225e2fb96d
chore: fix dependabot alerts ( #4126 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: bump zui version
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-06-11 17:22:15 -07:00
e8c38a5639
chore: fix dependabot alerts ( #4113 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-06-05 15:12:32 +03:00
d8fb19819b
chore: fix dependabot alerts ( #4091 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-05-22 22:20:08 -07:00
a4c55e288c
chore: fix dependabot alerts ( #4082 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-05-21 08:50:48 -07:00
555a35d3dc
chore: fix dependabot alerts ( #4072 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-05-16 23:33:48 -07:00
5087d725e6
chore: fix dependabot alerts ( #4059 )
2026-05-12 10:50:02 +03:00
9aff5b8d08
chore: fix dependabot alerts ( #4048 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: fix golangci-lint findings from CI
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: fix golangci-lint gosec warnings
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update code to use slices package and address gosec linting issues
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* build: fix makefile target
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update tests to use context in HTTP requests and add gosec annotations
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update tests to use context in HTTP requests
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update tests to use context in HTTP requests
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update tests to use context in HTTP requests
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update tests to use context in HTTP requests
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: bump zui version
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update test helpers and improve security settings in tests
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: add gosec linting directive for test path construction
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-05-11 09:29:05 +03:00
113c4819ec
chore: fix dependabot alerts ( #4020 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: bump zui version
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-26 21:52:54 -07:00
8bec9b365e
chore: fix dependabot alerts ( #3990 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-25 09:09:59 +03:00
3bc5f97b51
chore: fix dependabot alerts ( #3971 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: bump zui version
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-17 09:11:32 +03:00
d443346196
chore: fix dependabot alerts ( #3968 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-15 07:42:32 +03:00
9991821295
fix: Updating a repository should not result in a corrupted index.json file if disk is full ( #3963 )
...
See https://github.com/project-zot/zot/issues/3924
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
2026-04-14 08:59:25 +03:00
82947e801e
chore: fix dependabot alerts ( #3964 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-13 09:15:45 +03:00
43bf754fca
chore: fix dependabot alerts ( #3953 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-09 09:15:24 +03:00
621243cdde
chore: fix dependabot alerts ( #3947 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-08 00:09:44 -07:00
78c6e915dd
chore: fix dependabot alerts ( #3940 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-06 10:03:09 -07:00
b621698416
chore: fix dependabot alerts ( #3931 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-05 00:30:24 -07:00
79ab6464dc
chore: fix dependabot alerts ( #3921 )
2026-03-31 09:53:19 +03:00
705939aed3
feat(schema): add schema command to dump JSON Schema for zot config ( #3905 )
...
Fixes https://github.com/project-zot/zot/issues/3882
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-03-28 08:28:35 -07:00
6831928e53
chore: fix dependabot alerts ( #3896 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-03-26 09:14:59 +02:00
d30be464f6
chore: fix dependabot alerts ( #3880 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-03-19 08:38:41 +02:00
2ba0525f01
chore: fix dependabot alerts ( #3860 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-03-10 09:43:08 +02:00
bb121c3b76
chore: fix dependabot alerts ( #3841 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-03-03 23:59:38 -08:00
01bca48e33
chore: fix dependabot alerts ( #3820 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-02-24 08:23:49 +02:00
624a520453
chore: fix dependabot alerts ( #3802 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-02-16 11:42:35 -08:00
2c110d2c20
chore: fix dependabot alerts ( #3794 )
2026-02-13 07:52:19 +02:00
26f8201864
chore: update golang version to 1.25.7 ( #3790 )
...
* chore: update golang version to 1.25.7
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* ci: attempt to update to latest golang
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-02-12 21:21:52 +02:00
3454ad63dc
chore: update github.com/sigstore/cosign/v3 from 3.0.2 to 3.0.4 ( #3789 )
...
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
2026-02-10 14:16:50 -08:00
c3c50a2261
chore: fix dependabot alerts ( #3788 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-02-09 22:18:35 -08:00
d5b1b2d25b
chore: fix dependabot alerts ( #3774 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-02-03 20:25:38 +02:00
b905528b6c
chore: fix dependabot alerts ( #3751 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-01-31 11:48:29 +02:00
bf619c570e
Introduce support for OIDC workload identity federation ( #3711 )
...
* feat(oidc): introduce support for OIDC workload identity federation
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com >
* feat(oidc): add e2e test for bearer OIDC and a kind cluster
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com >
* feat(oidc): make OIDC workload identity federation its own feature
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com >
* feat(oidc): move errors to the errors package
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com >
* feat(oidc): fix race in cel package
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com >
* feat(oidc): compile cel expressions
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com >
---------
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com >
2026-01-24 21:03:53 -08:00
5f15470763
chore: fix dependabot alerts ( #3730 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-01-24 11:52:02 +02:00
dd1987fd11
chore: fix dependabot alerts ( #3726 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-01-22 14:54:11 +02:00
14e537a5eb
chore: remove direct usage of the github.com/aws/aws-sdk-go package (aws sdk v1) ( #3701 )
...
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
2026-01-15 21:43:34 +02:00
0cac8a7ee8
chore: fix dependabot alerts ( #3707 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-01-15 20:42:39 +02:00
708adf63d4
fix: CVE-2025-30204 - golang-jwt DoS vulnerability via excessive memory allocation ( #3687 )
...
* fix: CVE-2025-30204 - golang-jwt DoS vulnerability via excessive memory
allocation
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
* fix: linting
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
* chore: update project-zot/mockoidc to remove golang-jwt v3
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
* test: Add more tests for bearer tokens
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
* fix: Rewrite tests to remove MakeAuthTestServerLegacy
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
---------
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
2026-01-14 11:34:58 +02:00
800a545fbe
chore: fix dependabot alerts ( #3677 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-12-29 09:59:57 +02:00
331a927fa4
chore: fix dependabot alerts ( #3660 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: linter error
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-12-19 12:12:10 -08:00
3a349dccec
chore: fix dependabot alerts ( #3657 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-12-15 23:34:32 -08:00
e7b73b6c2d
chore: fix dependabot alerts ( #3636 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-12-09 10:49:45 +02:00
92aee8ebce
chore: Fix deps ( #3620 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update zui
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-12-04 11:43:24 +02:00
e068b8dc9f
chore: Enable Go jsonv2 experiment and update the trivy dependency (v0.67.2) ( #3572 )
...
It requires the encoding/json/jsontext
package which is only available when the goexperiment.jsonv2 build
tag is enabled. This was causing build constraint errors during
tests and builds.
Changes:
- Add GOEXPERIMENT=jsonv2 to Makefile export and all go build/test
commands that use env (since env creates a fresh environment)
- Add GOEXPERIMENT=jsonv2 to GitHub workflows that use direct go
commands (workflows using make inherit it from Makefile)
Fix other dependabot alerts.
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
2025-11-27 09:58:37 +02:00
6452bec403
chore: fix dependabot alerts ( #3595 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* ci: bump up golang to 1.25.x
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: linter errors
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: stacker and docker build files to use golang 1.25
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-26 11:21:36 +02:00
4a03184f9c
chore: fix dependabot alerts ( #3566 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-19 23:19:22 -08:00
2b60e11ce4
chore: update cosign from v2 to v3 ( #3561 )
...
* chore: update cosign from v2 to v3
Also do not import cosing into zli, as it doubles the bianry size
See: https://github.com/project-zot/zot/actions/runs/19506399474/job/55833719683?pr=3561
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
* chore: privileged-test should not depend on downloaded images
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
---------
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
2025-11-20 00:43:57 +02:00
8e63df6678
chore: update github.com/olekukonko/tablewriter to v1.1.1 ( #3559 )
...
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
2025-11-18 23:02:50 -08:00
49c15abf06
chore: fix dependabot alerts ( #3555 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-18 08:46:51 +02:00
2b6fba7059
chore: fix dependabot alerts ( #3534 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-10 23:45:17 -08:00
04ae0a9409
fix: add support for sha256 and sha512 in htpasswd ( #3497 )
...
feat: add support for sha256 and sha512 htpasswd formats
Fixes issue #3495
We currently support only bcrypt htpasswd hashes, however bcrypt is not
FIPS-140 approved since it uses Blowfish.
This PR adds support for sha256 and sha512 formats and enforces that
bcrypt be disabled when fips140 mode is enabled.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-09 15:28:29 +02:00
Ramkumar Chinchani