Infrastructure/zot

mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00

Author	SHA1	Message	Date
Ramkumar Chinchani	8b345f0b27	chore(deps): fix dependabot alerts (#945 ) https://github.com/project-zot/zot/pull/939 https://github.com/project-zot/zot/pull/940 https://github.com/project-zot/zot/pull/941 https://github.com/project-zot/zot/pull/942 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-11-01 11:15:26 -07:00
Ramkumar Chinchani	4edecbb429	chore(deps): fix dependabot alerts (#919 ) https://github.com/project-zot/zot/pull/911 https://github.com/project-zot/zot/pull/912 https://github.com/project-zot/zot/pull/913 https://github.com/project-zot/zot/pull/914 https://github.com/project-zot/zot/pull/915 https://github.com/project-zot/zot/pull/916 https://github.com/project-zot/zot/pull/917 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-10-24 15:18:48 -07:00
Ramkumar Chinchani	7d08985f75	chore(deps): fix dependabot alerts (#885 ) https://github.com/project-zot/zot/pull/879 https://github.com/project-zot/zot/pull/880 https://github.com/project-zot/zot/pull/881 https://github.com/project-zot/zot/pull/882 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-10-18 10:06:14 +03:00
Ramkumar Chinchani	5494208556	chore(deps): fix dependabot alerts (#868 ) https://github.com/project-zot/zot/pull/864 https://github.com/project-zot/zot/pull/865 https://github.com/project-zot/zot/pull/866 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-10-10 12:19:05 -07:00
Nicol	33a431ef43	Update go version to 1.19 (#829 ) * ci: Update go version to 1.19 Signed-off-by: Nicol Draghici <idraghic@cisco.com> * ci: Fix lint issues Signed-off-by: Nicol Draghici <idraghic@cisco.com> * ci: Added needprivileges to lint, made needprivileges pass lint Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com> Signed-off-by: Nicol Draghici <idraghic@cisco.com> Signed-off-by: Nicol Draghici <idraghic@cisco.com> Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com> Co-authored-by: Catalin Hofnar <catalin.hofnar@gmail.com>	2022-10-05 13:21:14 +03:00
Ramkumar Chinchani	f235f88426	chore(deps): update dependabot dependency update alerts (#845 ) https://github.com/project-zot/zot/pull/819 https://github.com/project-zot/zot/pull/841 https://github.com/project-zot/zot/pull/842 https://github.com/project-zot/zot/pull/843 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-10-03 14:33:52 -07:00
Ramkumar Chinchani	04da7fb1b7	fix dependabot alerts (#809 ) https://github.com/project-zot/zot/pull/805 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-09-22 11:27:55 +03:00
Ramkumar Chinchani	e5decaa47e	fix dependabot alerts https://github.com/project-zot/zot/pull/800 https://github.com/project-zot/zot/pull/801 https://github.com/project-zot/zot/pull/805 https://github.com/project-zot/zot/security/dependabot/26 https://github.com/project-zot/zot/security/dependabot/30 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-09-21 16:07:04 -07:00
Ramkumar Chinchani	7804ba7ce0	fix dependabot alerts (#795 ) https://github.com/project-zot/zot/pull/778 https://github.com/project-zot/zot/pull/780 https://github.com/project-zot/zot/pull/781 https://github.com/project-zot/zot/pull/782 https://github.com/project-zot/zot/security/dependabot/27 https://github.com/project-zot/zot/security/dependabot/29 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-09-21 10:04:08 +03:00
Ramkumar Chinchani	d68bbf6743	fix security alerts from artifacthub Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-09-08 09:24:33 +03:00
Ramkumar Chinchani	cda1f4989d	fix dependabot alerts https://github.com/project-zot/zot/pull/755 https://github.com/project-zot/zot/pull/758 https://github.com/project-zot/zot/pull/759 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-08-29 22:28:17 -07:00
Ramkumar Chinchani	2ff8e8b7d2	fix dependabot alerts https://github.com/project-zot/zot/pull/737 https://github.com/project-zot/zot/pull/738 https://github.com/project-zot/zot/pull/739 https://github.com/project-zot/zot/pull/740 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-08-23 09:38:30 -07:00
Ramkumar Chinchani	2929a62998	fix dependabot alerts https://github.com/project-zot/zot/pull/725 https://github.com/project-zot/zot/pull/726 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-08-15 11:47:27 -07:00
Ramkumar Chinchani	4b8e288cd3	fix dependabot alerts https://github.com/project-zot/zot/pull/712 https://github.com/project-zot/zot/pull/714 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-08-13 00:02:36 -07:00
Ramkumar Chinchani	86401de3b0	fix dependabot alerts https://github.com/project-zot/zot/pull/706 https://github.com/project-zot/zot/pull/707 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-08-07 18:09:08 +03:00
Ramkumar Chinchani	ae73290929	fix dependabot alerts https://github.com/project-zot/zot/pull/689 https://github.com/project-zot/zot/pull/690 https://github.com/project-zot/zot/pull/691 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-08-04 09:36:19 +03:00
Ramkumar Chinchani	49fb609f28	fix dependabot alerts https://github.com/project-zot/zot/pull/682 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-07-29 10:42:37 -07:00
Ramkumar Chinchani	3d72dad507	fix dependabot alerts https://github.com/project-zot/zot/pull/674 https://github.com/project-zot/zot/pull/676 https://github.com/project-zot/zot/pull/677 https://github.com/project-zot/zot/pull/678 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-07-27 08:48:51 +03:00
Laurentiu Niculae	7e3d063319	freeform querry api Signed-off-by: Laurentiu Niculae <themelopeus@gmail.com>	2022-07-20 10:03:11 -07:00
Ramkumar Chinchani	317064ffc9	fix dependabot alerts https://github.com/project-zot/zot/pull/647 https://github.com/project-zot/zot/pull/648 https://github.com/project-zot/zot/pull/649 https://github.com/project-zot/zot/pull/650 https://github.com/project-zot/zot/pull/651 https://github.com/project-zot/zot/pull/652 https://github.com/project-zot/zot/pull/653 https://github.com/project-zot/zot/pull/656 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-07-18 14:59:27 -07:00
Andrei Aaron	43160dcc43	Update to graphql 1.17.13 We encountered some problems with using the existing folder structure, but it looks like running the tooling with the latest versions works after we regenerated the project using 'gql init' and refactoring to separate the login previously in resolvers.go. - the autogenerated code is now under the gql_generated folder - the file resolvers.go now contains only the code which is not rewritten by the gqlgen framework - the file schema.resolvers.go is rewritten when gqlgen runs, and we'll only keep there the actual resolvers matching query names Changes we observed to schema.resolvers.go when gqlgen runs include reordering methods, and renaming function parameters to match the names used in schema.graphql - we now have a gqlgen.yaml config file which governs the behavior of gqlgen (can be tweaked to restructure the folder structure of the generated code in the future) Looks like the new graphql server has better validation 1 Returns 422 instead of 200 for missing query string - had to update tests 2 Correctly uncovered an error in a test for a bad `%` in query string. As as result of 2, a `masked` bug was found in the way we check if images are signed with Notary, the signatures were reasched for with the media type of the image manifest itself instead of the media type for notation. Fixed this bug, and improved error messages. This bug would have also been reproducible with main branch if the bad `%` in the test would have fixed. Updated the linter to ignore some issues with the code which is always rewritten when running: `go run github.com/99designs/gqlgen@v0.17.13 generate` Add a workflow to test gqlgen works and has no uncommitted changes Signed-off-by: Andrei Aaron <andaaron@cisco.com>	2022-07-18 12:55:40 -07:00
Ramkumar Chinchani	37b3345199	fix dependabot alerts https://github.com/project-zot/zot/pull/629 https://github.com/project-zot/zot/pull/631 https://github.com/project-zot/zot/pull/632 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-07-15 14:22:39 -07:00
Ramkumar Chinchani	4ae1a908a0	fix dependabot alerts CVE-2022-33082/GHSA-2m4x-4q9j-w97g https://github.com/project-zot/zot/security/dependabot/24 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-07-07 23:58:51 -07:00
Alex Stan	66484c8ca9	changed go version to 1.18 Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>	2022-06-09 04:38:06 -07:00
Ramkumar Chinchani	0edee009c0	fix CVE-2022-28946/GHSA-x7f3-62pm-9p38 https://github.com/project-zot/zot/security/dependabot/17 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-06-06 11:43:36 -07:00
Ramkumar Chinchani	d07de27402	fix CVE-2022-26945/GHSA-x24g-9w7v-vprh https://github.com/project-zot/zot/security/dependabot/22 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-06-06 11:43:36 -07:00
Ramkumar Chinchani	dbe23e58f9	fix CVE-2022-28948/GHSA-hp87-p4gw-j4gq https://github.com/project-zot/zot/security/dependabot/18 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-05-25 15:13:45 -07:00
Ramkumar Chinchani	6b841809e3	fix CVE-2022-29173/GHSA-66x3-6cw3-v5gj https://github.com/project-zot/zot/security/dependabot/16 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-05-25 11:34:24 -07:00
Petu Eusebiu	da4acaf178	sync: preserve upstream digests after syncing images Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>	2022-05-25 10:19:36 -07:00
Ramkumar Chinchani	a5e091e3d2	fix CVE-2022-29162/GHSA-f3fp-gc8g-vw66 https://github.com/project-zot/zot/security/dependabot/15 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-05-24 12:53:48 -07:00
Shivam Mishra	36c9631000	ext: use distribution spec route prefix for extension api Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions Signed-off-by: Shivam Mishra <shimish2@cisco.com>	2022-05-22 16:35:16 -07:00
Ramkumar Chinchani	c1bf4456d0	update cosign deps Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-05-22 09:15:01 -07:00
Ramkumar Chinchani	6d593b468f	dependabot alert: fix CVE-2022-29810 https://github.com/project-zot/zot/security/dependabot/14 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-05-03 14:36:41 -07:00
Ramkumar Chinchani	d19a4bf2a1	build(deps): bump github.com/swaggo/http-swagger from 1.2.5 to 1.2.6 Fixes https://github.com/project-zot/zot/security/dependabot/12 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-04-26 09:31:11 -07:00
Petu Eusebiu	4e20ab8a5d	go.mod: update dependencies Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>	2022-04-15 10:31:37 -07:00
Ramkumar Chinchani	251857fb6e	move module deps under project-zot repo Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-03-21 11:03:19 -07:00
Ramkumar Chinchani	10f0e6c307	fix dependabot alert https://github.com/project-zot/zot/security/dependabot/10 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-03-15 16:55:32 -07:00
laurentiuNiculae	63d94d4ac5	Update dist-spec version automatically Warning if config has wrong dist-spec version Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>	2022-03-14 10:24:03 -07:00
Ramkumar Chinchani	95e4b2054b	upgrade module deps Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-03-04 13:10:58 -08:00
Ramkumar Chinchani	3b9699c536	go.mod: cleanup deps so 'go mod tidy' works Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-03-04 13:10:58 -08:00
Ramkumar Chinchani	cf70a8d71e	CVE-2022-23648: update dependencies in go.mod Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-03-03 09:55:48 -08:00
Ramkumar Chinchani	8db3e1b192	CVE-2022-23649: fix dependabot alert Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-03-02 12:01:14 -08:00
Ramkumar Chinchani	3ada6af0de	tls: set min version to 1.2 and restrict cipher suites Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-03-02 10:03:50 -08:00
Ramkumar Chinchani	bb53552048	bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.0+incompatible Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-02-11 19:19:16 -08:00
Ramkumar Chinchani	f66d496257	dependabot-alert: update 'github.com/open-policy-agent/opa' Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-02-11 15:49:54 -08:00
Shivam Mishra	37d150e32f	search: graphql api to give detailed repo info DetailedRepoInfo graphql api returns detailed repo info given repo name repo contains its manifests info Each manifest entry contains digest,signed, tag and layers info Each layer info containes digest, size Signed-off-by: Shivam Mishra <shimish2@cisco.com>	2022-02-10 16:34:13 -08:00
Ramkumar Chinchani	1e5ea7e09c	controller: support rate-limiting incoming requests helps constraining resource usage and against flood attacks. Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-01-24 12:48:13 -08:00
Ramkumar Chinchani	f251e7af10	update go.mod Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-01-24 09:15:46 -08:00
Ramkumar Chinchani	3177f87403	ci/cd: upgrade golang to 1.17 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-01-07 09:46:50 -08:00
Ramkumar Chinchani	9e98b03f55	go.mod: fix GHSA-mvff-h3cj-wj9c update containerd version Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>	2022-01-07 00:07:10 -08:00

1 2

94 commits