Bump github.com/google/go-containerregistry from 0.21.2 to 0.21.5 by dependabot[bot] · Pull Request #383 · shipwright-io/cli

dependabot · 2026-04-13T06:03:00Z

Bumps github.com/google/go-containerregistry from 0.21.2 to 0.21.5.

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.5

What's Changed

Bump docker/cli v29.4.0, moby/api v1.54.1, moby/client v0.4.0 by @thaJeztah in google/go-containerregistry#2254

update to Go 1.26.2 by @thaJeztah in google/go-containerregistry#2255

Bump aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0 in the actions group across 1 directory by @dependabot[bot] in google/go-containerregistry#2257

build(deps): bump golang.org/x/tools from 0.43.0 to 0.44.0 in the go-deps group across 1 directory by @dependabot[bot] in google/go-containerregistry#2260

Full Changelog: google/go-containerregistry@v0.21.4...v0.21.5

v0.21.4

What's Changed

go.mod: do not make a viral minimum go version by @howardjohn in google/go-containerregistry#2237

Avoid pruning absolute links from extracted and flattened images by @Subserial in google/go-containerregistry#2241

Bump the go-deps group across 3 directories with 5 updates by @dependabot[bot] in google/go-containerregistry#2245

fix: update to go1.25.8, and use separate .go-version file by @thaJeztah in google/go-containerregistry#2246

Bump CI go version to 1.26.1 by @Subserial in google/go-containerregistry#2242

Bump codecov/codecov-action from 5.5.2 to 5.5.3 in the actions group by @dependabot[bot] in google/go-containerregistry#2240

fork distribution client v3 auth-challenge as an internal package (squashed) by @thaJeztah in google/go-containerregistry#2248

transport: validate Bearer realm URL to prevent SSRF by @evilgensec in google/go-containerregistry#2243

revert path traversal and symlink escape from #2227 by @Subserial in google/go-containerregistry#2250

Fix pkg/v1/google/auth tests for arm64 by @Subserial in google/go-containerregistry#2085

goreleaser: Update goreleaser config and GH action by @Subserial in google/go-containerregistry#2253

New Contributors

@evilgensec made their first contribution in google/go-containerregistry#2243

Full Changelog: google/go-containerregistry@v0.21.3...v0.21.4

v0.21.3

What's Changed

Adds local file support to the crane index subcommand by @edwardthiele in google/go-containerregistry#2223

migrate to github.com/moby/moby modules by @thaJeztah in google/go-containerregistry#2228

Bump the go-deps group across 4 directories with 7 updates by @dependabot[bot] in google/go-containerregistry#2233

Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 in the actions group by @dependabot[bot] in google/go-containerregistry#2220

mutate: reject path traversal and symlink escape in Extract by @KevinZhao in google/go-containerregistry#2227

tarball: detect symlink cycles in extractFileFromTar by @vnykmshr in google/go-containerregistry#2232

bump golang to 1.25.7 by @Subserial in google/go-containerregistry#2236

New Contributors

@edwardthiele made their first contribution in google/go-containerregistry#2223

@thaJeztah made their first contribution in google/go-containerregistry#2228

@KevinZhao made their first contribution in google/go-containerregistry#2227

@vnykmshr made their first contribution in google/go-containerregistry#2232

Full Changelog: google/go-containerregistry@v0.21.2...v0.21.3

Commits

5b80281 build(deps): bump golang.org/x/tools from 0.43.0 to 0.44.0 in the go-deps gro...
b99bca2 build(deps): bump aws-actions/configure-aws-credentials (#2257)
f8be1d4 update to Go 1.26.2 (#2255)
87ad88b Bump docker/cli v29.4.0, moby/api v1.54.1, moby/client v0.4.0 (#2254)
e8813dd goreleaser: Update goreleaser config and GH action for releases (#2253)
e90447d replace gcloud in binary calls in pkg/v1/google tests (#2085)
0d0368c revert path traversal and symlink escape changes (#2250)
a2f47d4 transport: validate Bearer realm URL to prevent SSRF (#2243)
19a36cd fork distribution client v3 auth-challenge as an internal package (squashed) ...
c612a9b Bump codecov/codecov-action from 5.5.2 to 5.5.3 in the actions group (#2240)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.21.2 to 0.21.5. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Commits](google/go-containerregistry@v0.21.2...v0.21.5) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-version: 0.21.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

openshift-ci · 2026-04-13T06:03:05Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign saschaschwarze0 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

dependabot bot added kind/dependency-change Categorizes issue or PR as related to changing dependencies release-note-none labels Apr 13, 2026

Copilot AI review requested due to automatic review settings April 13, 2026 06:03

dependabot bot added kind/dependency-change Categorizes issue or PR as related to changing dependencies release-note-none labels Apr 13, 2026

dependabot bot review requested due to automatic review settings April 13, 2026 06:03

dependabot bot mentioned this pull request Apr 13, 2026

Bump github.com/google/go-containerregistry from 0.21.2 to 0.21.4 #382

Closed

openshift-ci bot requested review from adambkaplan and rxinui April 13, 2026 06:03

pull-request-size bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Apr 13, 2026

shipwright-ci-bot added this to Issues Apr 13, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/google/go-containerregistry from 0.21.2 to 0.21.5#383

Bump github.com/google/go-containerregistry from 0.21.2 to 0.21.5#383
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/google/go-containerregistry-0.21.5

dependabot bot commented on behalf of github Apr 13, 2026

Uh oh!

openshift-ci bot commented Apr 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Apr 13, 2026

v0.21.5

What's Changed

v0.21.4

What's Changed

New Contributors

v0.21.3

What's Changed

New Contributors

Uh oh!

openshift-ci bot commented Apr 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant