0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
Commit graph

103 commits

Author SHA1 Message Date
Ramkumar Chinchani
2571e8e5fc
chore(deps): fix dependabot alerts (#1074)
https://github.com/project-zot/zot/pull/1069
https://github.com/project-zot/zot/pull/1070
https://github.com/project-zot/zot/pull/1071
https://github.com/project-zot/zot/pull/1072
https://github.com/project-zot/zot/pull/1073


Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-12-19 14:59:31 -08:00
Ramkumar Chinchani
2efa80d1ec
chore(deps): fix dependabot alerts (#1060)
https://github.com/project-zot/zot/pull/1057
https://github.com/project-zot/zot/pull/1058
https://github.com/project-zot/zot/pull/1059
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-12-12 14:09:34 -08:00
Ramkumar Chinchani
d78f1d962f
chore(deps): fix dependabot alerts (#1048)
https://github.com/project-zot/zot/pull/1043
https://github.com/project-zot/zot/pull/1044
https://github.com/project-zot/zot/pull/1045
https://github.com/project-zot/zot/pull/1046
https://github.com/project-zot/zot/pull/1047

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-12-06 09:09:03 -08:00
Ramkumar Chinchani
ffa223de43
chore(deps): fix dependabot alerts (#1030)
https://github.com/project-zot/zot/pull/1024
https://github.com/project-zot/zot/pull/1025
https://github.com/project-zot/zot/pull/1026
https://github.com/project-zot/zot/pull/1027
https://github.com/project-zot/zot/pull/1028

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-11-29 16:41:01 +02:00
Catalin-George Hofnar
31b9481713
feat(cache): dynamodb implementation (#953)
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-11-22 10:29:57 -08:00
Ramkumar Chinchani
7790b944e3
chore(deps): fix dependabot alerts (#1000)
https://github.com/project-zot/zot/pull/996
https://github.com/project-zot/zot/pull/997
https://github.com/project-zot/zot/pull/998
https://github.com/project-zot/zot/pull/999

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-11-14 12:29:28 -08:00
Ramkumar Chinchani
94d073ceab
chore(deps): fix dependabot alerts (#977)
https://github.com/project-zot/zot/pull/973
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-11-08 12:59:18 -08:00
Ramkumar Chinchani
f9b575e1cf
chore(deps): fix dependabot alerts (#965)
https://github.com/project-zot/zot/pull/959
https://github.com/project-zot/zot/pull/960
https://github.com/project-zot/zot/pull/961
https://github.com/project-zot/zot/pull/962
https://github.com/project-zot/zot/pull/963
https://github.com/project-zot/zot/pull/964

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-11-08 00:39:06 -08:00
Ramkumar Chinchani
c0f93caacb
feat(artifact): add OCI references support (#936)
Thanks @jdolitsky et al for kicking off these changes at:
https://github.com/oci-playground/zot/commits/main

Thanks @sudo-bmitch for reviewing the patch

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-11-08 00:38:16 -08:00
Ramkumar Chinchani
8b345f0b27
chore(deps): fix dependabot alerts (#945)
https://github.com/project-zot/zot/pull/939
https://github.com/project-zot/zot/pull/940
https://github.com/project-zot/zot/pull/941
https://github.com/project-zot/zot/pull/942

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-11-01 11:15:26 -07:00
Ramkumar Chinchani
4edecbb429
chore(deps): fix dependabot alerts (#919)
https://github.com/project-zot/zot/pull/911
https://github.com/project-zot/zot/pull/912
https://github.com/project-zot/zot/pull/913
https://github.com/project-zot/zot/pull/914
https://github.com/project-zot/zot/pull/915
https://github.com/project-zot/zot/pull/916
https://github.com/project-zot/zot/pull/917

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-10-24 15:18:48 -07:00
Ramkumar Chinchani
7d08985f75
chore(deps): fix dependabot alerts (#885)
https://github.com/project-zot/zot/pull/879
https://github.com/project-zot/zot/pull/880
https://github.com/project-zot/zot/pull/881
https://github.com/project-zot/zot/pull/882

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-10-18 10:06:14 +03:00
Ramkumar Chinchani
5494208556
chore(deps): fix dependabot alerts (#868)
https://github.com/project-zot/zot/pull/864
https://github.com/project-zot/zot/pull/865
https://github.com/project-zot/zot/pull/866

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-10-10 12:19:05 -07:00
Nicol
33a431ef43
Update go version to 1.19 (#829)
* ci: Update go version to 1.19

Signed-off-by: Nicol Draghici <idraghic@cisco.com>

* ci: Fix lint issues

Signed-off-by: Nicol Draghici <idraghic@cisco.com>

* ci: Added needprivileges to lint, made needprivileges pass lint

Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Signed-off-by: Nicol Draghici <idraghic@cisco.com>

Signed-off-by: Nicol Draghici <idraghic@cisco.com>
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
Co-authored-by: Catalin Hofnar <catalin.hofnar@gmail.com>
2022-10-05 13:21:14 +03:00
Ramkumar Chinchani
f235f88426
chore(deps): update dependabot dependency update alerts (#845)
https://github.com/project-zot/zot/pull/819
https://github.com/project-zot/zot/pull/841
https://github.com/project-zot/zot/pull/842
https://github.com/project-zot/zot/pull/843
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-10-03 14:33:52 -07:00
Ramkumar Chinchani
04da7fb1b7
fix dependabot alerts (#809)
https://github.com/project-zot/zot/pull/805

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-09-22 11:27:55 +03:00
Ramkumar Chinchani
e5decaa47e fix dependabot alerts
https://github.com/project-zot/zot/pull/800
https://github.com/project-zot/zot/pull/801
https://github.com/project-zot/zot/pull/805

https://github.com/project-zot/zot/security/dependabot/26
https://github.com/project-zot/zot/security/dependabot/30

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-09-21 16:07:04 -07:00
Ramkumar Chinchani
7804ba7ce0
fix dependabot alerts (#795)
https://github.com/project-zot/zot/pull/778
https://github.com/project-zot/zot/pull/780
https://github.com/project-zot/zot/pull/781
https://github.com/project-zot/zot/pull/782
https://github.com/project-zot/zot/security/dependabot/27
https://github.com/project-zot/zot/security/dependabot/29

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-09-21 10:04:08 +03:00
Ramkumar Chinchani
d68bbf6743 fix security alerts from artifacthub
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-09-08 09:24:33 +03:00
Ramkumar Chinchani
cda1f4989d fix dependabot alerts
https://github.com/project-zot/zot/pull/755
https://github.com/project-zot/zot/pull/758
https://github.com/project-zot/zot/pull/759
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-08-29 22:28:17 -07:00
Ramkumar Chinchani
2ff8e8b7d2 fix dependabot alerts
https://github.com/project-zot/zot/pull/737
https://github.com/project-zot/zot/pull/738
https://github.com/project-zot/zot/pull/739
https://github.com/project-zot/zot/pull/740

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-08-23 09:38:30 -07:00
Ramkumar Chinchani
2929a62998 fix dependabot alerts
https://github.com/project-zot/zot/pull/725
https://github.com/project-zot/zot/pull/726
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-08-15 11:47:27 -07:00
Ramkumar Chinchani
4b8e288cd3 fix dependabot alerts
https://github.com/project-zot/zot/pull/712
https://github.com/project-zot/zot/pull/714

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-08-13 00:02:36 -07:00
Ramkumar Chinchani
86401de3b0 fix dependabot alerts
https://github.com/project-zot/zot/pull/706
https://github.com/project-zot/zot/pull/707

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-08-07 18:09:08 +03:00
Ramkumar Chinchani
ae73290929 fix dependabot alerts
https://github.com/project-zot/zot/pull/689
https://github.com/project-zot/zot/pull/690
https://github.com/project-zot/zot/pull/691

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-08-04 09:36:19 +03:00
Ramkumar Chinchani
49fb609f28 fix dependabot alerts
https://github.com/project-zot/zot/pull/682

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-29 10:42:37 -07:00
Ramkumar Chinchani
3d72dad507 fix dependabot alerts
https://github.com/project-zot/zot/pull/674
https://github.com/project-zot/zot/pull/676
https://github.com/project-zot/zot/pull/677
https://github.com/project-zot/zot/pull/678

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-27 08:48:51 +03:00
Laurentiu Niculae
7e3d063319 freeform querry api
Signed-off-by: Laurentiu Niculae <themelopeus@gmail.com>
2022-07-20 10:03:11 -07:00
Ramkumar Chinchani
317064ffc9 fix dependabot alerts
https://github.com/project-zot/zot/pull/647
https://github.com/project-zot/zot/pull/648
https://github.com/project-zot/zot/pull/649
https://github.com/project-zot/zot/pull/650
https://github.com/project-zot/zot/pull/651
https://github.com/project-zot/zot/pull/652
https://github.com/project-zot/zot/pull/653
https://github.com/project-zot/zot/pull/656

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-18 14:59:27 -07:00
Andrei Aaron
43160dcc43 Update to graphql 1.17.13
We encountered some problems with using the existing folder structure,
but it looks like running the tooling with the latest versions works after
we regenerated the project using 'gql init' and refactoring to separate
the login previously in resolvers.go.

- the autogenerated code is now under the gql_generated folder
- the file resolvers.go now contains only the code which is not
rewritten by the gqlgen framework
- the file schema.resolvers.go is rewritten when gqlgen runs,
and we'll only keep there the actual resolvers matching query names
Changes we observed to schema.resolvers.go when gqlgen runs include
reordering methods, and renaming function parameters to match the
names used in schema.graphql
- we now have a gqlgen.yaml config file which governs the behavior of
gqlgen (can be tweaked to restructure the folder structure of the
generated code in the future)

Looks like the new graphql server has better validation
1 Returns 422 instead of 200 for missing query string - had to update tests
2 Correctly uncovered an error in a test for a bad `%` in query string.

As as result of 2, a `masked` bug was found in the way we check if images are
signed with Notary, the signatures were reasched for with the media type
of the image manifest itself instead of the media type for notation.
Fixed this bug, and improved error messages.
This bug would have also been reproducible with main branch if the bad `%`
in the test would have fixed.

Updated the linter to ignore some issues with the code which is
always rewritten when running:
`go run github.com/99designs/gqlgen@v0.17.13 generate`

Add a workflow to test gqlgen works and has no uncommitted changes

Signed-off-by: Andrei Aaron <andaaron@cisco.com>
2022-07-18 12:55:40 -07:00
Ramkumar Chinchani
37b3345199 fix dependabot alerts
https://github.com/project-zot/zot/pull/629
https://github.com/project-zot/zot/pull/631
https://github.com/project-zot/zot/pull/632

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-15 14:22:39 -07:00
Ramkumar Chinchani
4ae1a908a0 fix dependabot alerts CVE-2022-33082/GHSA-2m4x-4q9j-w97g
https://github.com/project-zot/zot/security/dependabot/24

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-07-07 23:58:51 -07:00
Alex Stan
66484c8ca9 changed go version to 1.18
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
2022-06-09 04:38:06 -07:00
Ramkumar Chinchani
0edee009c0 fix CVE-2022-28946/GHSA-x7f3-62pm-9p38
https://github.com/project-zot/zot/security/dependabot/17
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-06-06 11:43:36 -07:00
Ramkumar Chinchani
d07de27402 fix CVE-2022-26945/GHSA-x24g-9w7v-vprh
https://github.com/project-zot/zot/security/dependabot/22

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-06-06 11:43:36 -07:00
Ramkumar Chinchani
dbe23e58f9 fix CVE-2022-28948/GHSA-hp87-p4gw-j4gq
https://github.com/project-zot/zot/security/dependabot/18

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-05-25 15:13:45 -07:00
Ramkumar Chinchani
6b841809e3 fix CVE-2022-29173/GHSA-66x3-6cw3-v5gj
https://github.com/project-zot/zot/security/dependabot/16

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-05-25 11:34:24 -07:00
Petu Eusebiu
da4acaf178 sync: preserve upstream digests after syncing images
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-05-25 10:19:36 -07:00
Ramkumar Chinchani
a5e091e3d2 fix CVE-2022-29162/GHSA-f3fp-gc8g-vw66
https://github.com/project-zot/zot/security/dependabot/15

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-05-24 12:53:48 -07:00
Shivam Mishra
36c9631000 ext: use distribution spec route prefix for extension api
Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
2022-05-22 16:35:16 -07:00
Ramkumar Chinchani
c1bf4456d0 update cosign deps
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-05-22 09:15:01 -07:00
Ramkumar Chinchani
6d593b468f dependabot alert: fix CVE-2022-29810
https://github.com/project-zot/zot/security/dependabot/14

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-05-03 14:36:41 -07:00
Ramkumar Chinchani
d19a4bf2a1 build(deps): bump github.com/swaggo/http-swagger from 1.2.5 to 1.2.6
Fixes https://github.com/project-zot/zot/security/dependabot/12

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-04-26 09:31:11 -07:00
Petu Eusebiu
4e20ab8a5d go.mod: update dependencies
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
2022-04-15 10:31:37 -07:00
Ramkumar Chinchani
251857fb6e move module deps under project-zot repo
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-21 11:03:19 -07:00
Ramkumar Chinchani
10f0e6c307 fix dependabot alert
https://github.com/project-zot/zot/security/dependabot/10

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-15 16:55:32 -07:00
laurentiuNiculae
63d94d4ac5 Update dist-spec version automatically
Warning if config has wrong dist-spec version

Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
2022-03-14 10:24:03 -07:00
Ramkumar Chinchani
95e4b2054b upgrade module deps
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-04 13:10:58 -08:00
Ramkumar Chinchani
3b9699c536 go.mod: cleanup deps so 'go mod tidy' works
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-04 13:10:58 -08:00
Ramkumar Chinchani
cf70a8d71e CVE-2022-23648: update dependencies in go.mod
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
2022-03-03 09:55:48 -08:00