800a545fbe
chore: fix dependabot alerts ( #3677 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-12-29 09:59:57 +02:00
e7b73b6c2d
chore: fix dependabot alerts ( #3636 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-12-09 10:49:45 +02:00
49c15abf06
chore: fix dependabot alerts ( #3555 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-11-18 08:46:51 +02:00
2402296e9a
fix: migrate to Go module v2 for proper semantic versioning ( #3462 )
...
* fix: migrate to Go module v2 for proper semantic versioning
This change updates the module path from 'zotregistry.dev/zot' to
'zotregistry.dev/zot/v2' to comply with Go's semantic versioning rules.
According to Go's module versioning requirements, major version v2+
must include the major version in the module path. The current
module path 'zotregistry.dev/zot' only supports v0.x.x and v1.x.x
versions, making existing v2.x.x tags (like v2.1.8) unusable.
Changes:
- Updated go.mod module path to zotregistry.dev/zot/v2
- Updated all internal import paths across 280+ Go source files
- Updated configuration files (golangcilint.yaml, gqlgen.yml)
- Updated README.md Go reference badge
This fix enables proper use of existing v2.x.x Git tags and allows
external packages to import zot v2+ versions without compatibility
errors.
Resolves: Go module import compatibility for v2+ versions
Fixes : #3071
Signed-off-by: Luca Muscariello <muscariello@ieee.org >
* fix: regenerate GraphQL files with updated v2 import paths
The gqlgen tool needs to regenerate the GraphQL schema files after
the module path change to use the new v2 imports.
Signed-off-by: Luca Muscariello <muscariello@ieee.org >
---------
Signed-off-by: Luca Muscariello <muscariello@ieee.org >
2025-10-16 22:43:47 -07:00
5e5bd1e33c
chore: fix dependabot alerts ( #3422 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-09-30 09:56:53 +03:00
1fdf1aad9d
chore: fix dependabot alerts ( #3407 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-09-26 14:27:16 +03:00
a13c917b73
chore: fix dependabot alerts ( #3292 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* fix: update trivy api call
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-08-06 10:09:53 -07:00
2c7e8fd33e
chore: fix dependabot alerts ( #3245 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-07-05 00:06:32 +03:00
100dfec142
chore: fix dependabot alerts ( #3213 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-06-17 10:09:19 -07:00
6a22640bfa
Fix dependabot alerts ( #3188 )
...
* chore: update github.com/redis/go-redis/v9 to v9.9.0
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: update trivy to v0.63.0
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: update github.com/spf13/cast to v1.9.2
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: update ossf/scorecard-action from 2.4.1 to 2.4.2
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
* chore: fix multiple dependabot alerts
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2025-06-09 10:40:13 -07:00
32a5eee521
chore: fix dependabot alerts ( #3141 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-05-05 22:06:22 -07:00
06a0cd5220
chore: fix dependabot alerts ( #3127 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-30 21:47:54 +03:00
62af65b07d
chore: fix dependabot alerts ( #3084 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-04-08 22:57:22 -07:00
ff50aab9b3
chore: fix dependabot alerts ( #3041 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* test: fix http status code check
Related to gqlgen changes
- github.com/99designs/gqlgen v0.17.66
+ github.com/99designs/gqlgen v0.17.68
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-03-18 20:10:55 -07:00
328606def0
chore: fix dependabot alerts ( #2978 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-02-22 22:28:23 -08:00
d0ad93532f
chore: fix dependabot alerts ( #2945 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-02-03 23:34:01 -08:00
97fd43e2b0
chore: fix dependabot alerts ( #2881 )
2025-01-14 08:36:30 +02:00
7f593b8896
chore: fix dependabot alerts ( #2869 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2025-01-13 01:20:29 -08:00
6ca9c66260
chore: fix dependabot alerts ( #2851 )
...
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2024-12-23 21:10:23 -08:00
8789fb0008
chore: fix dependabot alerts ( #2837 )
...
* chore: fix dependabot alerts
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
* chore: update oras version
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2024-12-18 08:57:13 -08:00
8f5414a1f0
chore: update ui version ( #2827 )
...
chore: fix dependabot alerts (#2825 )
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com >
2024-12-14 11:58:04 -08:00
72c6e8afb3
chore: fix dependabot alerts ( #2810 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2024-12-06 09:04:46 -08:00
c89be3ad31
chore: fix dependabot alerts ( #2709 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2024-10-07 16:20:37 -07:00
9cf6b0205d
chore: fix dependabot alerts ( #2681 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2024-09-27 09:05:14 +03:00
fb2edcc269
chore: fix dependabot alerts ( #2486 )
...
https://github.com/project-zot/zot/pull/2475
https://github.com/project-zot/zot/pull/2477
https://github.com/project-zot/zot/pull/2478
https://github.com/project-zot/zot/pull/2479
https://github.com/project-zot/zot/pull/2480
https://github.com/project-zot/zot/pull/2481
https://github.com/project-zot/zot/pull/2482
https://github.com/project-zot/zot/pull/2483
https://github.com/project-zot/zot/pull/2484
https://github.com/project-zot/zot/pull/2485
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2024-06-17 20:31:01 +03:00
1594852428
chore: fix dependabot alerts ( #2446 )
...
* chore: fix dependabot alerts
https://github.com/project-zot/zot/pull/2435
https://github.com/project-zot/zot/pull/2436
https://github.com/project-zot/zot/pull/2437
https://github.com/project-zot/zot/pull/2438
https://github.com/project-zot/zot/pull/2439
https://github.com/project-zot/zot/pull/2440
https://github.com/project-zot/zot/pull/2441
https://github.com/project-zot/zot/pull/2442
https://github.com/project-zot/zot/pull/2443
https://github.com/project-zot/zot/pull/2444
https://github.com/project-zot/zot/pull/2445
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
* fix(zli): _schema query in zli code should not use empty parens
Fix also some tests
See https://github.com/vektah/gqlparser/issues/292 and https://github.com/vektah/gqlparser/pull/293
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
---------
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
Co-authored-by: Andrei Aaron <aaaron@luxoft.com >
2024-06-04 13:54:30 +03:00
28e9aabecf
chore: fix dependabot alerts ( #2331 )
...
https://github.com/project-zot/zot/pull/2324
https://github.com/project-zot/zot/pull/2325
https://github.com/project-zot/zot/pull/2326
https://github.com/project-zot/zot/pull/2327
https://github.com/project-zot/zot/pull/2328
https://github.com/project-zot/zot/pull/2329
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2024-03-20 07:37:29 +02:00
5039128723
feat(cve): cli cve diff ( #2242 )
...
* feat(gql): add new query for diff of cves for 2 images
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
* feat(cli): add cli for cve diff
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
---------
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2024-03-06 10:40:29 +02:00
565eca2609
chore: fix dependabot alerts ( #2268 )
...
https://github.com/project-zot/zot/pull/2258
https://github.com/project-zot/zot/pull/2259
https://github.com/project-zot/zot/pull/2260
https://github.com/project-zot/zot/pull/2261
https://github.com/project-zot/zot/pull/2262
https://github.com/project-zot/zot/pull/2263
https://github.com/project-zot/zot/pull/2264
https://github.com/project-zot/zot/pull/2265
https://github.com/project-zot/zot/pull/2266
https://github.com/project-zot/zot/pull/2267
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2024-02-20 21:51:40 +02:00
55acce6923
feat(graphql): filter CVEs by severity ( #2246 )
...
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com >
2024-02-14 09:11:57 -08:00
ce4924f841
refactor: rename go module from zotregistry.io/zot to zotregistry.dev/zot ( #2187 )
...
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2024-01-31 20:34:07 -08:00
3f97f878fd
feat(cve): add option to exclude string from cve search ( #2163 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2024-01-19 12:59:42 -08:00
79e14027ee
refactor(test): add lint rule for messages starting with the component ( #2045 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2023-12-08 10:05:02 +02:00
8bac653dd2
chore: fix dependabot alerts ( #2113 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-12-04 11:28:01 -08:00
90d27ff2ac
feat(cve): expand search domain to cve description and package info ( #2086 )
...
* feat(cve): add reference url for cve
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
* feat(cve): expand search domain to cve description and package info
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
---------
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-11-29 20:59:00 +02:00
3e6053e1db
chore: fix dependabot alerts ( #1986 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-10-30 14:47:11 -07:00
ed775914df
chore: fix dependabot alerts ( #1911 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-10-09 11:35:42 -07:00
9096031aeb
chore: fix dependabot alerts ( #1855 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-09-25 23:03:13 +03:00
bcdd9988f5
fix(cve): cummulative fixes and improvements for CVE scanning logic ( #1810 )
...
1. Only scan CVEs for images returned by graphql calls
Since pagination was refactored to account for image indexes, we had started
to run the CVE scanner before pagination was applied, resulting in
decreased ZOT performance if CVE information was requested
2. Increase in medory-cache of cve results to 1m, from 10k digests.
3. Update CVE model to use CVSS severity values in our code.
Previously we relied upon the strings returned by trivy directly,
and the sorting they implemented.
Since CVE severities are standardized, we don't need to pass around
an adapter object just for pagination and sorting purposes anymore.
This also improves our testing since we don't mock the sorting functions anymore.
4. Fix a flaky CLI test not waiting for the zot service to start.
5. Add the search build label on search/cve tests which were missing it.
6. The boltdb update method was used in a few places where view was supposed to be called.
7. Add logs for start and finish of parsing MetaDB.
8. Avoid unmarshalling twice to obtain annotations for multiarch images.
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2023-09-17 15:12:20 -07:00
6461b661f1
chore: fix dependabot alerts ( #1797 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-09-11 20:21:56 -07:00
28de980319
feat(refator): refactoring repodb into meta ( #1626 )
...
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
2023-07-18 10:27:26 -07:00
fe9c9750b5
chore: fix dependabot alerts ( #1631 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-07-17 23:37:54 +03:00
418a1a006c
feat(cve): ability to return CVEs per image os and architecture ( #1607 )
...
Signed-off-by: Andrei Aaron <aaaron@luxoft.com >
2023-07-11 09:29:04 -07:00
2be5459c8e
chore: fix dependabot alerts ( #1458 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-05-17 00:37:34 -07:00
42df4c505a
chore: fix dependabot alerts ( #1403 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-05-01 12:49:10 -07:00
c169698c95
feat: remove usage of zerolog.Logger.Msgf() from zot code ( #1382 )
...
Signed-off-by: Nicol Draghici <idraghic@cisco.com >
2023-04-27 19:44:22 -07:00
9cc990d7ca
feat(repodb): add user related information to repodb ( #1317 )
...
Initial code was contributed by Bogdan BIVOLARU <104334+bogdanbiv@users.noreply.github.com >
Moved implementation from a separate db to repodb by Andrei Aaron <aaaron@luxoft.com >
Not done yet:
- run/test dynamodb implementation, only boltdb was tested
- add additional coverage for existing functionality
- add web-based APIs to toggle the stars/bookmarks on/off
Initially graphql mutation was discussed for the missing API but
we decided REST endpoints would be better suited for configuration
feat(userdb): complete functionality for userdb integration
- dynamodb rollback changes to user starred repos in case increasing the total star count fails
- dynamodb increment/decrement repostars in repometa when user stars/unstars a repo
- dynamodb check anonymous user permissions are working as intendend
- common test handle anonymous users
- RepoMeta2RepoSummary set IsStarred and IsBookmarked
feat(userdb): rest api calls for toggling stars/bookmarks on/off
test(userdb): blackbox tests
test(userdb): move preferences tests in a different file with specific build tags
feat(repodb): add is-starred and is-bookmarked fields to repo-meta
- removed duplicated logic for determining if a repo is starred/bookmarked
Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com >
Co-authored-by: Andrei Aaron <aaaron@luxoft.com >
2023-04-24 11:13:15 -07:00
0586c6227e
refactor: remove pkg/extensions/search/common and move the code to the appropriate packages ( #1358 )
...
Signed-off-by: Nicol Draghici <idraghic@cisco.com >
2023-04-18 11:07:47 -07:00
e6b81bb354
chore(go.mod): fix dependabot alerts ( #1365 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-04-12 14:10:47 +03:00
8f809bda29
chore(go.mod): fix dependabot alerts ( #1351 )
...
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com >
2023-04-10 14:09:54 -07:00
Ramkumar Chinchani