5087d725e6
chore: fix dependabot alerts ( #4059 )
2026-05-12 10:50:02 +03:00
9aff5b8d08
chore: fix dependabot alerts ( #4048 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: fix golangci-lint findings from CI
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: fix golangci-lint gosec warnings
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update code to use slices package and address gosec linting issues
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* build: fix makefile target
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update tests to use context in HTTP requests and add gosec annotations
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update tests to use context in HTTP requests
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update tests to use context in HTTP requests
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update tests to use context in HTTP requests
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update tests to use context in HTTP requests
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: bump zui version
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update test helpers and improve security settings in tests
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: add gosec linting directive for test path construction
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-05-11 09:29:05 +03:00
113c4819ec
chore: fix dependabot alerts ( #4020 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: bump zui version
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-26 21:52:54 -07:00
8bec9b365e
chore: fix dependabot alerts ( #3990 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-25 09:09:59 +03:00
3bc5f97b51
chore: fix dependabot alerts ( #3971 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: bump zui version
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-17 09:11:32 +03:00
d443346196
chore: fix dependabot alerts ( #3968 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-15 07:42:32 +03:00
82947e801e
chore: fix dependabot alerts ( #3964 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-13 09:15:45 +03:00
43bf754fca
chore: fix dependabot alerts ( #3953 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-09 09:15:24 +03:00
621243cdde
chore: fix dependabot alerts ( #3947 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-08 00:09:44 -07:00
78c6e915dd
chore: fix dependabot alerts ( #3940 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-06 10:03:09 -07:00
b621698416
chore: fix dependabot alerts ( #3931 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-04-05 00:30:24 -07:00
79ab6464dc
chore: fix dependabot alerts ( #3921 )
2026-03-31 09:53:19 +03:00
6831928e53
chore: fix dependabot alerts ( #3896 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-03-26 09:14:59 +02:00
d30be464f6
chore: fix dependabot alerts ( #3880 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-03-19 08:38:41 +02:00
2ba0525f01
chore: fix dependabot alerts ( #3860 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-03-10 09:43:08 +02:00
bb121c3b76
chore: fix dependabot alerts ( #3841 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-03-03 23:59:38 -08:00
01bca48e33
chore: fix dependabot alerts ( #3820 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-02-24 08:23:49 +02:00
624a520453
chore: fix dependabot alerts ( #3802 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-02-16 11:42:35 -08:00
2c110d2c20
chore: fix dependabot alerts ( #3794 )
2026-02-13 07:52:19 +02:00
3454ad63dc
chore: update github.com/sigstore/cosign/v3 from 3.0.2 to 3.0.4 ( #3789 )
...
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
2026-02-10 14:16:50 -08:00
c3c50a2261
chore: fix dependabot alerts ( #3788 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-02-09 22:18:35 -08:00
d5b1b2d25b
chore: fix dependabot alerts ( #3774 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-02-03 20:25:38 +02:00
b905528b6c
chore: fix dependabot alerts ( #3751 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-01-31 11:48:29 +02:00
bf619c570e
Introduce support for OIDC workload identity federation ( #3711 )
...
* feat(oidc): introduce support for OIDC workload identity federation
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com >
* feat(oidc): add e2e test for bearer OIDC and a kind cluster
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com >
* feat(oidc): make OIDC workload identity federation its own feature
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com >
* feat(oidc): move errors to the errors package
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com >
* feat(oidc): fix race in cel package
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com >
* feat(oidc): compile cel expressions
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com >
---------
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com >
2026-01-24 21:03:53 -08:00
5f15470763
chore: fix dependabot alerts ( #3730 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-01-24 11:52:02 +02:00
dd1987fd11
chore: fix dependabot alerts ( #3726 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-01-22 14:54:11 +02:00
14e537a5eb
chore: remove direct usage of the github.com/aws/aws-sdk-go package (aws sdk v1) ( #3701 )
...
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
2026-01-15 21:43:34 +02:00
0cac8a7ee8
chore: fix dependabot alerts ( #3707 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2026-01-15 20:42:39 +02:00
708adf63d4
fix: CVE-2025-30204 - golang-jwt DoS vulnerability via excessive memory allocation ( #3687 )
...
* fix: CVE-2025-30204 - golang-jwt DoS vulnerability via excessive memory
allocation
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
* fix: linting
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
* chore: update project-zot/mockoidc to remove golang-jwt v3
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
* test: Add more tests for bearer tokens
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
* fix: Rewrite tests to remove MakeAuthTestServerLegacy
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
---------
Signed-off-by: Asgeir Nilsen <asgeir@twingine.no >
2026-01-14 11:34:58 +02:00
800a545fbe
chore: fix dependabot alerts ( #3677 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-12-29 09:59:57 +02:00
331a927fa4
chore: fix dependabot alerts ( #3660 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: linter error
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-12-19 12:12:10 -08:00
3a349dccec
chore: fix dependabot alerts ( #3657 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-12-15 23:34:32 -08:00
e7b73b6c2d
chore: fix dependabot alerts ( #3636 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-12-09 10:49:45 +02:00
92aee8ebce
chore: Fix deps ( #3620 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update zui
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-12-04 11:43:24 +02:00
e068b8dc9f
chore: Enable Go jsonv2 experiment and update the trivy dependency (v0.67.2) ( #3572 )
...
It requires the encoding/json/jsontext
package which is only available when the goexperiment.jsonv2 build
tag is enabled. This was causing build constraint errors during
tests and builds.
Changes:
- Add GOEXPERIMENT=jsonv2 to Makefile export and all go build/test
commands that use env (since env creates a fresh environment)
- Add GOEXPERIMENT=jsonv2 to GitHub workflows that use direct go
commands (workflows using make inherit it from Makefile)
Fix other dependabot alerts.
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
2025-11-27 09:58:37 +02:00
6452bec403
chore: fix dependabot alerts ( #3595 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* ci: bump up golang to 1.25.x
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: linter errors
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: stacker and docker build files to use golang 1.25
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-26 11:21:36 +02:00
4a03184f9c
chore: fix dependabot alerts ( #3566 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-19 23:19:22 -08:00
2b60e11ce4
chore: update cosign from v2 to v3 ( #3561 )
...
* chore: update cosign from v2 to v3
Also do not import cosing into zli, as it doubles the bianry size
See: https://github.com/project-zot/zot/actions/runs/19506399474/job/55833719683?pr=3561
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
* chore: privileged-test should not depend on downloaded images
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
---------
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
2025-11-20 00:43:57 +02:00
8e63df6678
chore: update github.com/olekukonko/tablewriter to v1.1.1 ( #3559 )
...
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
2025-11-18 23:02:50 -08:00
49c15abf06
chore: fix dependabot alerts ( #3555 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-18 08:46:51 +02:00
2b6fba7059
chore: fix dependabot alerts ( #3534 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-10 23:45:17 -08:00
04ae0a9409
fix: add support for sha256 and sha512 in htpasswd ( #3497 )
...
feat: add support for sha256 and sha512 htpasswd formats
Fixes issue #3495
We currently support only bcrypt htpasswd hashes, however bcrypt is not
FIPS-140 approved since it uses Blowfish.
This PR adds support for sha256 and sha512 formats and enforces that
bcrypt be disabled when fips140 mode is enabled.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-09 15:28:29 +02:00
911244b4b7
chore: fix dependabot alerts ( #3517 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-06 17:08:18 -08:00
33c466e007
chore: fix dependabot alerts ( #3514 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-04 14:11:27 +02:00
a0943eccfe
chore: fix dependabot alerts ( #3496 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: initialize logger in ut
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-10-30 14:21:53 -07:00
559d9cf2fc
chore: fix dependabot alerts ( #3477 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-10-22 09:46:03 +03:00
dfb5d1df54
fix: make config read/write thread safe ( #3432 )
...
* fix: make config read/write thread safe and fix some other similar issues
1. The config config has a lock, and safe methods to update and read the attributes
2. The config has methods to retrieve copies of specific attributes, such as the extyensions config, the auth config, and the authz config.
These are needed, as the config object may mutate in the middle of an auth/authz requests, and we avoid partial configuration being applied for that request.
3. Fix an issue with the monitoring server not stopping when the controller is shut down.
4. Fix an issue with the HTPasswdWatcher not stopping when the background tasks are supposed to finish.
5. Fix some tests using hardcoded ports.
Moved some of the methods which were on the main config to the auth, access control and extension configs
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com >
2025-10-18 11:20:58 +03:00
b2bbbb27f2
chore: fix dependabot alerts ( #3461 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-10-14 08:07:24 +03:00
411a3d00b5
fix: update go-redsync for fips-140 compatibility ( #3451 )
...
* fix: update go-redsync for fips-140 compatibility
Fixes issue #3445
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: address comments and add a basic push-pull test
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: address comments
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-10-13 09:34:12 +03:00
1d9c9aeacf
chore: fix dependabot alerts ( #3444 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-10-07 14:14:34 +03:00
Ramkumar Chinchani