github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-15 11:37:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: fix dependabot alerts (#4048)

Browse Source 
* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: fix golangci-lint findings from CI

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: fix golangci-lint gosec warnings

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update code to use slices package and address gosec linting issues

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* build: fix makefile target

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update tests to use context in HTTP requests and add gosec annotations

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update tests to use context in HTTP requests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update tests to use context in HTTP requests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update tests to use context in HTTP requests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update tests to use context in HTTP requests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: bump zui version

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update test helpers and improve security settings in tests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: add gosec linting directive for test path construction

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
This commit is contained in:
Ramkumar Chinchani
2026-05-10 23:29:05 -07:00
committed by GitHub
parent 9757f7cf41
commit 9aff5b8d08
60 changed files with 2320 additions and 3008 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/benchmark.yaml
+2 -2
View File
@@ -21,13 +21,13 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
# Run benchmark with `go test -bench` and stores the output to a file
- name: Run benchmark
run: make BENCH_OUTPUT=ci-cd run-bench
# Download previous benchmark result from cache (if exists)
- name: Download previous benchmark data
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: ./cache
key: ${{ runner.os }}-gen1-benchmark
.github/workflows/branch-cov.yaml
+1 -1
View File
@@ -21,7 +21,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Install dependencies
run: |
cd $GITHUB_WORKSPACE
.github/workflows/build.yaml
+4 -4
View File
@@ -33,10 +33,10 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Cache go dependencies
id: cache-go-dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: |
~/go/pkg/mod
@@ -45,7 +45,7 @@ jobs:
${{ runner.os }}-go-mod-
- name: Cache go build output
id: cache-go-build
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: |
~/.cache/go-build
@@ -117,7 +117,7 @@ jobs:
packages: write
steps:
- name: Download Release Artifacts
uses: robinraju/release-downloader@daf26c55d821e836577a15f77d86ddc078948b05 # v1
uses: robinraju/release-downloader@28fc21f50d76778e7023361aa1f863e717d3d56f # v1
with:
tag: ${{ github.ref_name }}
fileName: "z*"
.github/workflows/cloc.yaml
+1 -1
View File
@@ -22,7 +22,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Check out source code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
.github/workflows/cluster.yaml
+10 -10
View File
@@ -23,7 +23,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Install dependencies
run: |
cd $GITHUB_WORKSPACE
@@ -164,7 +164,7 @@ jobs:
rm /tmp/*.log
- name: Upload zot logs for push-pull tests
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: logs-push-pull-bolt
@@ -206,7 +206,7 @@ jobs:
rm /tmp/*.log
- name: Upload zot logs for cidr tests
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: logs-src-cidr-bolt
@@ -241,7 +241,7 @@ jobs:
zip logs-src-ips-bolt.zip /tmp/*.log -r
- name: Upload zot logs for src-ips tests
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: logs-src-ips-bolt
@@ -250,7 +250,7 @@ jobs:
# Download previous benchmark result from cache (if exists)
- name: Download previous benchmark data
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: ./cache
key: ${{ runner.os }}-gen1-benchmark-stateless-cluster
@@ -281,7 +281,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Install dependencies
run: |
cd $GITHUB_WORKSPACE
@@ -431,7 +431,7 @@ jobs:
rm /tmp/*.log
- name: Upload zot logs for push-pull tests
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: logs-push-pull-redis
@@ -473,7 +473,7 @@ jobs:
rm /tmp/*.log
- name: Upload zot logs for cidr tests
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: logs-src-cidr-redis
@@ -508,7 +508,7 @@ jobs:
zip logs-src-ips-redis.zip /tmp/*.log -r
- name: Upload zot logs for src-ips tests
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: logs-src-ips-redis
@@ -517,7 +517,7 @@ jobs:
# Download previous benchmark result from cache (if exists)
- name: Download previous benchmark data
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: ./cache
key: ${{ runner.os }}-gen1-benchmark-stateless-cluster-redis
.github/workflows/codeql-analysis.yml
+4 -4
View File
@@ -53,11 +53,11 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -68,7 +68,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
uses: github/codeql-action/autobuild@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
# ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
@@ -81,4 +81,4 @@ jobs:
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
.github/workflows/compare-binary-size.yaml
+1 -1
View File
@@ -17,7 +17,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Checkout zot (main branch)
run: |
mkdir -p $GITHUB_WORKSPACE/zot_main
.github/workflows/ecosystem-tools.yaml
+4 -4
View File
@@ -23,7 +23,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Install dependencies
run: |
cd $GITHUB_WORKSPACE
@@ -95,7 +95,7 @@ jobs:
run: |
find /tmp/zot-ft-logs -name '*.log' -print0 | xargs -0 cat
- name: Upload DynamoDB zot logs as build artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: zot-scale-out-dynamodb-logs
@@ -133,7 +133,7 @@ jobs:
run: |
find /tmp/zot-ft-logs/redis -name '*.log' -print0 | xargs -0 cat
- name: Upload Redis zot logs as build artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: zot-scale-out-redis-logs
@@ -158,7 +158,7 @@ jobs:
echo "Redis scale-out tests failed"
exit 1
- name: Upload zb test results zip as build artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: zb-cloud-scale-out-functional-results-${{ github.sha }}
.github/workflows/gc-stress-test.yaml
+8 -8
View File
@@ -23,7 +23,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Run zb
id: bench
@@ -41,7 +41,7 @@ jobs:
continue-on-error: true
- name: Upload zot logs
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: gc-referrers-bench-local
@@ -65,7 +65,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Run zb
id: bench
@@ -83,7 +83,7 @@ jobs:
continue-on-error: true
- name: Upload zot logs
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: gc-bench-local
@@ -107,7 +107,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- uses: ./.github/actions/setup-localstack
- name: Setup minio service
run: |
@@ -168,7 +168,7 @@ jobs:
continue-on-error: true
- name: Upload zot logs
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: gc-referrers-bench-s3
@@ -194,7 +194,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- uses: ./.github/actions/setup-localstack
- name: Setup minio service
run: |
@@ -255,7 +255,7 @@ jobs:
continue-on-error: true
- name: Upload zot logs
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: gc-bench-s3
.github/workflows/golangci-lint.yaml
+2 -2
View File
@@ -19,7 +19,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
@@ -27,7 +27,7 @@ jobs:
uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
with:
# Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
version: v2.6.2
version: v2.12.2
# Optional: working directory, useful for monorepos
# working-directory: somedir
.github/workflows/gqlgen.yaml
+1 -1
View File
@@ -28,7 +28,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Install dependencies
run: |
cd $GITHUB_WORKSPACE
.github/workflows/license.yaml
+1 -1
View File
@@ -25,7 +25,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Install go-licenses
run: go install github.com/google/go-licenses@latest
- name: Check for forbidden licenses
.github/workflows/nightly.yaml
+13 -13
View File
@@ -24,7 +24,7 @@ jobs:
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Install dependencies
run: |
cd $GITHUB_WORKSPACE
@@ -60,7 +60,7 @@ jobs:
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Install dependencies
run: |
cd $GITHUB_WORKSPACE
@@ -81,7 +81,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- uses: ./.github/actions/setup-localstack
- name: Create zot-storage bucket on LocalStack
run: |
@@ -127,7 +127,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- uses: ./.github/actions/setup-localstack
- name: Create zot-storage bucket on LocalStack
run: |
@@ -188,7 +188,7 @@ jobs:
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Install dependencies
run: |
cd $GITHUB_WORKSPACE
@@ -225,7 +225,7 @@ jobs:
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Install dependencies
run: |
cd $GITHUB_WORKSPACE
@@ -254,7 +254,7 @@ jobs:
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
with:
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Install crane
run: |
go install github.com/google/go-containerregistry/cmd/crane@latest
@@ -273,7 +273,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Install dependencies
run: |
cd $GITHUB_WORKSPACE
@@ -298,7 +298,7 @@ jobs:
AWS_SECRET_ACCESS_KEY: fake
continue-on-error: true
- name: Upload zot logs as build artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: zot-scale-out-dynamodb-logs
@@ -327,7 +327,7 @@ jobs:
exit 1
- name: Upload zb test results zip as build artifact
if: steps.scale.outcome == 'success'
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: zb-cloud-scale-out-perf-results-${{ github.sha }}
path: ./zb-results/
@@ -344,7 +344,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Install dependencies
run: |
cd $GITHUB_WORKSPACE
@@ -369,7 +369,7 @@ jobs:
AWS_SECRET_ACCESS_KEY: fake
continue-on-error: true
- name: Upload zot logs as build artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: zot-scale-out-redis-logs
@@ -398,7 +398,7 @@ jobs:
exit 1
- name: Upload zb test results zip as build artifact
if: steps.scale.outcome == 'success'
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: zb-cloud-scale-out-redis-results-${{ github.sha }}
path: ./zb-results/
.github/workflows/oci-conformance-action.yaml
+2 -2
View File
@@ -25,7 +25,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Checkout this PR
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
@@ -63,7 +63,7 @@ jobs:
- run: mkdir -p .out/ && mv {report.html,junit.xml} .out/
if: always()
- name: Upload test results zip as build artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: oci-test-results-${{ github.sha }}
path: .out/
.github/workflows/publish.yaml
+4 -4
View File
@@ -275,7 +275,7 @@ jobs:
TRIVY_USERNAME: ${{ github.actor }}
TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
with:
sarif_file: 'trivy-results.sarif'
@@ -312,7 +312,7 @@ jobs:
TRIVY_USERNAME: ${{ github.actor }}
TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
with:
sarif_file: 'trivy-results.sarif'
@@ -346,13 +346,13 @@ jobs:
git config --global user.name 'github-actions'
git config --global user.email 'github-actions@users.noreply.github.com'
- name: Update appVersion
uses: mikefarah/yq@0f4fb8d35ec1a939d78dd6862f494d19ec589f19 # v4.52.5
uses: mikefarah/yq@751d8ad57b84f1794661bc70c0afb92a22ad7b3c # v4.53.2
with:
cmd: yq -i '.appVersion = strenv(RELEASE_TAG)' 'helm-charts/charts/zot/Chart.yaml'
env:
RELEASE_TAG: ${{ github.event.release.tag_name }}
- name: Update image tag
uses: mikefarah/yq@0f4fb8d35ec1a939d78dd6862f494d19ec589f19 # v4.52.5
uses: mikefarah/yq@751d8ad57b84f1794661bc70c0afb92a22ad7b3c # v4.53.2
with:
cmd: |
yq e '.image.tag = strenv(RELEASE_TAG)' 'helm-charts/charts/zot/values.yaml' > values-updated.yaml
.github/workflows/scorecards.yaml
+2 -2
View File
@@ -49,7 +49,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
with:
name: SARIF file
path: results.sarif
@@ -57,6 +57,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
with:
sarif_file: results.sarif
.github/workflows/test.yaml
+14 -14
View File
@@ -24,10 +24,10 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Cache go dependencies
id: cache-go-dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: |
~/go/pkg/mod
@@ -50,7 +50,7 @@ jobs:
AWS_ACCESS_KEY_ID: fake
AWS_SECRET_ACCESS_KEY: fake
- name: upload coverage
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: coverage-minimal
path: coverage-minimal.txt
@@ -66,10 +66,10 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Cache go dependencies
id: cache-go-dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: |
~/go/pkg/mod
@@ -92,7 +92,7 @@ jobs:
AWS_ACCESS_KEY_ID: fake
AWS_SECRET_ACCESS_KEY: fake
- name: upload coverage
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: coverage-extended
path: coverage-extended.txt
@@ -108,10 +108,10 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Cache go dependencies
id: cache-go-dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: |
~/go/pkg/mod
@@ -126,7 +126,7 @@ jobs:
- name: run zot development-mode unit tests (possibly using failure injection)
run: make test-devmode
- name: upload coverage
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: coverage-devmode
path: coverage-dev-*.txt
@@ -141,10 +141,10 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Cache go dependencies
id: cache-go-dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: |
~/go/pkg/mod
@@ -168,7 +168,7 @@ jobs:
GCSMOCK_ENDPOINT: http://localhost:9000/
STORAGE_EMULATOR_HOST: localhost:9000
- name: upload coverage
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: coverage-needprivileges
path: coverage-needprivileges-*.txt
@@ -186,7 +186,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: download all workflow coverage files
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
- name: merge code coverage
@@ -200,7 +200,7 @@ jobs:
mkdir unified-coverage
cp coverage.txt coverage.html unified-coverage/
- name: upload unified-coverage as build artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: unified-coverage
path: unified-coverage/*
.github/workflows/tls.yaml
+1 -1
View File
@@ -29,7 +29,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Install dependencies
run: |
cd $GITHUB_WORKSPACE
.github/workflows/verify-config.yaml
+2 -2
View File
@@ -27,10 +27,10 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Cache go dependencies
id: cache-go-dependencies
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
with:
path: |
~/go/pkg/mod
.github/workflows/web-scan.yaml
+1 -1
View File
@@ -26,7 +26,7 @@ jobs:
with:
cache: false
check-latest: true
go-version: 1.25.x
go-version: 1.26.x
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
.golangci.yaml
+2
View File
@@ -11,6 +11,7 @@ linters:
- funcorder
- funlen
- gocognit
- goconst
- gosmopolitan
- iface
- inamedparam
@@ -21,6 +22,7 @@ linters:
- musttag
- noinlineerr
- paralleltest
- prealloc
- promlinter
- protogetter
- recvcheck
Makefile
+3 -3
View File
@@ -12,7 +12,7 @@ TOOLSDIR := $(shell pwd)/hack/tools
PATH := bin:$(TOOLSDIR)/bin:$(PATH)
STACKER := $(shell which stacker)
GOLINTER := $(TOOLSDIR)/bin/golangci-lint
GOLINTER_VERSION := v2.6.2
GOLINTER_VERSION := v2.12.2
NOTATION := $(TOOLSDIR)/bin/notation
NOTATION_VERSION := 1.3.2
COSIGN := $(TOOLSDIR)/bin/cosign
@@ -28,7 +28,7 @@ CRICTL_VERSION := v1.26.1
ACTION_VALIDATOR := $(TOOLSDIR)/bin/action-validator
ACTION_VALIDATOR_VERSION := v0.5.3
ZUI_BUILD_PATH := ""
ZUI_VERSION := commit-c90dd09
ZUI_VERSION := commit-f6aa31b
ZUI_REPO_OWNER := project-zot
ZUI_REPO_NAME := zui
SWAGGER_VERSION := v1.16.2
@@ -614,7 +614,7 @@ $(COSIGN):
$(KIND): check-linux
mkdir -p $(TOOLSDIR)/bin; \
curl -fsSL curl -Lo ./kind https://kind.sigs.k8s.io/dl/$(KIND_VERSION)/kind-$(OS)-$(ARCH) -o $@; \
curl -fsSL https://kind.sigs.k8s.io/dl/$(KIND_VERSION)/kind-$(OS)-$(ARCH) -o $@; \
chmod +x $@
# set ZUI_VERSION to empty string in order to clone zui locally and build default branch
build/Dockerfile
+1 -1
View File
@@ -11,7 +11,7 @@ ARG BASE_IMAGE=gcr.io/distroless/base-nossl-debian13:latest
# ---
# Stage 1: Install certs, build binary, create default config file
# ---
FROM --platform=$BUILDPLATFORM ghcr.io/project-zot/golang:1.25 AS builder
FROM --platform=$BUILDPLATFORM ghcr.io/project-zot/golang:1.26 AS builder
ARG TARGETOS
ARG TARGETARCH
build/Dockerfile-conformance
+1 -1
View File
@@ -11,7 +11,7 @@ ARG BASE_IMAGE=gcr.io/distroless/base-nossl-debian13:latest
# ---
# Stage 1: Install certs, build binary, create default config file
# ---
FROM --platform=$BUILDPLATFORM ghcr.io/project-zot/golang:1.25 AS builder
FROM --platform=$BUILDPLATFORM ghcr.io/project-zot/golang:1.26 AS builder
ARG TARGETOS
ARG TARGETARCH
build/Dockerfile-minimal
+1 -1
View File
@@ -11,7 +11,7 @@ ARG BASE_IMAGE=gcr.io/distroless/base-nossl-debian13:latest
# ---
# Stage 1: Install certs, build binary, create default config file
# ---
FROM --platform=$BUILDPLATFORM ghcr.io/project-zot/golang:1.25 AS builder
FROM --platform=$BUILDPLATFORM ghcr.io/project-zot/golang:1.26 AS builder
ARG TARGETOS
ARG TARGETARCH
build/Dockerfile-zb
+1 -1
View File
@@ -11,7 +11,7 @@ ARG BASE_IMAGE
# ---
# Stage 1: Install certs, build binary, create default config file
# ---
FROM --platform=$BUILDPLATFORM ghcr.io/project-zot/golang:1.25 AS builder
FROM --platform=$BUILDPLATFORM ghcr.io/project-zot/golang:1.26 AS builder
ARG TARGETOS
ARG TARGETARCH
build/Dockerfile-zxp
+1 -1
View File
@@ -11,7 +11,7 @@ ARG BASE_IMAGE=gcr.io/distroless/base-nossl-debian13:latest
# ---
# Stage 1: Build binary, create default config file
# ---
FROM --platform=$BUILDPLATFORM ghcr.io/project-zot/golang:1.25 AS builder
FROM --platform=$BUILDPLATFORM ghcr.io/project-zot/golang:1.26 AS builder
ARG TARGETOS
ARG TARGETARCH
build/stacker-conformance.yaml
+1 -1
View File
@@ -1,7 +1,7 @@
build:
from:
type: docker
url: docker://ghcr.io/project-zot/golang:1.25
url: docker://ghcr.io/project-zot/golang:1.26
binds:
- ../. -> /zotcopy
run: |
build/stacker-minimal.yaml
+1 -1
View File
@@ -1,7 +1,7 @@
build:
from:
type: docker
url: docker://ghcr.io/project-zot/golang:1.25
url: docker://ghcr.io/project-zot/golang:1.26
binds:
- ../. -> /zotcopy
run: |
build/stacker-zb.yaml
+1 -1
View File
@@ -1,7 +1,7 @@
build:
from:
type: docker
url: docker://ghcr.io/project-zot/golang:1.25
url: docker://ghcr.io/project-zot/golang:1.26
binds:
- ../. -> /zotcopy
run: |
build/stacker-zxp.yaml
+1 -1
View File
@@ -1,7 +1,7 @@
build:
from:
type: docker
url: docker://ghcr.io/project-zot/golang:1.25
url: docker://ghcr.io/project-zot/golang:1.26
binds:
- ../. -> /zotcopy
run: |
build/stacker.yaml
+1 -1
View File
@@ -1,7 +1,7 @@
build:
from:
type: docker
url: docker://ghcr.io/project-zot/golang:1.25
url: docker://ghcr.io/project-zot/golang:1.26
binds:
- ../. -> /zotcopy
run: |
cmd/zb/perf.go
+2 -1
View File
@@ -12,6 +12,7 @@ import (
"os"
"path"
"regexp"
"slices"
"sort"
"strings"
"sync"
@@ -1038,7 +1039,7 @@ func getIPsFromCIDR(cidr string, maxIPs int) ([]string, error) {
// https://go.dev/play/p/sdzcMvZYWnc
func inc(ip net.IP) {
for j := len(ip) - 1; j >= 0; j-- {
for j := range slices.Backward(ip) {
ip[j]++
if ip[j] > 0 {
break
go.mod
+47 -47
View File
@@ -1,22 +1,22 @@
module zotregistry.dev/zot/v2
go 1.25.8
go 1.26.0
require (
github.com/99designs/gqlgen v0.17.89
github.com/99designs/gqlgen v0.17.90
github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5
github.com/Masterminds/semver v1.5.0
github.com/alicebob/miniredis/v2 v2.37.0
github.com/aquasecurity/trivy v0.70.0
github.com/aquasecurity/trivy-db v0.0.0-20251222105351-a833f47f8f0d
github.com/aws/aws-sdk-go-v2 v1.41.6
github.com/aws/aws-sdk-go-v2/config v1.32.16
github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.20.38
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.57.2
github.com/aws/aws-sdk-go-v2/service/ecr v1.57.1
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.6
github.com/aws/aws-sdk-go-v2 v1.41.7
github.com/aws/aws-sdk-go-v2/config v1.32.17
github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.20.39
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.57.3
github.com/aws/aws-sdk-go-v2/service/ecr v1.57.2
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.7
github.com/aws/aws-secretsmanager-caching-go/v2 v2.2.0
github.com/aws/smithy-go v1.25.0
github.com/aws/smithy-go v1.25.1
github.com/bmatcuk/doublestar/v4 v4.10.0
github.com/briandowns/spinner v1.23.2
github.com/cloudevents/sdk-go/protocol/nats/v2 v2.16.2
@@ -24,9 +24,9 @@ require (
github.com/coreos/go-oidc/v3 v3.18.0
github.com/dchest/siphash v1.2.3
github.com/didip/tollbooth/v7 v7.0.2
github.com/distribution/distribution/v3 v3.1.0
github.com/distribution/distribution/v3 v3.1.1
github.com/dustin/go-humanize v1.0.1
github.com/fsnotify/fsnotify v1.9.0
github.com/fsnotify/fsnotify v1.10.0
github.com/go-jose/go-jose/v4 v4.1.4
github.com/go-ldap/ldap/v3 v3.4.13
github.com/go-redis/redismock/v9 v9.2.0
@@ -46,13 +46,13 @@ require (
github.com/migueleliasweb/go-github-mock v1.5.0
github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c
github.com/nathanaelle/password v1.0.0
github.com/nats-io/nats-server/v2 v2.12.7
github.com/nats-io/nats-server/v2 v2.14.0
github.com/nats-io/nats.go v1.51.0
github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba
github.com/notaryproject/notation-core-go v1.3.0
github.com/notaryproject/notation-go v1.3.2
github.com/olekukonko/tablewriter v1.1.4
github.com/onsi/gomega v1.39.1
github.com/onsi/gomega v1.40.0
github.com/opencontainers/distribution-spec/specs-go v0.0.0-20250123160558-a139cc423184
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.1
@@ -61,7 +61,7 @@ require (
github.com/prometheus/client_golang v1.23.2
github.com/prometheus/client_model v0.6.2
github.com/rbcervilla/redisstore/v9 v9.0.0
github.com/redis/go-redis/v9 v9.18.0
github.com/redis/go-redis/v9 v9.19.0
github.com/regclient/regclient v0.11.3
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
@@ -75,17 +75,17 @@ require (
github.com/swaggo/http-swagger v1.3.4
github.com/swaggo/swag v1.16.6
github.com/tiendc/go-deepcopy v1.7.2
github.com/vektah/gqlparser/v2 v2.5.32
github.com/zitadel/oidc/v3 v3.47.4
github.com/vektah/gqlparser/v2 v2.5.33
github.com/zitadel/oidc/v3 v3.47.5
go.etcd.io/bbolt v1.4.3
golang.org/x/crypto v0.50.0
golang.org/x/crypto v0.51.0
golang.org/x/oauth2 v0.36.0
golang.org/x/sys v0.43.0
google.golang.org/protobuf v1.36.11
golang.org/x/sys v0.44.0
google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af
gopkg.in/resty.v1 v1.12.0
gopkg.in/yaml.v3 v3.0.1
k8s.io/apimachinery v0.35.4
modernc.org/sqlite v1.49.1
k8s.io/apimachinery v0.36.0
modernc.org/sqlite v1.50.0
oras.land/oras-go/v2 v2.6.0
sigs.k8s.io/controller-runtime v0.23.3
)
@@ -173,25 +173,25 @@ require (
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/aws/aws-sdk-go v1.55.8 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.19.15 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.22 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.22 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.22 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.23 // indirect
github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.32.15 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.19.16 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.23 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.24 // indirect
github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.32.16 // indirect
github.com/aws/aws-sdk-go-v2/service/ebs v1.25.3 // indirect
github.com/aws/aws-sdk-go-v2/service/ec2 v1.290.0 // indirect
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.38.10 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.8 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.13 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.22 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.22 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.23 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.21 // indirect
github.com/aws/aws-sdk-go-v2/service/s3 v1.99.0 // indirect
github.com/aws/aws-sdk-go-v2/service/signin v1.0.10 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.30.16 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.20 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.42.0 // indirect
github.com/aws/aws-sdk-go-v2/service/signin v1.0.11 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.30.17 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.21 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.42.1 // indirect
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.12.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
@@ -326,8 +326,8 @@ require (
github.com/hashicorp/go-version v1.9.0 // indirect
github.com/hashicorp/hcl/v2 v2.24.0 // indirect
github.com/huandu/xstrings v1.5.0 // indirect
github.com/in-toto/attestation v1.1.2 // indirect
github.com/in-toto/in-toto-golang v0.10.0 // indirect
github.com/in-toto/attestation v1.2.0 // indirect
github.com/in-toto/in-toto-golang v0.11.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
@@ -364,7 +364,7 @@ require (
github.com/masahiro331/go-vmdk-parser v0.0.0-20221225061455-612096e4bbbd // indirect
github.com/masahiro331/go-xfs-filesystem v0.0.0-20231205045356-1b22259a6c44 // indirect
github.com/mattn/go-colorable v0.1.14 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-isatty v0.0.21 // indirect
github.com/mattn/go-runewidth v0.0.21 // indirect
github.com/mattn/go-shellwords v1.0.12 // indirect
github.com/miekg/pkcs11 v1.1.2 // indirect
@@ -439,7 +439,7 @@ require (
github.com/samber/oops v1.18.1 // indirect
github.com/sassoftware/go-rpmutils v0.4.0 // indirect
github.com/sassoftware/relic v7.2.1+incompatible // indirect
github.com/secure-systems-lab/go-securesystemslib v0.10.0 // indirect
github.com/secure-systems-lab/go-securesystemslib v0.11.0 // indirect
github.com/segmentio/asm v1.2.1 // indirect
github.com/sergi/go-diff v1.4.0 // indirect
github.com/shibumi/go-pathspec v1.3.0 // indirect
@@ -530,31 +530,31 @@ require (
go.yaml.in/yaml/v4 v4.0.0-rc.3 // indirect
golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa // indirect
golang.org/x/mod v0.35.0 // indirect
golang.org/x/net v0.53.0 // indirect
golang.org/x/net v0.54.0 // indirect
golang.org/x/sync v0.20.0 // indirect
golang.org/x/term v0.42.0 // indirect
golang.org/x/text v0.36.0 // indirect
golang.org/x/term v0.43.0 // indirect
golang.org/x/text v0.37.0 // indirect
golang.org/x/time v0.15.0 // indirect
golang.org/x/tools v0.44.0 // indirect
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
google.golang.org/api v0.275.0 // indirect
google.golang.org/genproto v0.0.0-20260406210006-6f92a3bedf2d // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20260406210006-6f92a3bedf2d // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20260406210006-6f92a3bedf2d // indirect
google.golang.org/grpc v1.80.0 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20260504160031-60b97b32f348 // indirect
google.golang.org/grpc v1.81.0 // indirect
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.1 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
helm.sh/helm/v3 v3.20.2 // indirect
k8s.io/api v0.35.3 // indirect
k8s.io/apiextensions-apiserver v0.35.2 // indirect
k8s.io/apiserver v0.35.2 // indirect
k8s.io/apiextensions-apiserver v0.35.3 // indirect
k8s.io/apiserver v0.35.3 // indirect
k8s.io/cli-runtime v0.35.1 // indirect
k8s.io/client-go v0.35.3 // indirect
k8s.io/component-base v0.35.2 // indirect
k8s.io/component-base v0.35.3 // indirect
k8s.io/klog/v2 v2.140.0 // indirect
k8s.io/kube-openapi v0.0.0-20260304202019-5b3e3fdb0acf // indirect
k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a // indirect
k8s.io/kubectl v0.35.1 // indirect
k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 // indirect
modernc.org/libc v1.72.0 // indirect
go.sum
+98 -99
View File
@@ -36,8 +36,8 @@ dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
filippo.io/edwards25519 v1.2.0 h1:crnVqOiS4jqYleHd9vaKZ+HKtHfllngJIiOpNpoJsjo=
filippo.io/edwards25519 v1.2.0/go.mod h1:xzAOLCNug/yB62zG1bQ8uziwrIqIuxhctzJT18Q77mc=
github.com/99designs/gqlgen v0.17.89 h1:KzEcxPiMgQoMw3m/E85atUEHyZyt0PbAflMia5Kw8z8=
github.com/99designs/gqlgen v0.17.89/go.mod h1:GFqruTVGB7ZTdrf1uzOagpXbY7DrEt1pIxnTdhIbWvQ=
github.com/99designs/gqlgen v0.17.90 h1:wSv6blm/PoplU6QoNw83EcQpNtC0HX3/+44vITJOzpk=
github.com/99designs/gqlgen v0.17.90/go.mod h1:GqYrEwYsqCG8VaOsq2kJUCUKwAE1T+u2i+Nj7NtXiVI=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d h1:zjqpY4C7H15HjRPEenkS4SAn3Jy2eRRjkjZbGR30TOg=
@@ -249,64 +249,64 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
github.com/aws/aws-sdk-go v1.55.8 h1:JRmEUbU52aJQZ2AjX4q4Wu7t4uZjOu71uyNmaWlUkJQ=
github.com/aws/aws-sdk-go v1.55.8/go.mod h1:ZkViS9AqA6otK+JBBNH2++sx1sgxrPKcSzPPvQkUtXk=
github.com/aws/aws-sdk-go-v2 v1.41.6 h1:1AX0AthnBQzMx1vbmir3Y4WsnJgiydmnJjiLu+LvXOg=
github.com/aws/aws-sdk-go-v2 v1.41.6/go.mod h1:dy0UzBIfwSeot4grGvY1AqFWN5zgziMmWGzysDnHFcQ=
github.com/aws/aws-sdk-go-v2 v1.41.7 h1:DWpAJt66FmnnaRIOT/8ASTucrvuDPZASqhhLey6tLY8=
github.com/aws/aws-sdk-go-v2 v1.41.7/go.mod h1:4LAfZOPHNVNQEckOACQx60Y8pSRjIkNZQz1w92xpMJc=
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8 h1:eBMB84YGghSocM7PsjmmPffTa+1FBUeNvGvFou6V/4o=
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8/go.mod h1:lyw7GFp3qENLh7kwzf7iMzAxDn+NzjXEAGjKS2UOKqI=
github.com/aws/aws-sdk-go-v2/config v1.32.16 h1:Q0iQ7quUgJP0F/SCRTieScnaMdXr9h/2+wze1u3cNeM=
github.com/aws/aws-sdk-go-v2/config v1.32.16/go.mod h1:duCCnJEFqpt2RC6no1iK6q+8HpwOAkiUua0pY507dQc=
github.com/aws/aws-sdk-go-v2/credentials v1.19.15 h1:fyvgWTszojq8hEnMi8PPBTvZdTtEVmAVyo+NFLHBhH4=
github.com/aws/aws-sdk-go-v2/credentials v1.19.15/go.mod h1:gJiYyMOjNg8OEdRWOf3CrFQxM2a98qmrtjx1zuiQfB8=
github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.20.38 h1:USC/55d7K8ZQV6SQLxU/m4t/6wabsPqNDKtp4RB8mE0=
github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.20.38/go.mod h1:oDBKuXwPGNj5nQsgVB4AQmMHTgTLszst5mFIezNwiTg=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.22 h1:IOGsJ1xVWhsi+ZO7/NW8OuZZBtMJLZbk4P5HDjJO0jQ=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.22/go.mod h1:b+hYdbU+jGKfXE8kKM6g1+h+L/Go3vMvzlxBsiuGsxg=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.22 h1:GmLa5Kw1ESqtFpXsx5MmC84QWa/ZrLZvlJGa2y+4kcQ=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.22/go.mod h1:6sW9iWm9DK9YRpRGga/qzrzNLgKpT2cIxb7Vo2eNOp0=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.22 h1:dY4kWZiSaXIzxnKlj17nHnBcXXBfac6UlsAx2qL6XrU=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.22/go.mod h1:KIpEUx0JuRZLO7U6cbV204cWAEco2iC3l061IxlwLtI=
github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.23 h1:FPXsW9+gMuIeKmz7j6ENWcWtBGTe1kH8r9thNt5Uxx4=
github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.23/go.mod h1:7J8iGMdRKk6lw2C+cMIphgAnT8uTwBwNOsGkyOCm80U=
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.57.2 h1:J2ibOhlMLx1o6QwDFsHHfbQjaZ6t5LXodiLNuK6jbZA=
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.57.2/go.mod h1:Tj8VcffnduuewrM8HN8xQ9wzzez0CJ0FGSGEovq7Sgs=
github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.32.15 h1:/ESsogNWfW9fZ1szPHcH/7KhtiuI0kw5S3viGYL+hjw=
github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.32.15/go.mod h1:til22tGA0rXc0ghSWCyGabjPmmdDBDi61NcOgdz+LVQ=
github.com/aws/aws-sdk-go-v2/config v1.32.17 h1:FpL4/758/diKwqbytU0prpuiu60fgXKUWCpDJtApclU=
github.com/aws/aws-sdk-go-v2/config v1.32.17/go.mod h1:OXqUMzgXytfoF9JaKkhrOYsyh72t9G+MJH8mMRaexOE=
github.com/aws/aws-sdk-go-v2/credentials v1.19.16 h1:r3RJBuU7X9ibt8RHbMjWE6y60QbKBiII6wSrXnapxSU=
github.com/aws/aws-sdk-go-v2/credentials v1.19.16/go.mod h1:6cx7zqDENJDbBIIWX6P8s0h6hqHC8Avbjh9Dseo27ug=
github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.20.39 h1:Suq0L+BsHm+5QD9bOXTkMTYNqgwhevA2Ggo1ApRqukE=
github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.20.39/go.mod h1:JX+/lB8RXleUNZ3Uw6o7FnE8t4CkKT8gDHEmlF8qZfI=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.23 h1:UuSfcORqNSz/ey3VPRS8TcVH2Ikf0/sC+Hdj400QI6U=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.23/go.mod h1:+G/OSGiOFnSOkYloKj/9M35s74LgVAdJBSD5lsFfqKg=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23 h1:GpT/TrnBYuE5gan2cZbTtvP+JlHsutdmlV2YfEyNde0=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23/go.mod h1:xYWD6BS9ywC5bS3sz9Xh04whO/hzK2plt2Zkyrp4JuA=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23 h1:bpd8vxhlQi2r1hiueOw02f/duEPTMK59Q4QMAoTTtTo=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23/go.mod h1:15DfR2nw+CRHIk0tqNyifu3G1YdAOy68RftkhMDDwYk=
github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.24 h1:OQqn11BtaYv1WLUowvcA30MpzIu8Ti4pcLPIIyoKZrA=
github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.24/go.mod h1:X5ZJyfwVrWA96GzPmUCWFQaEARPR7gCrpq2E92PJwAE=
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.57.3 h1:XgjzLEE8CrNYnr4Xmi1W5PfKsKMjp4Pu1rWkJNO43JI=
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.57.3/go.mod h1:r7sfLXEN8RUA89tAHy1E7lCtVOOWIkqVy/FbnUdxW1E=
github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.32.16 h1:nWMRNW3SFeJCdK7OsZ9lmbl1AAEAs8s6w5Gsa3MQqNo=
github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.32.16/go.mod h1:IMigEAstzWVC+mYsWLjZB/ZBJBLWON/Fl0zLHxZ18Qk=
github.com/aws/aws-sdk-go-v2/service/ebs v1.25.3 h1:0Z1Oz8bRQJ1I/kDmTbISFxKwptaJoghfjh4QrKmXzE0=
github.com/aws/aws-sdk-go-v2/service/ebs v1.25.3/go.mod h1:qIEaYAxM0l8/Tq5XtqCgc4Zs1a14JXoO2wU+LcCQDVk=
github.com/aws/aws-sdk-go-v2/service/ec2 v1.290.0 h1:Ub4CvLWf8wEQ7/pEiqXM9tTsHXf2BokPLwbqEvrmAq0=
github.com/aws/aws-sdk-go-v2/service/ec2 v1.290.0/go.mod h1:Uy+C+Sc58jozdoL1McQr8bDsEvNFx+/nBY+vpO1HVUY=
github.com/aws/aws-sdk-go-v2/service/ecr v1.57.1 h1:G/O4muLF2pe1UJBKEyF7J+kdokEEqFJjm42cU68FqH4=
github.com/aws/aws-sdk-go-v2/service/ecr v1.57.1/go.mod h1:KBzTxiBlQ2bB5XT367+t18i3Qe7NZDRyGKxdzN43aOw=
github.com/aws/aws-sdk-go-v2/service/ecr v1.57.2 h1:rHEW02JFJUV2/ttjzyPIvbD0YraqpyU2w6m6DfQUmdg=
github.com/aws/aws-sdk-go-v2/service/ecr v1.57.2/go.mod h1:gNS8pNht4VMzPd4UtQUL3NTUQbjEPLLmb9MqmqrqsCM=
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.38.10 h1:1A/sI3LNMi3fhRI5TFLMwwo7ALAALSFVCSGvFlr1Iys=
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.38.10/go.mod h1:Diyyyz0b43X13pdi1mVMqlTwDjOmRbJMvDsqnduUYWM=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.8 h1:HtOTYcbVcGABLOVuPYaIihj6IlkqubBwFj10K5fxRek=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.8/go.mod h1:VsK9abqQeGlzPgUr+isNWzPlK2vKe9INMLWnY65f5Xs=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9 h1:FLudkZLt5ci0ozzgkVo8BJGwvqNaZbTWb3UcucAateA=
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9/go.mod h1:w7wZ/s9qK7c8g4al+UyoF1Sp/Z45UwMGcqIzLWVQHWk=
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.13 h1:JRaIgADQS/U6uXDqlPiefP32yXTda7Kqfx+LgspooZM=
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.13/go.mod h1:CEuVn5WqOMilYl+tbccq8+N2ieCy0gVn3OtRb0vBNNM=
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.22 h1:8IXbJCgOn8ztzvRUOm27iCeTSxmPW45JsSDW3EGi16M=
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.22/go.mod h1:l53RbOWvncp4DEmlEz6dSXJS913AIxtFqkJZ+Xz7pHs=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.22 h1:PUmZeJU6Y1Lbvt9WFuJ0ugUK2xn6hIWUBBbKuOWF30s=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.22/go.mod h1:nO6egFBoAaoXze24a2C0NjQCvdpk8OueRoYimvEB9jo=
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.23 h1:3Eo/PBBnjFi1+gYfaL286dpmFSW3mTfodBIybq36Qv4=
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.23/go.mod h1:3oh+5xGSd1iuxonVb3Qbm+WJYlbhczT9kbzr6doJLzY=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23 h1:pbrxO/kuIwgEsOPLkaHu0O+m4fNgLU8B3vxQ+72jTPw=
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23/go.mod h1:/CMNUqoj46HpS3MNRDEDIwcgEnrtZlKRaHNaHxIFpNA=
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.21 h1:ZlvrNcHSFFWURB8avufQq9gFsheUgjVD9536obIknfM=
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.21/go.mod h1:cv3TNhVrssKR0O/xxLJVRfd2oazSnZnkUeTf6ctUwfQ=
github.com/aws/aws-sdk-go-v2/service/kms v1.50.3 h1:s/zDSG/a/Su9aX+v0Ld9cimUCdkr5FWPmBV8owaEbZY=
github.com/aws/aws-sdk-go-v2/service/kms v1.50.3/go.mod h1:/iSgiUor15ZuxFGQSTf3lA2FmKxFsQoc2tADOarQBSw=
github.com/aws/aws-sdk-go-v2/service/s3 v1.99.0 h1:hlSuz394kV0vhv9drL5lhuEFbEOEP1VyQpy15qWh1Pk=
github.com/aws/aws-sdk-go-v2/service/s3 v1.99.0/go.mod h1:uoA43SdFwacedBfSgfFSjjCvYe8aYBS7EnU5GZ/YKMM=
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.6 h1:XR42AXidhYs4HwH0I+yElLXVt7zb2hAyNHQJe6Blv7w=
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.6/go.mod h1:nOTsSVQlAsgwVRdtZYtECSnsInF8IUhrpnclCPat7Fs=
github.com/aws/aws-sdk-go-v2/service/signin v1.0.10 h1:a1Fq/KXn75wSzoJaPQTgZO0wHGqE9mjFnylnqEPTchA=
github.com/aws/aws-sdk-go-v2/service/signin v1.0.10/go.mod h1:p6+MXNxW7IA6dMgHfTAzljuwSKD0NCm/4lbS4t6+7vI=
github.com/aws/aws-sdk-go-v2/service/sso v1.30.16 h1:x6bKbmDhsgSZwv6q19wY/u3rLk/3FGjJWyqKcIRufpE=
github.com/aws/aws-sdk-go-v2/service/sso v1.30.16/go.mod h1:CudnEVKRtLn0+3uMV0yEXZ+YZOKnAtUJ5DmDhilVnIw=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.20 h1:oK/njaL8GtyEihkWMD4k3VgHCT64RQKkZwh0DG5j8ak=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.20/go.mod h1:JHs8/y1f3zY7U5WcuzoJ/yAYGYtNIVPKLIbp61euvmg=
github.com/aws/aws-sdk-go-v2/service/sts v1.42.0 h1:ks8KBcZPh3PYISr5dAiXCM5/Thcuxk8l+PG4+A0exds=
github.com/aws/aws-sdk-go-v2/service/sts v1.42.0/go.mod h1:pFw33T0WLvXU3rw1WBkpMlkgIn54eCB5FYLhjDc9Foo=
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.7 h1:JUGKqUnJHbXpS8uyuICP/zpQ+vXUIXW2zTEqjMLCqrY=
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.7/go.mod h1:l/cqI7ujYqBuTR6Ll13d9/gG/uUdlVzJ1UDltEEBTOo=
github.com/aws/aws-sdk-go-v2/service/signin v1.0.11 h1:TdJ+HdzOBhU8+iVAOGUTU63VXopcumCOF1paFulHWZc=
github.com/aws/aws-sdk-go-v2/service/signin v1.0.11/go.mod h1:R82ZRExE/nheo0N+T8zHPcLRTcH8MGsnR3BiVGX0TwI=
github.com/aws/aws-sdk-go-v2/service/sso v1.30.17 h1:7byT8HUWrgoRp6sXjxtZwgOKfhss5fW6SkLBtqzgRoE=
github.com/aws/aws-sdk-go-v2/service/sso v1.30.17/go.mod h1:xNWknVi4Ezm1vg1QsB/5EWpAJURq22uqd38U8qKvOJc=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.21 h1:+1Kl1zx6bWi4X7cKi3VYh29h8BvsCoHQEQ6ST9X8w7w=
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.21/go.mod h1:4vIRDq+CJB2xFAXZ+YgGUTiEft7oAQlhIs71xcSeuVg=
github.com/aws/aws-sdk-go-v2/service/sts v1.42.1 h1:F/M5Y9I3nwr2IEpshZgh1GeHpOItExNM9L1euNuh/fk=
github.com/aws/aws-sdk-go-v2/service/sts v1.42.1/go.mod h1:mTNxImtovCOEEuD65mKW7DCsL+2gjEH+RPEAexAzAio=
github.com/aws/aws-secretsmanager-caching-go/v2 v2.2.0 h1:wXXmTH/XdnVL9iUkUTsFAyja92ARoAgK13Jt5lsamVw=
github.com/aws/aws-secretsmanager-caching-go/v2 v2.2.0/go.mod h1:2xQdyjb9+YCw465Kd83aAwslS++VfvB/G+yaaa9y6JE=
github.com/aws/smithy-go v1.25.0 h1:Sz/XJ64rwuiKtB6j98nDIPyYrV1nVNJ4YU74gttcl5U=
github.com/aws/smithy-go v1.25.0/go.mod h1:YE2RhdIuDbA5E5bTdciG9KrW3+TiEONeUWCqxX9i1Fc=
github.com/aws/smithy-go v1.25.1 h1:J8ERsGSU7d+aCmdQur5Txg6bVoYelvQJgtZehD12GkI=
github.com/aws/smithy-go v1.25.1/go.mod h1:YE2RhdIuDbA5E5bTdciG9KrW3+TiEONeUWCqxX9i1Fc=
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.12.0 h1:JFWXO6QPihCknDdnL6VaQE57km4ZKheHIGd9YiOGcTo=
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.12.0/go.mod h1:046/oLyFlYdAghYQE2yHXi/E//VM5Cf3/dFmA+3CZ0c=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -453,8 +453,8 @@ github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 h1:lxmTCgmHE1G
github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7/go.mod h1:GvWntX9qiTlOud0WkQ6ewFm0LPy5JUR1Xo0Ngbd1w6Y=
github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
github.com/distribution/distribution/v3 v3.1.0 h1:u1v788HreKTLGdNY6s7px8Exgrs9mZ9UrCDjSrpCM8g=
github.com/distribution/distribution/v3 v3.1.0/go.mod h1:73BuF5/ziMHNVt7nnL1roYpH4Eg/FgUlKZm3WryIx/o=
github.com/distribution/distribution/v3 v3.1.1 h1:KUbk7C8CfaLXy8kbf/hGq9cad/wCoLB6dbWH6DMbmX0=
github.com/distribution/distribution/v3 v3.1.1/go.mod h1:d7lXwZpph0bVcOj4Aqn0nMrWHIwRQGdiV5TLeI+/w6Y=
github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
@@ -519,8 +519,8 @@ github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7z
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
github.com/fsnotify/fsnotify v1.10.0 h1:Xx/5Ydg9CeBDX/wi4VJqStNtohYjitZhhlHt4h3St1M=
github.com/fsnotify/fsnotify v1.10.0/go.mod h1:TLheqan6HD6GBK6PrDWyDPBaEV8LspOxvPSjC+bVfgo=
github.com/fvbommel/sortorder v1.1.0 h1:fUmoe+HLsBTctBDoaBwpQo5N+nrCp8g/BjKb/6ZQmYw=
github.com/fvbommel/sortorder v1.1.0/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM=
@@ -733,8 +733,8 @@ github.com/google/licenseclassifier/v2 v2.0.0/go.mod h1:cOjbdH0kyC9R22sdQbYsFkto
github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc=
github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0=
github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc=
github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI=
github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 h1:EEHtgt9IwisQ2AZ4pIsMjahcegHh6rmhqxzIRQIyepY=
github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U=
github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
github.com/google/trillian v1.7.2 h1:EPBxc4YWY4Ak8tcuhyFleY+zYlbCDCa4Sn24e1Ka8Js=
@@ -814,10 +814,10 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO
github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/in-toto/attestation v1.1.2 h1:MBFn6lsMq6dptQZJBhalXTcWMb/aJy3V+GX3VYj/V1E=
github.com/in-toto/attestation v1.1.2/go.mod h1:gYFddHMZj3DiQ0b62ltNi1Vj5rC879bTmBbrv9CRHpM=
github.com/in-toto/in-toto-golang v0.10.0 h1:+s2eZQSK3WmWfYV85qXVSBfqgawi/5L02MaqA4o/tpM=
github.com/in-toto/in-toto-golang v0.10.0/go.mod h1:wjT4RiyFlLWCmLUJjwB8oZcjaq7HA390aMJcD3xXgmg=
github.com/in-toto/attestation v1.2.0 h1:aPRUZ3azbqD7yEBD5fP3TD8Dszf+YHo284SOcpahjQk=
github.com/in-toto/attestation v1.2.0/go.mod h1:r79G45gOmzPismgObLSL+rZTFxUgZLOQJI6LofTZgXk=
github.com/in-toto/in-toto-golang v0.11.0 h1:nfidMYBFx+E0lnmX5KUnN2Pdm8zdNKal1ayjJuzzRoA=
github.com/in-toto/in-toto-golang v0.11.0/go.mod h1:u3PjTnwFKjp5a1YCcw8SJg0G+tMeKfVoWsWeFMDCMtw=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
@@ -941,8 +941,8 @@ github.com/masahiro331/go-xfs-filesystem v0.0.0-20231205045356-1b22259a6c44 h1:V
github.com/masahiro331/go-xfs-filesystem v0.0.0-20231205045356-1b22259a6c44/go.mod h1:QKBZqdn6teT0LK3QhAf3K6xakItd1LonOShOEC44idQ=
github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-isatty v0.0.21 h1:xYae+lCNBP7QuW4PUnNG61ffM4hVIfm+zUzDuSzYLGs=
github.com/mattn/go-isatty v0.0.21/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4=
github.com/mattn/go-runewidth v0.0.21 h1:jJKAZiQH+2mIinzCJIaIG9Be1+0NR+5sz/lYEEjdM8w=
github.com/mattn/go-runewidth v0.0.21/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
@@ -1027,8 +1027,8 @@ github.com/nathanaelle/password v1.0.0 h1:1Etka3uuBvATlCb72f7P5vsgedus+C91Fgff1o
github.com/nathanaelle/password v1.0.0/go.mod h1:wt9xV3xwQmc3Qi0ofowmzR7N+kF1L4cguCuWjAfdj1Q=
github.com/nats-io/jwt/v2 v2.8.1 h1:V0xpGuD/N8Mi+fQNDynXohVvp7ZztevW5io8CUWlPmU=
github.com/nats-io/jwt/v2 v2.8.1/go.mod h1:nWnOEEiVMiKHQpnAy4eXlizVEtSfzacZ1Q43LIRavZg=
github.com/nats-io/nats-server/v2 v2.12.7 h1:prQ9cPiWHcnwfT81Wi5lU9LL8TLY+7pxDru6fQYLCQQ=
github.com/nats-io/nats-server/v2 v2.12.7/go.mod h1:dOnmkprKMluTmTF7/QHZioxlau3sKHUM/LBPy9AiBPw=
github.com/nats-io/nats-server/v2 v2.14.0 h1:+8q0HrDFotwLLcGH/legOEOnowunhK+aZ4GYBIWpQlM=
github.com/nats-io/nats-server/v2 v2.14.0/go.mod h1:ImVUUDvfClJbb6cuJQRc1VmgDCXKM5ds0OoiG9MVOKo=
github.com/nats-io/nats.go v1.51.0 h1:ByW84XTz6W03GSSsygsZcA+xgKK8vPGaa/FCAAEHnAI=
github.com/nats-io/nats.go v1.51.0/go.mod h1:26HypzazeOkyO3/mqd1zZd53STJN0EjCYF9Uy2ZOBno=
github.com/nats-io/nkeys v0.4.15 h1:JACV5jRVO9V856KOapQ7x+EY8Jo3qw1vJt/9Jpwzkk4=
@@ -1078,14 +1078,14 @@ github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vv
github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
github.com/onsi/ginkgo/v2 v2.28.0 h1:Rrf+lVLmtlBIKv6KrIGJCjyY8N36vDVcutbGJkyqjJc=
github.com/onsi/ginkgo/v2 v2.28.0/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo=
github.com/onsi/ginkgo/v2 v2.27.2 h1:LzwLj0b89qtIy6SSASkzlNvX6WktqurSHwkk2ipF/Ns=
github.com/onsi/ginkgo/v2 v2.27.2/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo=
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28=
github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg=
github.com/onsi/gomega v1.40.0 h1:Vtol0e1MghCD2ZVIilPDIg44XSL9l2QAn8ZNaljWcJc=
github.com/onsi/gomega v1.40.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A=
github.com/open-policy-agent/opa v1.15.2 h1:dS9q+0Yvruq/VNvWJc5qCvCchn715OWc3HLHXn/UCCc=
github.com/open-policy-agent/opa v1.15.2/go.mod h1:c6SN+7jSsUcKJLQc5P4yhwx8YYDRbjpAiGkBOTqxaa4=
github.com/opencontainers/distribution-spec/specs-go v0.0.0-20250123160558-a139cc423184 h1:4fMydcL7sQjWQPMmzTLpRtsKl5KQdZVNcvPoYwpr4G4=
@@ -1170,8 +1170,8 @@ github.com/redis/go-redis/extra/rediscmd/v9 v9.5.3 h1:1/BDligzCa40GTllkDnY3Y5DTH
github.com/redis/go-redis/extra/rediscmd/v9 v9.5.3/go.mod h1:3dZmcLn3Qw6FLlWASn1g4y+YO9ycEFUOM+bhBmzLVKQ=
github.com/redis/go-redis/extra/redisotel/v9 v9.5.3 h1:kuvuJL/+MZIEdvtb/kTBRiRgYaOmx1l+lYJyVdrRUOs=
github.com/redis/go-redis/extra/redisotel/v9 v9.5.3/go.mod h1:7f/FMrf5RRRVHXgfk7CzSVzXHiWeuOQUu2bsVqWoa+g=
github.com/redis/go-redis/v9 v9.18.0 h1:pMkxYPkEbMPwRdenAzUNyFNrDgHx9U+DrBabWNfSRQs=
github.com/redis/go-redis/v9 v9.18.0/go.mod h1:k3ufPphLU5YXwNTUcCRXGxUoF1fqxnhFQmscfkCoDA0=
github.com/redis/go-redis/v9 v9.19.0 h1:XPVaaPSnG6RhYf7p+rmSa9zZfeVAnWsH5h3lxthOm/k=
github.com/redis/go-redis/v9 v9.19.0/go.mod h1:v/M13XI1PVCDcm01VtPFOADfZtHf8YW3baQf57KlIkA=
github.com/redis/rueidis v1.0.71 h1:pODtnAR5GAB7j4ekhldZ29HKOxe4Hph0GTDGk1ayEQY=
github.com/redis/rueidis v1.0.71/go.mod h1:lfdcZzJ1oKGKL37vh9fO3ymwt+0TdjkkUCJxbgpmcgQ=
github.com/redis/rueidis/rueidiscompat v1.0.71 h1:wNZ//kEjMZgBM0KCk7ncOX8KmAgROU2kDdDNpwheG4w=
@@ -1211,8 +1211,8 @@ github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGq
github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk=
github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgmZlUv4=
github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k=
github.com/secure-systems-lab/go-securesystemslib v0.10.0 h1:l+H5ErcW0PAehBNrBxoGv1jjNpGYdZ9RcheFkB2WI14=
github.com/secure-systems-lab/go-securesystemslib v0.10.0/go.mod h1:MRKONWmRoFzPNQ9USRF9i1mc7MvAVvF1LlW8X5VWDvk=
github.com/secure-systems-lab/go-securesystemslib v0.11.0 h1:iuCR9kcMFD4QurdKrGvPLoKZLv9YvwPYVr0473BdtFs=
github.com/secure-systems-lab/go-securesystemslib v0.11.0/go.mod h1:+PMOTjUGwHj2vcZ+TFKlb1tXRbrdWE1LYDT5i9JC80Q=
github.com/segmentio/asm v1.2.1 h1:DTNbBqs57ioxAD4PrArqftgypG4/qNpXoJx8TVXxPR0=
github.com/segmentio/asm v1.2.1/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
@@ -1374,8 +1374,8 @@ github.com/valyala/fastjson v1.6.7 h1:ZE4tRy0CIkh+qDc5McjatheGX2czdn8slQjomexVpB
github.com/valyala/fastjson v1.6.7/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
github.com/vbatts/tar-split v0.12.2 h1:w/Y6tjxpeiFMR47yzZPlPj/FcPLpXbTUi/9H7d3CPa4=
github.com/vbatts/tar-split v0.12.2/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA=
github.com/vektah/gqlparser/v2 v2.5.32 h1:k9QPJd4sEDTL+qB4ncPLflqTJ3MmjB9SrVzJrawpFSc=
github.com/vektah/gqlparser/v2 v2.5.32/go.mod h1:c1I28gSOVNzlfc4WuDlqU7voQnsqI6OG2amkBAFmgts=
github.com/vektah/gqlparser/v2 v2.5.33 h1:lRp8aIeNUNbimf/axZd7ETg24q06hBtPaas+TcvI/7E=
github.com/vektah/gqlparser/v2 v2.5.33/go.mod h1:c1I28gSOVNzlfc4WuDlqU7voQnsqI6OG2amkBAFmgts=
github.com/veraison/go-cose v1.3.0 h1:2/H5w8kdSpQJyVtIhx8gmwPJ2uSz1PkyWFx0idbd7rk=
github.com/veraison/go-cose v1.3.0/go.mod h1:df09OV91aHoQWLmy1KsDdYiagtXgyAwAl8vFeFn1gMc=
github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
@@ -1428,12 +1428,12 @@ github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6
github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM=
github.com/zclconf/go-cty-yaml v1.2.0 h1:GDyL4+e/Qe/S0B7YaecMLbVvAR/Mp21CXMOSiCTOi1M=
github.com/zclconf/go-cty-yaml v1.2.0/go.mod h1:9YLUH4g7lOhVWqUbctnVlZ5KLpg7JAprQNgxSZ1Gyxs=
github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0=
github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA=
github.com/zeebo/xxh3 v1.1.0 h1:s7DLGDK45Dyfg7++yxI0khrfwq9661w9EN78eP/UZVs=
github.com/zeebo/xxh3 v1.1.0/go.mod h1:IisAie1LELR4xhVinxWS5+zf1lA4p0MW4T+w+W07F5s=
github.com/zitadel/logging v0.7.0 h1:eugftwMM95Wgqwftsvj81isL0JK/hoScVqp/7iA2adQ=
github.com/zitadel/logging v0.7.0/go.mod h1:9A6h9feBF/3u0IhA4uffdzSDY7mBaf7RE78H5sFMINQ=
github.com/zitadel/oidc/v3 v3.47.4 h1:aRNmqY5XkVNUybkMUO+s1QXxjja0M2hoschoqMNgn6U=
github.com/zitadel/oidc/v3 v3.47.4/go.mod h1:XxFh0666HRXycyrKmono+3gY0RACpYJLgy4r/+kliKY=
github.com/zitadel/oidc/v3 v3.47.5 h1:cR2z0oqa5XZkwpXQiPCUGqKtndrjHgEXb81y3oXocK4=
github.com/zitadel/oidc/v3 v3.47.5/go.mod h1:XxFh0666HRXycyrKmono+3gY0RACpYJLgy4r/+kliKY=
github.com/zitadel/schema v1.3.2 h1:gfJvt7dOMfTmxzhscZ9KkapKo3Nei3B6cAxjav+lyjI=
github.com/zitadel/schema v1.3.2/go.mod h1:IZmdfF9Wu62Zu6tJJTH3UsArevs3Y4smfJIj3L8fzxw=
gitlab.com/gitlab-org/api/client-go v1.46.0 h1:YxBWFZIFYKcGESCb9fpkwzouo+apyB9pr/XTWzNoL24=
@@ -1524,8 +1524,8 @@ golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58
golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI=
golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q=
golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI=
golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa h1:Zt3DZoOFFYkKhDT3v7Lm9FDMEV06GpzjG2jrqW+QTE0=
golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa/go.mod h1:K79w1Vqn7PoiZn+TkNpx3BUWUQksGO3JcVX6qIjytmA=
@@ -1566,8 +1566,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA=
golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs=
golang.org/x/net v0.54.0 h1:2zJIZAxAHV/OHCDTCOHAYehQzLfSXuf/5SoL/Dv6w/w=
golang.org/x/net v0.54.0/go.mod h1:Sj4oj8jK6XmHpBZU/zWHw3BV3abl4Kvi+Ut7cQcY+cQ=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs=
golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q=
@@ -1611,14 +1611,13 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ=
golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -1626,8 +1625,8 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY=
golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY=
golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4=
golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -1637,8 +1636,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc=
golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38=
golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U=
golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -1677,16 +1676,16 @@ google.golang.org/genproto v0.0.0-20260406210006-6f92a3bedf2d h1:N1Ec54vZnIPd7Mn
google.golang.org/genproto v0.0.0-20260406210006-6f92a3bedf2d/go.mod h1:c2hJ1grtnH0xUiEKGDGkjGNTJ1Hy2LrblyKOHF0sqRM=
google.golang.org/genproto/googleapis/api v0.0.0-20260406210006-6f92a3bedf2d h1:/aDRtSZJjyLQzm75d+a1wOJaqyKBMvIAfeQmoa3ORiI=
google.golang.org/genproto/googleapis/api v0.0.0-20260406210006-6f92a3bedf2d/go.mod h1:etfGUgejTiadZAUaEP14NP97xi1RGeawqkjDARA/UOs=
google.golang.org/genproto/googleapis/rpc v0.0.0-20260406210006-6f92a3bedf2d h1:wT2n40TBqFY6wiwazVK9/iTWbsQrgk5ZfCSVFLO9LQA=
google.golang.org/genproto/googleapis/rpc v0.0.0-20260406210006-6f92a3bedf2d/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
google.golang.org/genproto/googleapis/rpc v0.0.0-20260504160031-60b97b32f348 h1:pfIbyB44sWzHiCpRqIen67ZQnVXSfIxWrqUMk1qwODE=
google.golang.org/genproto/googleapis/rpc v0.0.0-20260504160031-60b97b32f348/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
google.golang.org/grpc v1.80.0 h1:Xr6m2WmWZLETvUNvIUmeD5OAagMw3FiKmMlTdViWsHM=
google.golang.org/grpc v1.80.0/go.mod h1:ho/dLnxwi3EDJA4Zghp7k2Ec1+c2jqup0bFkw07bwF4=
google.golang.org/grpc v1.81.0 h1:W3G9N3KQf3BU+YuCtGKJk0CmxQNbAISICD/9AORxLIw=
google.golang.org/grpc v1.81.0/go.mod h1:xGH9GfzOyMTGIOXBJmXt+BX/V0kcdQbdcuwQ/zNw42I=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -1698,8 +1697,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af h1:+5/Sw3GsDNlEmu7TfklWKPdQ0Ykja5VEmq2i817+jbI=
google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1741,22 +1740,22 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
k8s.io/api v0.35.3 h1:pA2fiBc6+N9PDf7SAiluKGEBuScsTzd2uYBkA5RzNWQ=
k8s.io/api v0.35.3/go.mod h1:9Y9tkBcFwKNq2sxwZTQh1Njh9qHl81D0As56tu42GA4=
k8s.io/apiextensions-apiserver v0.35.2 h1:iyStXHoJZsUXPh/nFAsjC29rjJWdSgUmG1XpApE29c0=
k8s.io/apiextensions-apiserver v0.35.2/go.mod h1:OdyGvcO1FtMDWQ+rRh/Ei3b6X3g2+ZDHd0MSRGeS8rU=
k8s.io/apimachinery v0.35.4 h1:xtdom9RG7e+yDp71uoXoJDWEE2eOiHgeO4GdBzwWpds=
k8s.io/apimachinery v0.35.4/go.mod h1:NNi1taPOpep0jOj+oRha3mBJPqvi0hGdaV8TCqGQ+cc=
k8s.io/apiserver v0.35.2 h1:rb52v0CZGEL0FkhjS+I6jHflAp7fZ4MIaKcEHX7wmDk=
k8s.io/apiserver v0.35.2/go.mod h1:CROJUAu0tfjZLyYgSeBsBan2T7LUJGh0ucWwTCSSk7g=
k8s.io/apiextensions-apiserver v0.35.3 h1:2fQUhEO7P17sijylbdwt0nBdXP0TvHrHj0KeqHD8FiU=
k8s.io/apiextensions-apiserver v0.35.3/go.mod h1:tK4Kz58ykRpwAEkXUb634HD1ZAegEElktz/B3jgETd8=
k8s.io/apimachinery v0.36.0 h1:jZyPzhd5Z+3h9vJLt0z9XdzW9VzNzWAUw+P1xZ9PXtQ=
k8s.io/apimachinery v0.36.0/go.mod h1:FklypaRJt6n5wUIwWXIP6GJlIpUizTgfo1T/As+Tyxc=
k8s.io/apiserver v0.35.3 h1:D2eIcfJ05hEAEewoSDg+05e0aSRwx8Y4Agvd/wiomUI=
k8s.io/apiserver v0.35.3/go.mod h1:JI0n9bHYzSgIxgIrfe21dbduJ9NHzKJ6RchcsmIKWKY=
k8s.io/cli-runtime v0.35.1 h1:uKcXFe8J7AMAM4Gm2JDK4mp198dBEq2nyeYtO+JfGJE=
k8s.io/cli-runtime v0.35.1/go.mod h1:55/hiXIq1C8qIJ3WBrWxEwDLdHQYhBNRdZOz9f7yvTw=
k8s.io/client-go v0.35.3 h1:s1lZbpN4uI6IxeTM2cpdtrwHcSOBML1ODNTCCfsP1pg=
k8s.io/client-go v0.35.3/go.mod h1:RzoXkc0mzpWIDvBrRnD+VlfXP+lRzqQjCmKtiwZ8Q9c=
k8s.io/component-base v0.35.2 h1:btgR+qNrpWuRSuvWSnQYsZy88yf5gVwemvz0yw79pGc=
k8s.io/component-base v0.35.2/go.mod h1:B1iBJjooe6xIJYUucAxb26RwhAjzx0gHnqO9htWIX+0=
k8s.io/component-base v0.35.3 h1:mbKbzoIMy7JDWS/wqZobYW1JDVRn/RKRaoMQHP9c4P0=
k8s.io/component-base v0.35.3/go.mod h1:IZ8LEG30kPN4Et5NeC7vjNv5aU73ku5MS15iZyvyMYk=
k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc=
k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0=
k8s.io/kube-openapi v0.0.0-20260304202019-5b3e3fdb0acf h1:btPscg4cMql0XdYK2jLsJcNEKmACJz8l+U7geC06FiM=
k8s.io/kube-openapi v0.0.0-20260304202019-5b3e3fdb0acf/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ=
k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a h1:xCeOEAOoGYl2jnJoHkC3hkbPJgdATINPMAxaynU2Ovg=
k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a/go.mod h1:uGBT7iTA6c6MvqUvSXIaYZo9ukscABYi2btjhvgKGZ0=
k8s.io/kubectl v0.35.1 h1:zP3Er8C5i1dcAFUMh9Eva0kVvZHptXIn/+8NtRWMxwg=
k8s.io/kubectl v0.35.1/go.mod h1:cQ2uAPs5IO/kx8R5s5J3Ihv3VCYwrx0obCXum0CvnXo=
k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 h1:AZYQSJemyQB5eRxqcPky+/7EdBj0xi3g0ZcxxJ7vbWU=
@@ -1783,8 +1782,8 @@ modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
modernc.org/sqlite v1.49.1 h1:dYGHTKcX1sJ+EQDnUzvz4TJ5GbuvhNJa8Fg6ElGx73U=
modernc.org/sqlite v1.49.1/go.mod h1:m0w8xhwYUVY3H6pSDwc3gkJ/irZT/0YEXwBlhaxQEew=
modernc.org/sqlite v1.50.0 h1:eMowQSWLK0MeiQTdmz3lqoF5dqclujdlIKeJA11+7oM=
modernc.org/sqlite v1.50.0/go.mod h1:m0w8xhwYUVY3H6pSDwc3gkJ/irZT/0YEXwBlhaxQEew=
modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
pkg/api/authn.go
+1 -1
View File
@@ -75,7 +75,7 @@ func (amw *AuthnMiddleware) sessionAuthn(ctlr *Controller, userAc *reqCtx.UserAc
identity, ok := GetAuthUserFromRequestSession(ctlr.CookieStore, request, ctlr.Log)
if !ok {
// let the client know that this session is invalid/expired
cookie := &http.Cookie{
cookie := &http.Cookie{ //nolint: gosec
Name: "session",
Value: "",
Path: "/",
pkg/api/authn_test.go
+4 -4
View File
@@ -1706,10 +1706,10 @@ func mockWorkloadOIDCServer(t *testing.T, pubKey *rsa.PublicKey) *httptest.Serve
// Calculate modulus and exponent for JWK
nBytes := pubKey.N.Bytes()
eBytes := make([]byte, 4)
eBytes[0] = byte(pubKey.E >> 24)
eBytes[1] = byte(pubKey.E >> 16)
eBytes[2] = byte(pubKey.E >> 8)
eBytes[3] = byte(pubKey.E)
eBytes[0] = byte(pubKey.E >> 24) //nolint: gosec
eBytes[1] = byte(pubKey.E >> 16) //nolint: gosec
eBytes[2] = byte(pubKey.E >> 8) //nolint: gosec
eBytes[3] = byte(pubKey.E) //nolint: gosec
// Trim leading zeros from exponent
for len(eBytes) > 1 && eBytes[0] == 0 {
pkg/api/config/config_test.go
+2 -2
View File
@@ -115,10 +115,10 @@ func TestConfig(t *testing.T) {
Issuer: "https://accounts.google.com",
Scopes: []string{"openid", "email"},
},
"github": {
"github": { //nolint: gosec
Name: "GitHub",
ClientID: "github-client-id",
ClientSecret: "github-client-secret",
ClientSecret: "github-client-secret", //nolint: gosec
AuthURL: "github-auth-url",
TokenURL: "github-token-url",
Scopes: []string{"user:email"},
pkg/api/config/redis/redis_test.go
+1 -1
View File
@@ -74,7 +74,7 @@ func TestRedisOptions(t *testing.T) {
So(clientIntf, ShouldBeNil)
// Success
config = map[string]any{"url": "redis://user:password@localhost:6379/1?dial_timeout=5s"}
config = map[string]any{"url": "redis://user:password@localhost:6379/1?dial_timeout=5s"} //nolint: gosec
clientIntf, err = rediscfg.GetRedisClient(config, log)
So(err, ShouldBeNil)
pkg/api/controller_test.go
+15 -6
View File
@@ -152,6 +152,7 @@ func setupBearerAuthServerCerts(t *testing.T, keyType tlsutils.KeyType) (
if err != nil {
t.Fatalf("Failed to extract public key from cert: %v", err)
}
//nolint:gosec // Path is generated from t.TempDir() within this test helper.
err = os.WriteFile(serverPublicKeyPath, publicKeyPKIX, 0o600)
if err != nil {
t.Fatalf("Failed to write server public key: %v", err)
@@ -163,6 +164,7 @@ func setupBearerAuthServerCerts(t *testing.T, keyType tlsutils.KeyType) (
if err != nil {
t.Fatalf("Failed to extract PKCS1 public key: %v", err)
}
//nolint:gosec // Path is generated from t.TempDir() within this test helper.
err = os.WriteFile(serverPublicKeyPKCS1Path, publicKeyPKCS1, 0o600)
if err != nil {
t.Fatalf("Failed to write server PKCS1 public key: %v", err)
@@ -173,6 +175,7 @@ func setupBearerAuthServerCerts(t *testing.T, keyType tlsutils.KeyType) (
if err != nil {
t.Fatalf("Failed to extract public key from cert: %v", err)
}
//nolint:gosec // Path is generated from t.TempDir() within this test helper.
err = os.WriteFile(serverPublicKeyPath, publicKeyPKIX, 0o600)
if err != nil {
t.Fatalf("Failed to write server public key: %v", err)
@@ -5215,7 +5218,12 @@ func TestAuthnSessionErrors(t *testing.T) {
client := resty.New()
client.SetRedirectPolicy(test.CustomRedirectPolicy(20))
client.SetCookie(&http.Cookie{Name: "session"})
client.SetCookie(&http.Cookie{
Name: "session",
Secure: true,
HttpOnly: true,
SameSite: http.SameSiteLaxMode,
})
// call endpoint with session (added to client after previous request)
resp, err := client.R().
@@ -11926,6 +11934,7 @@ func TestGCSignaturesAndUntaggedManifestsWithMetaDB(t *testing.T) {
err = gc.CleanRepo(ctx, repoName)
So(err, ShouldNotBeNil)
//nolint:gosec // Test path is constructed from t.TempDir() repo data and known blob layout.
err = os.WriteFile(path.Join(dir, repoName, "blobs", "sha256", refs.Manifests[0].Digest.Encoded()), content, 0o600)
So(err, ShouldBeNil)
})
@@ -12993,8 +13002,8 @@ func TestGetGithubUserInfo(t *testing.T) {
mock.GetUserEmails,
[]github.UserEmail{
{
Email: github.String("test@test"),
Primary: github.Bool(true),
Email: new("test@test"),
Primary: new(true),
},
},
),
@@ -13002,7 +13011,7 @@ func TestGetGithubUserInfo(t *testing.T) {
mock.GetUserOrgs,
[]github.Organization{
{
Login: github.String("testOrg"),
Login: new("testOrg"),
},
},
),
@@ -13040,8 +13049,8 @@ func TestGetGithubUserInfo(t *testing.T) {
mock.GetUserEmails,
[]github.UserEmail{
{
Email: github.String("test@test"),
Primary: github.Bool(true),
Email: new("test@test"),
Primary: new(true),
},
},
),
pkg/api/proxy.go
+2
View File
@@ -135,6 +135,7 @@ func proxyHTTPRequest(ctx context.Context, req *http.Request,
requestBody = req.Body
}
//nolint:gosec // target host is selected from trusted cluster membership config (not client-controlled input)
fwdRequest, err := http.NewRequestWithContext(ctx, req.Method, cloneURL.String(), requestBody)
if err != nil {
return nil, err
@@ -178,6 +179,7 @@ func proxyHTTPRequest(ctx context.Context, req *http.Request,
return nil, err
}
//nolint:gosec // outbound request is restricted to the trusted cluster member selected above
resp, err := httpClient.Do(fwdRequest)
if err != nil {
return nil, err
pkg/api/routes.go
+5 -5
View File
@@ -2498,7 +2498,7 @@ func (rh *RouteHandler) GithubCodeExchangeCallback() rp.CodeExchangeCallback[*oi
}
if callbackUI != "" {
http.Redirect(w, r, callbackUI, http.StatusFound)
http.Redirect(w, r, callbackUI, http.StatusFound) //nolint: gosec
return
}
@@ -2554,7 +2554,7 @@ func (rh *RouteHandler) OpenIDCodeExchangeCallbackWithProvider(providerName stri
}
if callbackUI != "" {
http.Redirect(w, r, callbackUI, http.StatusFound)
http.Redirect(w, r, callbackUI, http.StatusFound) //nolint: gosec
return
}
@@ -2654,7 +2654,7 @@ func getImageManifest(ctx context.Context, routeHandler *RouteHandler, imgStore
return imgStore.GetImageManifest(name, reference)
}
type APIKeyPayload struct { //nolint:revive
type APIKeyPayload struct { //nolint:revive,gosec
Label string `json:"label"`
Scopes []string `json:"scopes"`
ExpirationDate string `json:"expirationDate"`
@@ -2686,7 +2686,7 @@ func (rh *RouteHandler) GetAPIKeys(resp http.ResponseWriter, req *http.Request)
json := jsoniter.ConfigCompatibleWithStandardLibrary
data, err := json.Marshal(apiKeyResponse)
data, err := json.Marshal(apiKeyResponse) //nolint:gosec // API key is intentionally returned on creation
if err != nil {
rh.c.Log.Error().Err(err).Msg("failed to marshal api key response")
@@ -2795,7 +2795,7 @@ func (rh *RouteHandler) CreateAPIKey(resp http.ResponseWriter, req *http.Request
json := jsoniter.ConfigCompatibleWithStandardLibrary
data, err := json.Marshal(apiKeyResponse)
data, err := json.Marshal(apiKeyResponse) //nolint:gosec // API key is intentionally returned on creation
if err != nil {
rh.c.Log.Error().Err(err).Msg("failed to marshal api key response")
pkg/api/routes_test.go
+120 -20
View File
@@ -2135,7 +2135,12 @@ func TestCheckBlobUsesDescriptorContentType(t *testing.T) {
layerDigest, _, _ := descriptorTestDigests()
req := httptest.NewRequest(http.MethodHead, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodHead,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req.Header.Set("Accept", "application/vnd.oci.image.layer.v1.tar+gzip, */*")
req = mux.SetURLVars(req, map[string]string{
"name": "test",
@@ -2169,7 +2174,12 @@ func TestCheckBlobFallsBackToBinaryContentType(t *testing.T) {
layerDigest, _, _ := descriptorTestDigests()
req := httptest.NewRequest(http.MethodHead, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodHead,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req.Header.Set("Accept", "*/*")
req = mux.SetURLVars(req, map[string]string{
"name": "test",
@@ -2201,7 +2211,12 @@ func TestGetBlobUsesDescriptorContentType(t *testing.T) {
layerDigest, _, _ := descriptorTestDigests()
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
// Wildcard / mixed Accept must not leak into the response.
req.Header.Set("Accept", "application/vnd.oci.image.layer.v1.tar+gzip, */*")
req = mux.SetURLVars(req, map[string]string{
@@ -2249,7 +2264,12 @@ func TestGetBlobFallsBackOnInvalidDescriptorContentType(t *testing.T) {
layerDigest, _, _ := descriptorTestDigests()
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req = mux.SetURLVars(req, map[string]string{
"name": "test",
"digest": layerDigest.String(),
@@ -2281,7 +2301,12 @@ func TestGetBlobFallsBackToBinaryContentType(t *testing.T) {
layerDigest, _, _ := descriptorTestDigests()
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
// Comma-separated Accept must not produce a malformed Content-Type.
req.Header.Set("Accept", "typeA, typeB")
req = mux.SetURLVars(req, map[string]string{
@@ -2319,7 +2344,12 @@ func TestGetBlobPartialUsesDescriptorContentType(t *testing.T) {
layerDigest, _, _ := descriptorTestDigests()
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req.Header.Set("Range", "bytes=0-1")
req = mux.SetURLVars(req, map[string]string{
"name": "test",
@@ -2361,7 +2391,12 @@ func TestGetBlobPartialFallsBackToBinaryContentType(t *testing.T) {
},
})
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req.Header.Set("Range", "bytes=0-1")
req.Header.Set("Accept", "application/vnd.oci.image.layer.v1.tar+gzip, */*")
req = mux.SetURLVars(req, map[string]string{
@@ -2405,7 +2440,12 @@ func TestGetBlobMultipartPartHasDescriptorContentType(t *testing.T) {
layerDigest, _, _ := descriptorTestDigests()
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req.Header.Set("Range", "bytes=0-1,5-7")
req = mux.SetURLVars(req, map[string]string{
"name": "test",
@@ -2559,7 +2599,12 @@ func TestGetBlobMultipartContentLengthMatchesBody(t *testing.T) {
layerDigest, _, _ := descriptorTestDigests()
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req.Header.Set("Range", "bytes=0-1,5-7,12-15")
req = mux.SetURLVars(req, map[string]string{
"name": "test",
@@ -2631,7 +2676,12 @@ func TestGetBlobMultipartOpensOneReaderAtATime(t *testing.T) {
layerDigest, _, _ := descriptorTestDigests()
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
// Four non-coalescing ranges so the producer must open four
// distinct readers in sequence.
req.Header.Set("Range", "bytes=0-3,8-11,16-19,24-27")
@@ -2688,7 +2738,12 @@ func TestGetBlobMultipartTruncatesOnReaderError(t *testing.T) {
layerDigest, _, _ := descriptorTestDigests()
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req.Header.Set("Range", "bytes=0-1,5-7")
req = mux.SetURLVars(req, map[string]string{
"name": "test",
@@ -2727,7 +2782,12 @@ func TestGetBlobRangeUnsatisfiable(t *testing.T) {
},
})
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req.Header.Set("Range", "bytes=999-1000")
req = mux.SetURLVars(req, map[string]string{
"name": "test",
@@ -2753,7 +2813,12 @@ func TestGetBlobRangeCheckBlobError(t *testing.T) {
},
})
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req.Header.Set("Range", "bytes=0-1")
req = mux.SetURLVars(req, map[string]string{
"name": "test",
@@ -2779,7 +2844,12 @@ func TestGetBlobRangeCheckBlobMissing(t *testing.T) {
},
})
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req.Header.Set("Range", "bytes=0-1")
req = mux.SetURLVars(req, map[string]string{
"name": "test",
@@ -2826,7 +2896,12 @@ func TestGetBlobSingleRangePartialBlobNotFound(t *testing.T) {
},
})
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req.Header.Set("Range", "bytes=0-1")
req = mux.SetURLVars(req, map[string]string{
"name": "test",
@@ -2869,7 +2944,12 @@ func TestGetBlobSingleRangePartialUnexpectedError(t *testing.T) {
},
})
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req.Header.Set("Range", "bytes=0-1")
req = mux.SetURLVars(req, map[string]string{
"name": "test",
@@ -2914,7 +2994,12 @@ func TestGetBlobSingleRangeLengthMismatch(t *testing.T) {
},
})
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req.Header.Set("Range", "bytes=0-1")
req = mux.SetURLVars(req, map[string]string{
"name": "test",
@@ -2965,7 +3050,12 @@ func TestGetBlobMultipartShortReaderTruncates(t *testing.T) {
layerDigest, _, _ := descriptorTestDigests()
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req.Header.Set("Range", "bytes=0-1,5-7")
req = mux.SetURLVars(req, map[string]string{
"name": "test",
@@ -3026,7 +3116,12 @@ func TestGetBlobRangeCheckBlobNamedErrors(t *testing.T) {
},
})
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req.Header.Set("Range", "bytes=0-1")
req = mux.SetURLVars(req, map[string]string{
"name": "test",
@@ -3099,7 +3194,12 @@ func TestGetBlobMultipartReaderCloseError(t *testing.T) {
layerDigest, _, _ := descriptorTestDigests()
req := httptest.NewRequest(http.MethodGet, "http://example.com/v2/test/blobs/sha256:test", nil)
req := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
"http://example.com/v2/test/blobs/sha256:test",
http.NoBody,
)
req.Header.Set("Range", "bytes=0-1,5-7")
req = mux.SetURLVars(req, map[string]string{
"name": "test",
pkg/api/session_test.go
+10 -4
View File
@@ -2,6 +2,7 @@ package api_test
import (
"bytes"
"context"
"encoding/json"
"net/http"
"net/http/httptest"
@@ -100,7 +101,12 @@ func TestSessionAuditLogger(t *testing.T) {
wrapped := zotapi.SessionAuditLogger(audit)(inner)
req := httptest.NewRequest(testCase.method, "/v2/repo/test/uploads", http.NoBody)
req := httptest.NewRequestWithContext(
context.Background(),
testCase.method,
"/v2/repo/test/uploads",
http.NoBody,
)
req.RemoteAddr = "127.0.0.1:12345"
recorder := httptest.NewRecorder()
@@ -147,7 +153,7 @@ func TestSessionAuditLogger_rawQueryAppendedToObject(t *testing.T) {
wrapped := zotapi.SessionAuditLogger(audit)(inner)
req := httptest.NewRequest(http.MethodPost, "/v2/a/b", http.NoBody)
req := httptest.NewRequestWithContext(context.Background(), http.MethodPost, "/v2/a/b", http.NoBody)
req.URL.RawQuery = "digest=sha256:abc"
recorder := httptest.NewRecorder()
@@ -185,7 +191,7 @@ func TestSessionLogger_redactsAuthorizationAndLogsUsernameFromContext(t *testing
wrapped := zotapi.SessionLogger(ctlr)(inner)
req := httptest.NewRequest(http.MethodGet, "/v2/_catalog", http.NoBody)
req := httptest.NewRequestWithContext(context.Background(), http.MethodGet, "/v2/_catalog", http.NoBody)
req.Header.Set("Authorization", "Bearer super-secret-token")
req.RemoteAddr = "10.0.0.1:4444"
@@ -217,7 +223,7 @@ func TestSessionLogger_omitsUsernameWhenAnonymous(t *testing.T) {
wrapped := zotapi.SessionLogger(ctlr)(inner)
req := httptest.NewRequest(http.MethodGet, "/v2/_catalog", http.NoBody)
req := httptest.NewRequestWithContext(context.Background(), http.MethodGet, "/v2/_catalog", http.NoBody)
recorder := httptest.NewRecorder()
wrapped.ServeHTTP(recorder, req)
pkg/cli/client/client_test.go
+6
View File
@@ -110,10 +110,12 @@ func TestTLSWithAuth(t *testing.T) {
// Client certs are resolved under $HOME; isolate from the real home directory.
home := os.Getenv("HOME")
destCertsDir := filepath.Join(home, certsDir1)
//nolint:gosec // test path is tempdir-scoped via HOME override
err := os.MkdirAll(destCertsDir, 0o755)
So(err, ShouldBeNil)
// Write CA certificate to client certs directory (needed for server verification)
//nolint:gosec // test path is tempdir-scoped via HOME override
err = os.WriteFile(filepath.Join(destCertsDir, "ca.crt"), caCertPEM, 0o600)
So(err, ShouldBeNil)
@@ -150,10 +152,12 @@ func TestTLSWithAuth(t *testing.T) {
// Ensure certificates are in the HOME directory that makeConfigFile set
home = os.Getenv("HOME")
destCertsDir = filepath.Join(home, certsDir1)
//nolint:gosec // test path is tempdir-scoped via HOME override
err = os.MkdirAll(destCertsDir, 0o755)
So(err, ShouldBeNil)
// Write CA certificate to client certs directory (needed for server verification)
//nolint:gosec // test path is tempdir-scoped via HOME override
err = os.WriteFile(filepath.Join(destCertsDir, "ca.crt"), caCertPEM, 0o600)
So(err, ShouldBeNil)
@@ -257,10 +261,12 @@ func TestTLSWithoutAuth(t *testing.T) {
home := os.Getenv("HOME")
destCertsDir := filepath.Join(home, certsDir1)
//nolint:gosec // test path is tempdir-scoped via HOME override
err := os.MkdirAll(destCertsDir, 0o755)
So(err, ShouldBeNil)
// Write CA certificate to client certs directory (needed for server verification)
//nolint:gosec // test path is tempdir-scoped via HOME override
err = os.WriteFile(filepath.Join(destCertsDir, "ca.crt"), caCertPEM, 0o600)
So(err, ShouldBeNil)
pkg/cli/client/service.go
+2 -1
View File
@@ -8,6 +8,7 @@ import (
"fmt"
"io"
"net/url"
"slices"
"strconv"
"strings"
"sync"
@@ -1411,7 +1412,7 @@ func (service *searchService) getRepos(ctx context.Context, config SearchConfig,
} else {
// Iterate in reverse order
repos := catalog.Repositories
for i := len(repos) - 1; i >= 0; i-- {
for i := range slices.Backward(repos) {
fmt.Fprintln(config.ResultWriter, repos[i])
}
}
pkg/cli/server/schema.go
+1 -3
View File
@@ -126,9 +126,7 @@ func (g *schemaGenerator) schemaForStruct(reflectType reflect.Type) map[string]a
properties := map[string]any{}
for i := range reflectType.NumField() {
field := reflectType.Field(i)
for field := range reflectType.Fields() {
if !field.IsExported() {
continue
}
pkg/common/common.go
+1 -1
View File
@@ -82,7 +82,7 @@ func DirExists(d string) bool {
return false
}
fileInfo, err := os.Stat(d)
fileInfo, err := os.Stat(d) //nolint: gosec
if err != nil {
if e, ok := err.(*fs.PathError); ok && errors.Is(e.Err, syscall.ENAMETOOLONG) || //nolint: errorlint
errors.Is(e.Err, syscall.EINVAL) {
pkg/common/http_client.go
+1 -1
View File
@@ -18,7 +18,7 @@ func GetTLSConfig(certsPath string, caCertPool *x509.CertPool) (*tls.Config, err
return nil, err
}
caCert, err := os.ReadFile(caCertFile)
caCert, err := os.ReadFile(caCertFile) //nolint:gosec // cert path is constrained to cert directories
if err != nil {
return nil, err
}
pkg/extensions/extension_sync.go
+2 -1
View File
@@ -5,6 +5,7 @@ package extensions
import (
"net"
"net/url"
"slices"
"strings"
zerr "zotregistry.dev/zot/v2/errors"
@@ -119,7 +120,7 @@ func removeSelfURLs(httpAddress, httpPort string, registryConfig *syncconf.Regis
return err
}
for idx := len(registryConfig.URLs) - 1; idx >= 0; idx-- {
for idx := range slices.Backward(registryConfig.URLs) {
registryURL := registryConfig.URLs[idx]
url, err := url.Parse(registryURL)
pkg/extensions/extension_userprefs_test.go
+13 -3
View File
@@ -66,7 +66,12 @@ func TestHandlers(t *testing.T) {
mockmetaDB := mocks.MetaDBMock{}
Convey("No repo in request", t, func() {
request := httptest.NewRequest(http.MethodGet, UserprefsBaseURL+"", strings.NewReader("My string"))
request := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
UserprefsBaseURL+"",
strings.NewReader("My string"),
)
response := httptest.NewRecorder()
extensions.PutStar(response, request, mockmetaDB, log)
@@ -83,7 +88,12 @@ func TestHandlers(t *testing.T) {
})
Convey("Empty repo in request", t, func() {
request := httptest.NewRequest(http.MethodGet, UserprefsBaseURL+"?repo=", strings.NewReader("My string"))
request := httptest.NewRequestWithContext(
context.Background(),
http.MethodGet,
UserprefsBaseURL+"?repo=",
strings.NewReader("My string"),
)
response := httptest.NewRecorder()
extensions.PutStar(response, request, mockmetaDB, log)
@@ -100,7 +110,7 @@ func TestHandlers(t *testing.T) {
})
Convey("ToggleStarRepo different errors", t, func() {
request := httptest.NewRequest(http.MethodGet, UserprefsBaseURL+"?repo=test",
request := httptest.NewRequestWithContext(context.Background(), http.MethodGet, UserprefsBaseURL+"?repo=test",
strings.NewReader("My string"))
Convey("ErrRepoMetaNotFound", func() {
pkg/extensions/search/gql_generated/generated.go
+1838 -2689
View File
File diff suppressed because it is too large Load Diff
pkg/extensions/search/schema.resolvers.go
+1 -1
View File
@@ -3,7 +3,7 @@ package search
// This file will be automatically regenerated based on the schema, any resolver
// implementations
// will be copied through when generating and any unknown code will be moved to the end.
// Code generated by github.com/99designs/gqlgen version v0.17.89
// Code generated by github.com/99designs/gqlgen version v0.17.90
import (
"context"
pkg/extensions/sync/on_demand.go
+8 -8
View File
@@ -64,7 +64,7 @@ func (onDemand *BaseOnDemand) SyncImage(ctx context.Context, repo, reference str
defer onDemand.requestStore.Delete(req)
go onDemand.syncImage(repo, reference, syncResult)
go onDemand.syncImage(ctx, repo, reference, syncResult)
err := <-syncResult
@@ -95,14 +95,14 @@ func (onDemand *BaseOnDemand) SyncReferrers(ctx context.Context, repo string,
defer onDemand.requestStore.Delete(req)
go onDemand.syncReferrers(repo, subjectDigestStr, referenceTypes, syncResult)
go onDemand.syncReferrers(ctx, repo, subjectDigestStr, referenceTypes, syncResult)
err := <-syncResult
return err
}
func (onDemand *BaseOnDemand) syncReferrers(repo, subjectDigestStr string,
func (onDemand *BaseOnDemand) syncReferrers(ctx context.Context, repo, subjectDigestStr string,
referenceTypes []string, syncResult chan error,
) {
defer close(syncResult)
@@ -121,7 +121,7 @@ func (onDemand *BaseOnDemand) syncReferrers(repo, subjectDigestStr string,
// Create a detached context with timeout to ensure sync completes even if HTTP client disconnects.
// This prevents Kubernetes timeout/retries from aborting in-progress referrer downloads.
syncCtx, cancel := context.WithTimeout(context.Background(), timeout)
syncCtx, cancel := context.WithTimeout(context.WithoutCancel(ctx), timeout)
err = service.SyncReferrers(syncCtx, repo, subjectDigestStr, referenceTypes)
cancel()
@@ -164,7 +164,7 @@ func (onDemand *BaseOnDemand) syncReferrers(repo, subjectDigestStr string,
Msg("sync routine: starting routine to copy image, because of error")
// Use detached context with timeout for background retry
retryCtx, cancel := context.WithTimeout(context.Background(), serviceTimeout)
retryCtx, cancel := context.WithTimeout(context.WithoutCancel(ctx), serviceTimeout)
defer cancel()
err := service.SyncReferrers(retryCtx, repo, subjectDigestStr, referenceTypes)
@@ -182,7 +182,7 @@ func (onDemand *BaseOnDemand) syncReferrers(repo, subjectDigestStr string,
syncResult <- err
}
func (onDemand *BaseOnDemand) syncImage(repo, reference string, syncResult chan error) {
func (onDemand *BaseOnDemand) syncImage(ctx context.Context, repo, reference string, syncResult chan error) {
defer close(syncResult)
var err error
@@ -199,7 +199,7 @@ func (onDemand *BaseOnDemand) syncImage(repo, reference string, syncResult chan
// Create a detached context with timeout to ensure sync completes even if HTTP client disconnects.
// This prevents Kubernetes timeout/retries from aborting in-progress image downloads.
syncCtx, cancel := context.WithTimeout(context.Background(), timeout)
syncCtx, cancel := context.WithTimeout(context.WithoutCancel(ctx), timeout)
err = service.SyncImage(syncCtx, repo, reference)
cancel()
@@ -242,7 +242,7 @@ func (onDemand *BaseOnDemand) syncImage(repo, reference string, syncResult chan
Msg("sync routine: starting routine to retry copy image due to error")
// Use detached context with timeout for background retry
retryCtx, cancel := context.WithTimeout(context.Background(), serviceTimeout)
retryCtx, cancel := context.WithTimeout(context.WithoutCancel(ctx), serviceTimeout)
defer cancel()
err := service.SyncImage(retryCtx, repo, reference)
pkg/extensions/sync/sync_test.go
+3 -3
View File
@@ -2640,15 +2640,15 @@ func TestTLS(t *testing.T) {
t.Fatalf("Failed to read CA cert: %v", err)
}
err = os.WriteFile(destClientCertPath, clientCertData, 0o600)
err = os.WriteFile(destClientCertPath, clientCertData, 0o600) //nolint:gosec // test path is tempdir-scoped
if err != nil {
t.Fatalf("Failed to write client cert: %v", err)
}
err = os.WriteFile(destClientKeyPath, clientKeyData, 0o600)
err = os.WriteFile(destClientKeyPath, clientKeyData, 0o600) //nolint:gosec // test path is tempdir-scoped
if err != nil {
t.Fatalf("Failed to write client key: %v", err)
}
err = os.WriteFile(destCACertPath, caCertData, 0o600)
err = os.WriteFile(destCACertPath, caCertData, 0o600) //nolint:gosec // test path is tempdir-scoped
if err != nil {
t.Fatalf("Failed to write CA cert: %v", err)
}
pkg/meta/boltdb/boltdb.go
+2
View File
@@ -1572,6 +1572,7 @@ func (bdw *BoltDB) ToggleStarRepo(ctx context.Context, repo string) (mTypes.Togg
userData.StarredRepos = zcommon.RemoveFrom(userData.StarredRepos, repo)
} else {
res = mTypes.Added
userData.StarredRepos = append(userData.StarredRepos, repo)
}
@@ -1645,6 +1646,7 @@ func (bdw *BoltDB) ToggleBookmarkRepo(ctx context.Context, repo string) (mTypes.
userData.BookmarkedRepos = zcommon.RemoveFrom(userData.BookmarkedRepos, repo)
} else {
res = mTypes.Added
userData.BookmarkedRepos = append(userData.BookmarkedRepos, repo)
}
pkg/meta/hooks.go
+3 -2
View File
@@ -3,6 +3,7 @@ package meta
import (
"context"
"errors"
"slices"
godigest "github.com/opencontainers/go-digest"
v1 "github.com/opencontainers/image-spec/specs-go/v1"
@@ -88,7 +89,7 @@ func rollbackDigestManifestTags(ctx context.Context, repo string, tags, appliedM
) {
imgStore := storeController.GetImageStore(repo)
for i := len(tags) - 1; i >= 0; i-- {
for i := range slices.Backward(tags) {
refTag := tags[i]
if delErr := imgStore.DeleteImageManifest(repo, refTag, false); delErr != nil &&
!errors.Is(delErr, zerr.ErrManifestNotFound) {
@@ -97,7 +98,7 @@ func rollbackDigestManifestTags(ctx context.Context, repo string, tags, appliedM
}
}
for i := len(appliedMetaTags) - 1; i >= 0; i-- {
for i := range slices.Backward(appliedMetaTags) {
refTag := appliedMetaTags[i]
metaDelErr := OnDeleteManifest(repo, refTag, mediaType, digest, body, storeController, metaDB, log)
pkg/storage/gc/gc_test.go
+1 -1
View File
@@ -2200,7 +2200,7 @@ func TestGarbageCollectAndRetentionNoMetaDB(t *testing.T) {
continue
}
So(repo, ShouldEqual, expectedRepos[i])
So(repo, ShouldEqual, expectedRepos[i]) //nolint:gosec // guarded by i < len(expectedRepos)
processedRepos[repo] = struct{}{}
pkg/storage/gcs/gcs_test.go
+18 -9
View File
@@ -135,8 +135,14 @@ func newHTTPSProxyServer(target string) (*httpsProxyServer, error) {
targetURL += "?" + r.URL.RawQuery
}
// Create request to target
req, err := http.NewRequestWithContext(r.Context(), r.Method, targetURL, r.Body)
// Create request to target.
//nolint:gosec // proxy target is local test server
req, err := http.NewRequestWithContext(
r.Context(),
r.Method,
targetURL,
r.Body,
)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -154,7 +160,7 @@ func newHTTPSProxyServer(target string) (*httpsProxyServer, error) {
// Make request
client := &http.Client{Timeout: 30 * time.Second}
resp, err := client.Do(req)
resp, err := client.Do(req) //nolint:gosec // request is sent to local test server
if err != nil {
http.Error(w, err.Error(), http.StatusBadGateway)
@@ -204,12 +210,9 @@ func newHTTPSProxyServer(target string) (*httpsProxyServer, error) {
}
func (p *httpsProxyServer) Start() {
p.wg.Add(1) //nolint:modernize // standard sync.WaitGroup usage
go func() {
defer p.wg.Done()
p.wg.Go(func() {
_ = p.server.Serve(p.listener)
}()
})
}
func (p *httpsProxyServer) Stop() {
@@ -377,7 +380,13 @@ func createObjectsStore(rootDir string, cacheDir string, dedupe bool) (
url := strings.TrimSuffix(endpoint, "/") + "/storage/v1/b?project=test-project"
body := fmt.Sprintf(`{"name": "%s"}`, bucket)
req, err := http.NewRequestWithContext(context.Background(), http.MethodPost, url, strings.NewReader(body))
//nolint:gosec // URL points to gcsmock endpoint in tests
req, err := http.NewRequestWithContext(
context.Background(),
http.MethodPost,
url,
strings.NewReader(body),
)
if err != nil {
return nil, nil, err
}
pkg/storage/s3/s3_test.go
+20 -4
View File
@@ -1202,12 +1202,20 @@ func TestS3Dedupe(t *testing.T) {
Convey("Check backward compatibility - switch dedupe to false", func() {
/* copy cache to the new storage with dedupe false (doing this because we
already have a cache object holding the lock on cache db file) */
input, err := os.ReadFile(path.Join(tdir, storageConstants.BoltdbName+storageConstants.DBExtensionName))
//nolint:gosec // test path is tempdir-scoped
input, err := os.ReadFile(path.Join(
tdir,
storageConstants.BoltdbName+storageConstants.DBExtensionName,
))
So(err, ShouldBeNil)
tdir = t.TempDir()
err = os.WriteFile(path.Join(tdir, storageConstants.BoltdbName+storageConstants.DBExtensionName), input, 0o600)
//nolint:gosec // test path is tempdir-scoped
err = os.WriteFile(path.Join(
tdir,
storageConstants.BoltdbName+storageConstants.DBExtensionName,
), input, 0o600)
So(err, ShouldBeNil)
storeDriver, imgStore, _ := createObjectsStore(testDir, tdir, false)
@@ -3626,7 +3634,11 @@ func TestS3DedupeErr(t *testing.T) {
tdir = t.TempDir()
err = os.WriteFile(path.Join(tdir, storageConstants.BoltdbName+storageConstants.DBExtensionName), input, 0o600)
//nolint:gosec // test path is tempdir-scoped
err = os.WriteFile(path.Join(
tdir,
storageConstants.BoltdbName+storageConstants.DBExtensionName,
), input, 0o600)
So(err, ShouldBeNil)
imgStore = createMockStorage(testDir, tdir, true, &mocks.StorageDriverMock{
@@ -3674,7 +3686,11 @@ func TestS3DedupeErr(t *testing.T) {
tdir = t.TempDir()
err = os.WriteFile(path.Join(tdir, storageConstants.BoltdbName+storageConstants.DBExtensionName), input, 0o600)
//nolint:gosec // test path is tempdir-scoped
err = os.WriteFile(path.Join(
tdir,
storageConstants.BoltdbName+storageConstants.DBExtensionName,
), input, 0o600)
So(err, ShouldBeNil)
imgStore = createMockStorage(testDir, tdir, true, &mocks.StorageDriverMock{