github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-17 12:58:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,537 Commits 38 Branches 132 Tags
4d6bf1882567812581a302ca809f15c250d4f3f3
Commit Graph

378 Commits

Author SHA1 Message Date
Ramkumar Chinchani 5087d725e6 chore: fix dependabot alerts (#4059) 2026-05-12 10:50:02 +03:00
Ramkumar Chinchani 9aff5b8d08 chore: fix dependabot alerts (#4048) 
* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: fix golangci-lint findings from CI

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: fix golangci-lint gosec warnings

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update code to use slices package and address gosec linting issues

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* build: fix makefile target

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update tests to use context in HTTP requests and add gosec annotations

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update tests to use context in HTTP requests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update tests to use context in HTTP requests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update tests to use context in HTTP requests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update tests to use context in HTTP requests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: bump zui version

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update test helpers and improve security settings in tests

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: add gosec linting directive for test path construction

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-05-11 09:29:05 +03:00
Ramkumar Chinchani 113c4819ec chore: fix dependabot alerts (#4020) 
* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: bump zui version

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-04-26 21:52:54 -07:00
Ramkumar Chinchani 8bec9b365e chore: fix dependabot alerts (#3990) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-04-25 09:09:59 +03:00
Ramkumar Chinchani 3bc5f97b51 chore: fix dependabot alerts (#3971) 
* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: bump zui version

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-04-17 09:11:32 +03:00
Ramkumar Chinchani d443346196 chore: fix dependabot alerts (#3968) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-04-15 07:42:32 +03:00
Andrei Aaron 9991821295 fix: Updating a repository should not result in a corrupted index.json file if disk is full (#3963) 
See https://github.com/project-zot/zot/issues/3924

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
 2026-04-14 08:59:25 +03:00
Ramkumar Chinchani 82947e801e chore: fix dependabot alerts (#3964) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-04-13 09:15:45 +03:00
Ramkumar Chinchani 43bf754fca chore: fix dependabot alerts (#3953) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-04-09 09:15:24 +03:00
Ramkumar Chinchani 621243cdde chore: fix dependabot alerts (#3947) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-04-08 00:09:44 -07:00
Ramkumar Chinchani 78c6e915dd chore: fix dependabot alerts (#3940) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-04-06 10:03:09 -07:00
Ramkumar Chinchani b621698416 chore: fix dependabot alerts (#3931) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-04-05 00:30:24 -07:00
Ramkumar Chinchani 79ab6464dc chore: fix dependabot alerts (#3921) 2026-03-31 09:53:19 +03:00
Ramkumar Chinchani 705939aed3 feat(schema): add schema command to dump JSON Schema for zot config (#3905) 
Fixes https://github.com/project-zot/zot/issues/3882

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-03-28 08:28:35 -07:00
Ramkumar Chinchani 6831928e53 chore: fix dependabot alerts (#3896) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-03-26 09:14:59 +02:00
Ramkumar Chinchani d30be464f6 chore: fix dependabot alerts (#3880) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-03-19 08:38:41 +02:00
Ramkumar Chinchani 2ba0525f01 chore: fix dependabot alerts (#3860) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-03-10 09:43:08 +02:00
Ramkumar Chinchani bb121c3b76 chore: fix dependabot alerts (#3841) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-03-03 23:59:38 -08:00
Ramkumar Chinchani 01bca48e33 chore: fix dependabot alerts (#3820) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-02-24 08:23:49 +02:00
Ramkumar Chinchani 624a520453 chore: fix dependabot alerts (#3802) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-02-16 11:42:35 -08:00
Ramkumar Chinchani 2c110d2c20 chore: fix dependabot alerts (#3794) 2026-02-13 07:52:19 +02:00
Ramkumar Chinchani 26f8201864 chore: update golang version to 1.25.7 (#3790) 
* chore: update golang version to 1.25.7

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* ci: attempt to update to latest golang

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-02-12 21:21:52 +02:00
Andrei Aaron 3454ad63dc chore: update github.com/sigstore/cosign/v3 from 3.0.2 to 3.0.4 (#3789) 
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
 2026-02-10 14:16:50 -08:00
Ramkumar Chinchani c3c50a2261 chore: fix dependabot alerts (#3788) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-02-09 22:18:35 -08:00
Ramkumar Chinchani d5b1b2d25b chore: fix dependabot alerts (#3774) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-02-03 20:25:38 +02:00
Ramkumar Chinchani b905528b6c chore: fix dependabot alerts (#3751) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-01-31 11:48:29 +02:00
Matheus Pimenta bf619c570e Introduce support for OIDC workload identity federation (#3711) 
* feat(oidc): introduce support for OIDC workload identity federation

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

* feat(oidc): add e2e test for bearer OIDC and a kind cluster

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

* feat(oidc): make OIDC workload identity federation its own feature

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

* feat(oidc): move errors to the errors package

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

* feat(oidc): fix race in cel package

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

* feat(oidc): compile cel expressions

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>

---------

Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
 2026-01-24 21:03:53 -08:00
Ramkumar Chinchani 5f15470763 chore: fix dependabot alerts (#3730) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-01-24 11:52:02 +02:00
Ramkumar Chinchani dd1987fd11 chore: fix dependabot alerts (#3726) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-01-22 14:54:11 +02:00
Andrei Aaron 14e537a5eb chore: remove direct usage of the github.com/aws/aws-sdk-go package (aws sdk v1) (#3701) 
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
 2026-01-15 21:43:34 +02:00
Ramkumar Chinchani 0cac8a7ee8 chore: fix dependabot alerts (#3707) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2026-01-15 20:42:39 +02:00
Asgeir Storesund Nilsen 708adf63d4 fix: CVE-2025-30204 - golang-jwt DoS vulnerability via excessive memory allocation (#3687) 
* fix: CVE-2025-30204 - golang-jwt DoS vulnerability via excessive memory
allocation

Signed-off-by: Asgeir Nilsen <asgeir@twingine.no>

* fix: linting

Signed-off-by: Asgeir Nilsen <asgeir@twingine.no>

* chore: update project-zot/mockoidc to remove golang-jwt v3

Signed-off-by: Asgeir Nilsen <asgeir@twingine.no>

* test: Add more tests for bearer tokens

Signed-off-by: Asgeir Nilsen <asgeir@twingine.no>

* fix: Rewrite tests to remove MakeAuthTestServerLegacy

Signed-off-by: Asgeir Nilsen <asgeir@twingine.no>

---------

Signed-off-by: Asgeir Nilsen <asgeir@twingine.no>
 2026-01-14 11:34:58 +02:00
Ramkumar Chinchani 800a545fbe chore: fix dependabot alerts (#3677) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-12-29 09:59:57 +02:00
Ramkumar Chinchani 331a927fa4 chore: fix dependabot alerts (#3660) 
* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* fix: linter error

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-12-19 12:12:10 -08:00
Ramkumar Chinchani 3a349dccec chore: fix dependabot alerts (#3657) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-12-15 23:34:32 -08:00
Ramkumar Chinchani e7b73b6c2d chore: fix dependabot alerts (#3636) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-12-09 10:49:45 +02:00
Ramkumar Chinchani 92aee8ebce chore: Fix deps (#3620) 
* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* chore: update zui

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-12-04 11:43:24 +02:00
Andrei Aaron e068b8dc9f chore: Enable Go jsonv2 experiment and update the trivy dependency (v0.67.2) (#3572) 
It requires the encoding/json/jsontext
package which is only available when the goexperiment.jsonv2 build
tag is enabled. This was causing build constraint errors during
tests and builds.

Changes:
- Add GOEXPERIMENT=jsonv2 to Makefile export and all go build/test
  commands that use env (since env creates a fresh environment)
- Add GOEXPERIMENT=jsonv2 to GitHub workflows that use direct go
  commands (workflows using make inherit it from Makefile)

Fix other dependabot alerts.

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
 2025-11-27 09:58:37 +02:00
Ramkumar Chinchani 6452bec403 chore: fix dependabot alerts (#3595) 
* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* ci: bump up golang to 1.25.x

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* fix: linter errors

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* fix: stacker and docker build files to use golang 1.25

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-11-26 11:21:36 +02:00
Ramkumar Chinchani 4a03184f9c chore: fix dependabot alerts (#3566) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-11-19 23:19:22 -08:00
Andrei Aaron 2b60e11ce4 chore: update cosign from v2 to v3 (#3561) 
* chore: update cosign from v2 to v3

Also do not import cosing into zli, as it doubles the bianry size
See: https://github.com/project-zot/zot/actions/runs/19506399474/job/55833719683?pr=3561

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

* chore: privileged-test should not depend on downloaded images

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

---------

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
 2025-11-20 00:43:57 +02:00
Andrei Aaron 8e63df6678 chore: update github.com/olekukonko/tablewriter to v1.1.1 (#3559) 
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
 2025-11-18 23:02:50 -08:00
Ramkumar Chinchani 49c15abf06 chore: fix dependabot alerts (#3555) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-11-18 08:46:51 +02:00
Ramkumar Chinchani 2b6fba7059 chore: fix dependabot alerts (#3534) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-11-10 23:45:17 -08:00
Ramkumar Chinchani 04ae0a9409 fix: add support for sha256 and sha512 in htpasswd (#3497) 
feat: add support for sha256 and sha512 htpasswd formats

Fixes issue #3495

We currently support only bcrypt htpasswd hashes, however bcrypt is not
FIPS-140 approved since it uses Blowfish.

This PR adds support for sha256 and sha512 formats and enforces that
bcrypt be disabled when fips140 mode is enabled.

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-11-09 15:28:29 +02:00
Ramkumar Chinchani 911244b4b7 chore: fix dependabot alerts (#3517) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-11-06 17:08:18 -08:00
Ramkumar Chinchani 33c466e007 chore: fix dependabot alerts (#3514) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-11-04 14:11:27 +02:00
Ramkumar Chinchani a0943eccfe chore: fix dependabot alerts (#3496) 
* chore: fix dependabot alerts

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

* fix: initialize logger in ut

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>

---------

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-10-30 14:21:53 -07:00
Ramkumar Chinchani 559d9cf2fc chore: fix dependabot alerts (#3477) 
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
 2025-10-22 09:46:03 +03:00
Andrei Aaron dfb5d1df54 fix: make config read/write thread safe (#3432) 
* fix: make config read/write thread safe and fix some other similar issues

1. The config config has a lock, and safe methods to update and read the attributes
2. The config has methods to retrieve copies of specific attributes, such as the extyensions config, the auth config, and the authz config.
These are needed, as the config object may mutate in the middle of an auth/authz requests, and we avoid partial configuration being applied for that request.
3. Fix an issue with the monitoring server not stopping when the controller is shut down.
4. Fix an issue with the HTPasswdWatcher not stopping when the background tasks are supposed to finish.
5. Fix some tests using hardcoded ports.

Moved some of the methods which were on the main config to the auth, access control and extension configs

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
 2025-10-18 11:20:58 +03:00