73b1126bbf
chore(go.mod): fix dependabot alerts ( #1247 )
...
Supersedes:
- https://github.com/project-zot/zot/pull/1132
- https://github.com/project-zot/zot/pull/1243
- https://github.com/project-zot/zot/pull/1244
- https://github.com/project-zot/zot/pull/1245
Also update the AWS SDK libraries used
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2023-03-06 11:05:19 -08:00
646250736e
fix(go.mod): replace opencontainers/umoci dependency with project-stacker/umoci ( #1240 )
...
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com >
2023-03-05 21:11:07 -08:00
5a2fb4108d
chore(go.mod): fix dependabot alerts ( #1228 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-02-28 17:38:49 +02:00
f6a540747f
chore(go.mod): fix dependabot alerts ( #1222 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-02-23 22:32:20 +02:00
4a56e30cd7
chore(go.mod): fix dependabot alerts ( #1218 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-02-23 09:09:28 +02:00
be33f7b252
chore(go.mod): fix dependabot alerts ( #1210 )
...
* chore(go.mod): fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
* chore(test): update image tags
We have cleaned up older golang images in the project.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
* ci(gqlgen): fix gql schema validation GH workflow after npm upgrade
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-02-17 13:54:49 -08:00
b9a75b2e44
chore(go.mod): fix dependabot alerts ( #1194 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-02-13 12:48:05 -08:00
ee95ab0ffc
fix: call notation-go libs instead of using notation binary ( #1104 )
...
fix: add loading notation path
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com >
Co-authored-by: Roxana Nemulescu <roxana.nemulescu@gmail.com >
2023-02-13 10:43:52 -08:00
c154ab02f3
chore(deps): fix dependabot alerts ( #1179 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-02-07 08:52:17 +02:00
863d057e43
chore(deps): fix dependabot alerts ( #1153 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-02-01 00:21:14 -08:00
976ccfcf0d
fix: removed references to old dist-spec ( #1128 )
...
Signed-off-by: Ana-Roberta Lisca <ana.kagome@yahoo.com >
2023-01-31 09:35:33 -08:00
b3ed92ef1a
chore(deps): fix dependabot alerts ( #1143 )
...
https://github.com/project-zot/zot/pull/1119
https://github.com/project-zot/zot/pull/1142
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-01-26 22:39:18 -08:00
0938e4704c
chore(deps): fix dependabot alerts ( #1131 )
...
Also, remove go mod redirects and update linter config.
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-01-25 10:58:39 -08:00
fac1d1d05d
chore(trivy): update trivy version and enforce OCI compliant repo names in local image storage ( #1068 )
...
1. chore(trivy): update trivy library version
The trivy team switched github.com/urfave/cli for viper so
there are some other code changes as well.
Since we don't use github.com/urfave/cli directly in our software
we needed to add a tools.go in order for "go mod tidy" to not delete it.
See this pattern explained in:
- https://github.com/99designs/gqlgen#quick-start
- https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module
- https://github.com/go-modules-by-example/index/blob/master/010_tools/README.md#walk-through
The jobs using "go get -u" have been updated to use "go install", since go get
modifies the go.mod by upgrading some of the packages, but downgrading trivy to an older
version with broken dependencies
2. fix(storage) Update local storage to ignore folder names not compliant with dist spec
Also updated trivy to download the DB and cache results under the rootDir/_trivy folder
3. fix(s3): one of the s3 tests was missing the skipIt call
This caused a failure when running locally without s3 being available
4. make sure the offline scanning is enabled, and zot only downloads the trivy DB
on the regular schedule, and doesn't download the DB on every image scan
ci: increase build and test timeout as tests are reaching the limit more often
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2023-01-18 08:24:44 -08:00
eebc750367
chore(deps): fix dependabot alerts ( #1115 )
...
https://github.com/project-zot/zot/pull/1112
https://github.com/project-zot/zot/pull/1113
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-01-17 09:48:58 +02:00
6ab27fcdcd
chore(deps): fix dependabot alerts ( #1098 )
...
https://github.com/project-zot/zot/pull/1094
https://github.com/project-zot/zot/pull/1095
https://github.com/project-zot/zot/pull/1096
https://github.com/project-zot/zot/pull/1097
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-01-10 16:17:19 -08:00
08a8b3d44c
chore(deps): fix dependabot alerts ( #1090 )
...
https://github.com/project-zot/zot/pull/1087
https://github.com/project-zot/zot/pull/1088
https://github.com/project-zot/zot/pull/1089
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-12-29 10:05:22 +02:00
271ffb53cc
chore(deps): fix dependabot alerts ( #1080 )
...
https://github.com/project-zot/zot/pull/1079
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-12-20 15:29:21 -08:00
1c9db99b0d
chore(deps): fix dependabot alerts ( #1077 )
...
https://github.com/project-zot/zot/pull/1071
https://github.com/project-zot/zot/pull/1075
https://github.com/project-zot/zot/pull/1076
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-12-20 11:59:04 -08:00
2571e8e5fc
chore(deps): fix dependabot alerts ( #1074 )
...
https://github.com/project-zot/zot/pull/1069
https://github.com/project-zot/zot/pull/1070
https://github.com/project-zot/zot/pull/1071
https://github.com/project-zot/zot/pull/1072
https://github.com/project-zot/zot/pull/1073
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-12-19 14:59:31 -08:00
2efa80d1ec
chore(deps): fix dependabot alerts ( #1060 )
...
https://github.com/project-zot/zot/pull/1057
https://github.com/project-zot/zot/pull/1058
https://github.com/project-zot/zot/pull/1059
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-12-12 14:09:34 -08:00
d78f1d962f
chore(deps): fix dependabot alerts ( #1048 )
...
https://github.com/project-zot/zot/pull/1043
https://github.com/project-zot/zot/pull/1044
https://github.com/project-zot/zot/pull/1045
https://github.com/project-zot/zot/pull/1046
https://github.com/project-zot/zot/pull/1047
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-12-06 09:09:03 -08:00
ffa223de43
chore(deps): fix dependabot alerts ( #1030 )
...
https://github.com/project-zot/zot/pull/1024
https://github.com/project-zot/zot/pull/1025
https://github.com/project-zot/zot/pull/1026
https://github.com/project-zot/zot/pull/1027
https://github.com/project-zot/zot/pull/1028
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-11-29 16:41:01 +02:00
31b9481713
feat(cache): dynamodb implementation ( #953 )
...
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com >
2022-11-22 10:29:57 -08:00
7790b944e3
chore(deps): fix dependabot alerts ( #1000 )
...
https://github.com/project-zot/zot/pull/996
https://github.com/project-zot/zot/pull/997
https://github.com/project-zot/zot/pull/998
https://github.com/project-zot/zot/pull/999
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-11-14 12:29:28 -08:00
94d073ceab
chore(deps): fix dependabot alerts ( #977 )
...
https://github.com/project-zot/zot/pull/973
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-11-08 12:59:18 -08:00
f9b575e1cf
chore(deps): fix dependabot alerts ( #965 )
...
https://github.com/project-zot/zot/pull/959
https://github.com/project-zot/zot/pull/960
https://github.com/project-zot/zot/pull/961
https://github.com/project-zot/zot/pull/962
https://github.com/project-zot/zot/pull/963
https://github.com/project-zot/zot/pull/964
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-11-08 00:39:06 -08:00
c0f93caacb
feat(artifact): add OCI references support ( #936 )
...
Thanks @jdolitsky et al for kicking off these changes at:
https://github.com/oci-playground/zot/commits/main
Thanks @sudo-bmitch for reviewing the patch
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-11-08 00:38:16 -08:00
8b345f0b27
chore(deps): fix dependabot alerts ( #945 )
...
https://github.com/project-zot/zot/pull/939
https://github.com/project-zot/zot/pull/940
https://github.com/project-zot/zot/pull/941
https://github.com/project-zot/zot/pull/942
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-11-01 11:15:26 -07:00
4edecbb429
chore(deps): fix dependabot alerts ( #919 )
...
https://github.com/project-zot/zot/pull/911
https://github.com/project-zot/zot/pull/912
https://github.com/project-zot/zot/pull/913
https://github.com/project-zot/zot/pull/914
https://github.com/project-zot/zot/pull/915
https://github.com/project-zot/zot/pull/916
https://github.com/project-zot/zot/pull/917
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-10-24 15:18:48 -07:00
7d08985f75
chore(deps): fix dependabot alerts ( #885 )
...
https://github.com/project-zot/zot/pull/879
https://github.com/project-zot/zot/pull/880
https://github.com/project-zot/zot/pull/881
https://github.com/project-zot/zot/pull/882
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-10-18 10:06:14 +03:00
5494208556
chore(deps): fix dependabot alerts ( #868 )
...
https://github.com/project-zot/zot/pull/864
https://github.com/project-zot/zot/pull/865
https://github.com/project-zot/zot/pull/866
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-10-10 12:19:05 -07:00
f235f88426
chore(deps): update dependabot dependency update alerts ( #845 )
...
https://github.com/project-zot/zot/pull/819
https://github.com/project-zot/zot/pull/841
https://github.com/project-zot/zot/pull/842
https://github.com/project-zot/zot/pull/843
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-10-03 14:33:52 -07:00
04da7fb1b7
fix dependabot alerts ( #809 )
...
https://github.com/project-zot/zot/pull/805
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-09-22 11:27:55 +03:00
e5decaa47e
fix dependabot alerts
...
https://github.com/project-zot/zot/pull/800
https://github.com/project-zot/zot/pull/801
https://github.com/project-zot/zot/pull/805
https://github.com/project-zot/zot/security/dependabot/26
https://github.com/project-zot/zot/security/dependabot/30
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-09-21 16:07:04 -07:00
7804ba7ce0
fix dependabot alerts ( #795 )
...
https://github.com/project-zot/zot/pull/778
https://github.com/project-zot/zot/pull/780
https://github.com/project-zot/zot/pull/781
https://github.com/project-zot/zot/pull/782
https://github.com/project-zot/zot/security/dependabot/27
https://github.com/project-zot/zot/security/dependabot/29
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-09-21 10:04:08 +03:00
d68bbf6743
fix security alerts from artifacthub
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-09-08 09:24:33 +03:00
cda1f4989d
fix dependabot alerts
...
https://github.com/project-zot/zot/pull/755
https://github.com/project-zot/zot/pull/758
https://github.com/project-zot/zot/pull/759
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-08-29 22:28:17 -07:00
2ff8e8b7d2
fix dependabot alerts
...
https://github.com/project-zot/zot/pull/737
https://github.com/project-zot/zot/pull/738
https://github.com/project-zot/zot/pull/739
https://github.com/project-zot/zot/pull/740
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-08-23 09:38:30 -07:00
2929a62998
fix dependabot alerts
...
https://github.com/project-zot/zot/pull/725
https://github.com/project-zot/zot/pull/726
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-08-15 11:47:27 -07:00
4b8e288cd3
fix dependabot alerts
...
https://github.com/project-zot/zot/pull/712
https://github.com/project-zot/zot/pull/714
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-08-13 00:02:36 -07:00
86401de3b0
fix dependabot alerts
...
https://github.com/project-zot/zot/pull/706
https://github.com/project-zot/zot/pull/707
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-08-07 18:09:08 +03:00
ae73290929
fix dependabot alerts
...
https://github.com/project-zot/zot/pull/689
https://github.com/project-zot/zot/pull/690
https://github.com/project-zot/zot/pull/691
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-08-04 09:36:19 +03:00
49fb609f28
fix dependabot alerts
...
https://github.com/project-zot/zot/pull/682
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-07-29 10:42:37 -07:00
3d72dad507
fix dependabot alerts
...
https://github.com/project-zot/zot/pull/674
https://github.com/project-zot/zot/pull/676
https://github.com/project-zot/zot/pull/677
https://github.com/project-zot/zot/pull/678
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-07-27 08:48:51 +03:00
7e3d063319
freeform querry api
...
Signed-off-by: Laurentiu Niculae <themelopeus@gmail.com >
2022-07-20 10:03:11 -07:00
317064ffc9
fix dependabot alerts
...
https://github.com/project-zot/zot/pull/647
https://github.com/project-zot/zot/pull/648
https://github.com/project-zot/zot/pull/649
https://github.com/project-zot/zot/pull/650
https://github.com/project-zot/zot/pull/651
https://github.com/project-zot/zot/pull/652
https://github.com/project-zot/zot/pull/653
https://github.com/project-zot/zot/pull/656
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-07-18 14:59:27 -07:00
43160dcc43
Update to graphql 1.17.13
...
We encountered some problems with using the existing folder structure,
but it looks like running the tooling with the latest versions works after
we regenerated the project using 'gql init' and refactoring to separate
the login previously in resolvers.go.
- the autogenerated code is now under the gql_generated folder
- the file resolvers.go now contains only the code which is not
rewritten by the gqlgen framework
- the file schema.resolvers.go is rewritten when gqlgen runs,
and we'll only keep there the actual resolvers matching query names
Changes we observed to schema.resolvers.go when gqlgen runs include
reordering methods, and renaming function parameters to match the
names used in schema.graphql
- we now have a gqlgen.yaml config file which governs the behavior of
gqlgen (can be tweaked to restructure the folder structure of the
generated code in the future)
Looks like the new graphql server has better validation
1 Returns 422 instead of 200 for missing query string - had to update tests
2 Correctly uncovered an error in a test for a bad `%` in query string.
As as result of 2, a `masked` bug was found in the way we check if images are
signed with Notary, the signatures were reasched for with the media type
of the image manifest itself instead of the media type for notation.
Fixed this bug, and improved error messages.
This bug would have also been reproducible with main branch if the bad `%`
in the test would have fixed.
Updated the linter to ignore some issues with the code which is
always rewritten when running:
`go run github.com/99designs/gqlgen@v0.17.13 generate`
Add a workflow to test gqlgen works and has no uncommitted changes
Signed-off-by: Andrei Aaron <andaaron@cisco.com >
2022-07-18 12:55:40 -07:00
37b3345199
fix dependabot alerts
...
https://github.com/project-zot/zot/pull/629
https://github.com/project-zot/zot/pull/631
https://github.com/project-zot/zot/pull/632
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-07-15 14:22:39 -07:00
4ae1a908a0
fix dependabot alerts CVE-2022-33082/GHSA-2m4x-4q9j-w97g
...
https://github.com/project-zot/zot/security/dependabot/24
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2022-07-07 23:58:51 -07:00
Andrei Aaron