 3.1.0 to 3.1.1.

Release notes

Sourced from github.com/distribution/distribution/v3's releases.

v3.1.1

Welcome to the v3.1.1 release of registry!

This is a stable release

Please try out the release binaries and report any issues at https://github.com/distribution/distribution/issues.

Notable Changes

  • Fixes CVE-2026-41888
  • Bounds-check the file basename in PurgeUploads Walk callback
  • Add S3 Express One Zone support to the S3 storage driver (#4858)
  • Fix tag list endpoint in proxy mode (#4846)
  • Clamp oversized n query parameter in proxy mode instead of returning 400 (#4856)

See the full changelog below for the full list of changes.

What's Changed

New Contributors

Full Changelog: distribution/distribution@v3.1.0...v3.1.1

Commits
  • 9a8d98b chore(release): prepare for v3.1.1 release (#4864)
  • d3c0df9 chore(release): prepare for v3.1.1 release
  • e09ff10 Merge commit from fork
  • 8baf3e0 fix: prevent tag deletion when storage.delete.enabled is false
  • f3af4de fix(storage): bounds-check the file basename in PurgeUploads Walk callback (#...
  • 72c88bc fix(storage): bounds-check the file basename in PurgeUploads Walk callback
  • 1b5e226 feat(s3): add express zone one support to S3 driver (#4858)
  • afd2bf0 fix(proxy): clamp oversized n query param instead of returning 400 (#4856)
  • 835c1c5 feat(s3): add express zone one support to S3 driver
  • 0f3e627 build(deps): bump docker/bake-action from 7.0.0 to 7.1.0 (#4853)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 4, 2026
Copilot AI review requested due to automatic review settings May 4, 2026 02:42
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 4, 2026
@dependabot dependabot Bot review requested due to automatic review settings May 4, 2026 02:42
@openshift-ci openshift-ci Bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label May 4, 2026
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented May 4, 2026

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a operator-framework member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

rashmigottipati
rashmigottipati approved these changes May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@rashmigottipati rashmigottipati left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/ok-to-test

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label May 4, 2026
@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 4, 2026
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented May 4, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: perdasilva, rashmigottipati

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@dependabot
Bump github.com/distribution/distribution/v3 from 3.1.0 to 3.1.1
46b9a15 
Bumps [github.com/distribution/distribution/v3](https://github.com/distribution/distribution) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/distribution/distribution/releases)
- [Commits](distribution/distribution@v3.1.0...v3.1.1)

---
updated-dependencies:
- dependency-name: github.com/distribution/distribution/v3
  dependency-version: 3.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Copilot AI review requested due to automatic review settings May 4, 2026 13:22
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/distribution/distribution/v3-3.1.1 branch from 8774047 to 46b9a15 Compare May 4, 2026 13:22
@dependabot dependabot Bot review requested due to automatic review settings May 4, 2026 13:22
@openshift-ci openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label May 4, 2026
@perdasilva
Copy link
Copy Markdown
Contributor

perdasilva commented May 4, 2026

/lgtm

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label May 4, 2026
@openshift-merge-bot openshift-merge-bot Bot merged commit 677f3ea into master May 4, 2026
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@perdasilva perdasilva perdasilva approved these changes

@rashmigottipati rashmigottipati rashmigottipati approved these changes

Assignees

@perdasilva perdasilva

@rashmigottipati rashmigottipati

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dependencies Pull requests that update a dependency file go Pull requests that update Go code lgtm Indicates that a PR is ready to be merged. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@perdasilva @rashmigottipati