{"id":10224,"name":"github.com/docker/distribution","ecosystem":"go","repository_url":"https://github.com/docker/distribution","issues_count":99,"created_at":"2025-06-06T22:45:07.187Z","updated_at":"2025-06-06T22:45:07.187Z","purl":"pkg:golang/github.com/docker/distribution","metadata":{"id":3492800,"name":"github.com/docker/distribution","ecosystem":"go","description":"Package distribution will define the interfaces for the components of\ndocker distribution. The goal is to allow users to reliably package, ship\nand store content related to docker images.\n\nThis is currently a work in progress. More details are available in the\nREADME.md.","homepage":"https://github.com/docker/distribution","licenses":"Apache-2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/docker/distribution","keywords_array":[],"namespace":"github.com/docker","versions_count":53,"first_release_published_at":"2015-01-20T21:42:12.000Z","latest_release_published_at":"2023-10-02T17:09:30.000Z","latest_release_number":"v2.8.3+incompatible","last_synced_at":"2025-06-07T00:01:50.623Z","created_at":"2022-04-10T19:12:30.547Z","updated_at":"2025-06-07T00:01:50.623Z","registry_url":"https://pkg.go.dev/github.com/docker/distribution","install_command":"go get github.com/docker/distribution","documentation_url":"https://pkg.go.dev/github.com/docker/distribution#section-documentation","metadata":{},"repo_metadata":{"uuid":"28366058","full_name":"distribution/distribution","owner":"distribution","description":"The toolkit to pack, ship, store, and deliver container content","archived":false,"fork":false,"pushed_at":"2023-03-16T13:04:42.000Z","size":22894,"stargazers_count":7367,"open_issues_count":757,"forks_count":2241,"subscribers_count":265,"default_branch":"main","last_synced_at":"2023-03-18T05:10:23.975Z","etag":null,"topics":["cncf","containers","oci","oci-specification","registry"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"logo_url":null,"metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE-OF-CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-12-22T23:49:26.000Z","updated_at":"2023-03-18T03:53:41.000Z","dependencies_parsed_at":"2023-01-14T13:45:18.921Z","dependency_job_id":null,"html_url":"https://github.com/distribution/distribution","commit_stats":null,"repository_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/distribution%2Fdistribution","tags_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/distribution%2Fdistribution/tags","manifests_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/distribution%2Fdistribution/manifests","owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/distribution","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":108921946,"host_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names"},"owner_record":{"login":"distribution","name":"Distribution","uuid":"78096003","kind":"organization","description":"CNCF Distribution Project","email":null,"website":null,"location":null,"twitter":null,"company":null,"avatar_url":"https://avatars.githubusercontent.com/u/78096003?v=4","repositories_count":1,"last_synced_at":"2023-02-27T11:46:59.892Z","metadata":{"has_sponsors_listing":false},"owner_url":"http://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/distribution"},"tags":[{"name":"v2.8.1","sha":"b5ca020cfbe998e5af3457fda087444cf5116496","kind":"tag","published_at":"2022-03-08T17:57:39.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.8.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.8.1"},{"name":"v2.8.0","sha":"dcf66392d606f50bf3a9286dcb4bdcdfb7c0e83a","kind":"tag","published_at":"2022-02-07T15:45:34.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.8.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.8.0"},{"name":"v2.8.0-beta.1","sha":"212b38ed225e42676c2a2e478aecc2b2fcc62fc9","kind":"tag","published_at":"2022-01-21T16:37:31.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.8.0-beta.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.8.0-beta.1"},{"name":"v2.7.1","sha":"2461543d988979529609e8cb6fca9ca190dc48da","kind":"tag","published_at":"2019-01-17T23:20:18.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.7.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.7.1"},{"name":"v2.7.0","sha":"40b7b5830a2337bb07627617740c0e39eb92800c","kind":"tag","published_at":"2018-12-04T00:16:08.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.7.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.7.0"},{"name":"v2.7.0-rc.0","sha":"17b3ff188dfde7d5b59a94ab99e6a967b3a59563","kind":"tag","published_at":"2018-09-28T23:20:38.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.7.0-rc.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.7.0-rc.0"},{"name":"v2.5.2","sha":"0bae7512b274045404499c79a298c6898e6fe179","kind":"tag","published_at":"2017-07-20T21:22:53.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.5.2","html_url":"https://github.com/distribution/distribution/releases/tag/v2.5.2"},{"name":"v2.6.2","sha":"48294d928ced5dd9b378f7fd7c6f5da3ff3f2c89","kind":"tag","published_at":"2017-07-20T21:13:26.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.6.2","html_url":"https://github.com/distribution/distribution/releases/tag/v2.6.2"},{"name":"v2.6.1","sha":"a25b9ef0c9fe242ac04bb20d3a028442b7d266b6","kind":"tag","published_at":"2017-04-05T23:20:21.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.6.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.6.1"},{"name":"v2.6.1-rc.2","sha":"0d39820aa79e678113b010bae558345fda98db53","kind":"tag","published_at":"2017-03-21T20:59:56.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.6.1-rc.2","html_url":"https://github.com/distribution/distribution/releases/tag/v2.6.1-rc.2"},{"name":"v2.6.1-rc.1","sha":"74278cdaa6f5fd10e3b1995aebe62c98cad634f1","kind":"tag","published_at":"2017-03-21T18:49:45.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.6.1-rc.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.6.1-rc.1"},{"name":"v2.6.0","sha":"325b0804fef3a66309d962357aac3c2ce3f4d329","kind":"tag","published_at":"2017-01-18T01:59:12.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.6.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.6.0"},{"name":"v2.6.0-rc.2","sha":"0241c48be550402e1ba2caa368cf8f97b89d3a21","kind":"tag","published_at":"2016-12-21T00:20:52.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.6.0-rc.2","html_url":"https://github.com/distribution/distribution/releases/tag/v2.6.0-rc.2"},{"name":"v2.6.0-rc.1","sha":"e249b61e900df4d36779a690971e5cab691a4954","kind":"tag","published_at":"2016-11-11T20:10:42.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.6.0-rc.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.6.0-rc.1"},{"name":"v2.5.1","sha":"12acdf0a6c1e56d965ac6eb395d2bce687bf22fc","kind":"tag","published_at":"2016-09-12T21:13:49.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.5.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.5.1"},{"name":"v2.5.1-rc.1","sha":"12acdf0a6c1e56d965ac6eb395d2bce687bf22fc","kind":"tag","published_at":"2016-08-26T18:33:02.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.5.1-rc.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.5.1-rc.1"},{"name":"v2.5.0","sha":"a9b1322edf48b1fb9aee4e5ded7a4f4ac37c6830","kind":"tag","published_at":"2016-07-28T17:52:09.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.5.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.5.0"},{"name":"docs-v2.5.0-2016-07-28","sha":"92e114290d2eec31a69ed046fdf9e9206da762cd","kind":"tag","published_at":"2016-07-28T17:28:13.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/docs-v2.5.0-2016-07-28","html_url":"https://github.com/distribution/distribution/releases/tag/docs-v2.5.0-2016-07-28"},{"name":"v2.5.0-rc.2","sha":"4614c3989665b2f97777456ad77474706e95bb50","kind":"tag","published_at":"2016-07-06T21:19:05.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.5.0-rc.2","html_url":"https://github.com/distribution/distribution/releases/tag/v2.5.0-rc.2"},{"name":"docs-v2.4.1-2016-06-28","sha":"1f1d042f551b86111713112c44989f4b2c07626c","kind":"tag","published_at":"2016-06-28T22:09:35.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/docs-v2.4.1-2016-06-28","html_url":"https://github.com/distribution/distribution/releases/tag/docs-v2.4.1-2016-06-28"},{"name":"v2.5.0-rc.1","sha":"f4296d55fcefdf842a4a2fce41cbf2aef3e03403","kind":"tag","published_at":"2016-06-14T19:48:12.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.5.0-rc.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.5.0-rc.1"},{"name":"docs-v2.4.1-2016-06-01","sha":"cb0806cddad9874954b91463892e95472636b160","kind":"tag","published_at":"2016-06-01T21:43:55.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/docs-v2.4.1-2016-06-01","html_url":"https://github.com/distribution/distribution/releases/tag/docs-v2.4.1-2016-06-01"},{"name":"v2.4.1","sha":"03efb43768979f4d2ea5187bef995656441829e5","kind":"tag","published_at":"2016-05-18T16:58:25.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.4.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.4.1"},{"name":"v2.4.1-rc.2","sha":"03efb43768979f4d2ea5187bef995656441829e5","kind":"tag","published_at":"2016-05-10T10:33:53.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.4.1-rc.2","html_url":"https://github.com/distribution/distribution/releases/tag/v2.4.1-rc.2"},{"name":"v2.4.1-rc.1","sha":"1e0f3b7b64058a090b2e38584ce323a408774848","kind":"tag","published_at":"2016-05-05T19:16:58.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.4.1-rc.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.4.1-rc.1"},{"name":"v2.4.1-rc.0","sha":"93d76247f2b527941761f2f8004db406eea0a56f","kind":"tag","published_at":"2016-05-04T17:46:36.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.4.1-rc.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.4.1-rc.0"},{"name":"v2.4.0","sha":"3f7fa41272784c4442697efffeff001a6f1b9857","kind":"tag","published_at":"2016-04-13T17:28:33.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.4.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.4.0"},{"name":"v2.4.0-rc.1","sha":"04ff3c0359d7ff6a5eef61d0d4c5cb2fe2f4234c","kind":"commit","published_at":"2016-03-31T00:46:27.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.4.0-rc.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.4.0-rc.1"},{"name":"v2.4.0-rc.0","sha":"c6b8499d62f8c508e5dc706f58f882c1dd9daffb","kind":"commit","published_at":"2016-03-24T23:14:17.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.4.0-rc.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.4.0-rc.0"},{"name":"v2.3.1","sha":"36936218c2e6a4527fc99a5c04126bb1f4c7d55c","kind":"tag","published_at":"2016-03-08T19:19:37.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.3.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.3.1"},{"name":"v2.3.1-rc.0","sha":"36936218c2e6a4527fc99a5c04126bb1f4c7d55c","kind":"commit","published_at":"2016-02-23T22:39:19.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.3.1-rc.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.3.1-rc.0"},{"name":"v2.3.0","sha":"099622876197e3b24d627a72053d1bcc8968076a","kind":"tag","published_at":"2016-02-04T19:25:44.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.3.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.3.0"},{"name":"v2.3.0-rc.2","sha":"d793822290eed15751744945afa81d2d1e915944","kind":"commit","published_at":"2016-01-28T18:04:09.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.3.0-rc.2","html_url":"https://github.com/distribution/distribution/releases/tag/v2.3.0-rc.2"},{"name":"v2.3.0-rc.1","sha":"1df70eb1da2ff9fdbbffe80f9a583e13a4374682","kind":"tag","published_at":"2016-01-21T18:32:39.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.3.0-rc.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.3.0-rc.1"},{"name":"v2.3.0-rc.0","sha":"47a064d4195a9b56133891bbb13620c3ac83a827","kind":"tag","published_at":"2016-01-19T19:20:04.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.3.0-rc.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.3.0-rc.0"},{"name":"v2.3.0-alpha","sha":"39ff320b8297a6bfcbdf5ecb53dc83b22a4c19c2","kind":"tag","published_at":"2016-01-11T22:52:41.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.3.0-alpha","html_url":"https://github.com/distribution/distribution/releases/tag/v2.3.0-alpha"},{"name":"v2.2.1","sha":"e6c60e79c570f97ef36f280fcebed497682a5f37","kind":"tag","published_at":"2015-12-09T21:24:02.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.2.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.2.1"},{"name":"v2.2.0","sha":"a9da0e510032314910b5405acc50873ab2fa2e5a","kind":"tag","published_at":"2015-11-03T19:45:01.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.2.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.2.0"},{"name":"v2.1.1","sha":"44c7fb9e6e7e58e88d38d93b5f1f6da6a54d28ff","kind":"tag","published_at":"2015-08-12T22:45:15.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.1.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.1.1"},{"name":"v2.1.0","sha":"9ca7921603852314b18a6ecc19f91806935f34bd","kind":"tag","published_at":"2015-08-11T23:08:00.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.1.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.1.0"},{"name":"v2.1.0-rc.0","sha":"a0c63372fad430b7ab08d2763cb7d9e2c512c384","kind":"tag","published_at":"2015-08-05T00:45:26.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.1.0-rc.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.1.0-rc.0"},{"name":"v2.0.1","sha":"1341222284b3a6b4e77fb64571ad423ed58b0d34","kind":"tag","published_at":"2015-05-06T23:44:13.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.0.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.0.1"},{"name":"v2.0.0","sha":"62b70f951f30a711a8a81df1865d0afeeaaa0169","kind":"tag","published_at":"2015-04-16T18:28:22.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.0.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.0.0"},{"name":"v2.0.0-rc.4","sha":"c5183a446bfe2284b3e564058ce3a0becd3d0ccf","kind":"tag","published_at":"2015-04-16T06:36:04.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.0.0-rc.4","html_url":"https://github.com/distribution/distribution/releases/tag/v2.0.0-rc.4"},{"name":"v2.0.0-rc.3","sha":"90af0f9b7a8783d9664a8624208b403e7ab55b9a","kind":"tag","published_at":"2015-04-10T23:58:11.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.0.0-rc.3","html_url":"https://github.com/distribution/distribution/releases/tag/v2.0.0-rc.3"},{"name":"v2.0.0-rc.2","sha":"5a4f66b2f897af9cd6bce08e952e622580686f44","kind":"tag","published_at":"2015-04-08T03:19:21.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.0.0-rc.2","html_url":"https://github.com/distribution/distribution/releases/tag/v2.0.0-rc.2"},{"name":"v2.0.0-rc.1","sha":"434be18e350e5f4d2a79c5d54ada9e217f7743f1","kind":"tag","published_at":"2015-04-07T04:04:04.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.0.0-rc.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.0.0-rc.1"},{"name":"v2.0.0-rc.0","sha":"cf5839b019b61ec90ef2ece09ed1302300fb529c","kind":"tag","published_at":"2015-04-03T05:16:43.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.0.0-rc.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.0.0-rc.0"},{"name":"v2.0.0-alpha.3","sha":"ddde6b436338f549e67406ae1d84950e77d60feb","kind":"tag","published_at":"2015-03-07T02:49:48.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.0.0-alpha.3","html_url":"https://github.com/distribution/distribution/releases/tag/v2.0.0-alpha.3"},{"name":"v2.0.0-alpha.2","sha":"9b9ea5579715e916fd6ac9ee8123ebd61cc2da66","kind":"tag","published_at":"2015-02-05T03:27:13.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.0.0-alpha.2","html_url":"https://github.com/distribution/distribution/releases/tag/v2.0.0-alpha.2"},{"name":"v2.0.0-alpha.1","sha":"16500886291481459c94001b53cebb7707aa6801","kind":"tag","published_at":"2015-01-29T21:47:15.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.0.0-alpha.1","html_url":"https://github.com/distribution/distribution/releases/tag/v2.0.0-alpha.1"},{"name":"v2.0.0-alpha.0","sha":"c448e0416925a9876d5576e412703c9b8b865e19","kind":"tag","published_at":"2015-01-29T21:33:43.000Z","download_url":"https://codeload.github.com/distribution/distribution/tar.gz/v2.0.0-alpha.0","html_url":"https://github.com/distribution/distribution/releases/tag/v2.0.0-alpha.0"}]},"repo_metadata_updated_at":"2023-03-21T18:38:03.125Z","dependent_packages_count":13573,"downloads":null,"downloads_period":null,"dependent_repos_count":33614,"rankings":{"downloads":null,"dependent_repos_count":0.032250638272278344,"dependent_packages_count":0.01876966407486296,"stargazers_count":0.762504640566118,"forks_count":0.19682222328226465,"docker_downloads_count":0.005081290274410415,"average":0.20308569129398685},"purl":"pkg:golang/github.com/docker/distribution","advisories":[{"uuid":"GSA_kwCzR0hTQS1xcTk3LXZtNWgtcnJoZ80psQ","url":"https://github.com/advisories/GHSA-qq97-vm5h-rrhg","title":"OCI Manifest Type Confusion Issue","description":"### Impact\n\nSystems that rely on digest equivalence for image attestations may be vulnerable to type confusion.\n\n### Patches\n\nUpgrade to at least `v2.8.0-beta.1`  if you are running `v2.x` release. If you use the code from the `main` branch, update at least to the commit after [b59a6f827947f9e0e67df0cfb571046de4733586](https://github.com/distribution/distribution/commit/b59a6f827947f9e0e67df0cfb571046de4733586).\n\n### Workarounds\n\nThere is no way to work around this issue without patching.\n\n### References\n\nDue to [an oversight in the OCI Image Specification](https://github.com/opencontainers/image-spec/pull/411) that removed the embedded `mediaType` field from manifests, a maliciously crafted OCI Container Image can cause registry clients to parse the same image in two different ways without modifying the image’s digest by modifying the `Content-Type` header returned by a registry. This can invalidate a common pattern of relying on container image digests for equivalence.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [distribution](https://github.com/distribution/distribution) \n* Open an issue in [distribution-spec](https://github.com/opencontainers/distribution-spec) \n* Email us at [cncf-distribution-security@lists.cncf.io](mailto:cncf-distribution-security@lists.cncf.io)\n","origin":"UNSPECIFIED","severity":"LOW","published_at":"2022-02-08T18:53:56.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":3.0,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N","references":["https://github.com/distribution/distribution/security/advisories/GHSA-qq97-vm5h-rrhg","https://github.com/opencontainers/image-spec/pull/411","https://github.com/distribution/distribution/commit/b59a6f827947f9e0e67df0cfb571046de4733586","https://pkg.go.dev/vuln/GO-2022-0379","https://github.com/advisories/GHSA-qq97-vm5h-rrhg"],"source_kind":"github","identifiers":["GHSA-qq97-vm5h-rrhg"],"repository_url":"https://github.com/distribution/distribution","blast_radius":13.579560587205794,"packages":[{"versions":[{"first_patched_version":"2.8.0","vulnerable_version_range":"\u003c 2.8.0"}],"ecosystem":"go","package_name":"github.com/docker/distribution"}],"created_at":"2022-12-21T16:12:35.939Z","updated_at":"2023-02-09T15:29:32.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS1ocXh3LWY4bXgtY3Btd84AAzSg","url":"https://github.com/advisories/GHSA-hqxw-f8mx-cpmw","title":"distribution catalog API endpoint can lead to OOM via malicious user input","description":"### Impact\n\nSystems that run `distribution` built after a specific commit running on memory-restricted environments can suffer from denial of service by a crafted malicious `/v2/_catalog` API endpoint request. \n\n### Patches\n\nUpgrade to at least 2.8.2-beta.1 if you are running `v2.8.x` release. If you use the code from the main branch, update at least to the commit after [f55a6552b006a381d9167e328808565dd2bf77dc](https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc).\n\n### Workarounds\n\nThere is no way to work around this issue without patching. Restrict access to the affected API endpoint: see the recommendations section.\n\n### References\n\n`/v2/_catalog` endpoint accepts a parameter to control the maximum amount of records returned (query string: `n`).\n\nWhen not given the default `n=100` is used.  The server trusts that `n` has an acceptable value, however when using a \nmaliciously large value, it allocates an array/slice of `n` of strings before filling the slice with data.\n\nThis behaviour was introduced ~7yrs ago [1].\n\n### Recommendation\n\nThe `/v2/_catalog` endpoint was designed specifically to do registry syncs with search or other API systems. Such an endpoint would create a lot of load on the backend system, due to overfetch required to serve a request in certain implementations.\n\nBecause of this, we strongly recommend keeping this API endpoint behind heightened privilege and avoiding leaving it exposed to the internet.\n\n###  For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [distribution repository](https://github.com/distribution/distribution)\n* Email us at [cncf-distribution-security@lists.cncf.io](mailto:cncf-distribution-security@lists.cncf.io)\n\n[1] [faulty commit](https://github.com/distribution/distribution/blob/b7e26bac741c76cb792f8e14c41a2163b5dae8df/registry/handlers/catalog.go#L45)","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-05-11T20:37:54.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw","https://github.com/distribution/distribution/commit/f55a6552b006a381d9167e328808565dd2bf77dc","https://nvd.nist.gov/vuln/detail/CVE-2023-2253","https://bugzilla.redhat.com/show_bug.cgi?id=2189886","https://lists.debian.org/debian-lts-announce/2023/06/msg00035.html","https://github.com/advisories/GHSA-hqxw-f8mx-cpmw"],"source_kind":"github","identifiers":["GHSA-hqxw-f8mx-cpmw","CVE-2023-2253"],"repository_url":"https://github.com/distribution/distribution","blast_radius":33.94890146801449,"packages":[{"versions":[{"first_patched_version":"2.8.2-beta.1","vulnerable_version_range":"\u003c 2.8.2-beta.1"}],"ecosystem":"go","package_name":"github.com/docker/distribution"}],"created_at":"2023-05-11T21:03:21.212Z","updated_at":"2023-11-12T05:04:27.000Z","epss_percentage":0.00054,"epss_percentile":0.24521},{"uuid":"GSA_kwCzR0hTQS1oNjJmLXdtOTItMmNtd834jw","url":"https://github.com/advisories/GHSA-h62f-wm92-2cmw","title":"Docker Registry has Allocation of Resources Without Limits or Throttling","description":"Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.\n### Specific Go Packages Affected\ngithub.com/docker/distribution/registry/storage\ngithub.com/docker/distribution/registry/handlers","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-13T01:16:08.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2017-11468","https://github.com/docker/distribution/pull/2340","https://access.redhat.com/errata/RHSA-2017:2603","https://github.com/docker/distribution/releases/tag/v2.6.2","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html","https://github.com/distribution/distribution/pull/2340","https://github.com/distribution/distribution/commit/91c507a39abfce14b5c8541cf284330e22208c0f","https://pkg.go.dev/vuln/GO-2021-0072","https://github.com/advisories/GHSA-h62f-wm92-2cmw"],"source_kind":"github","identifiers":["GHSA-h62f-wm92-2cmw","CVE-2017-11468"],"repository_url":"https://github.com/docker/distribution","blast_radius":33.94890146801449,"packages":[{"versions":[{"first_patched_version":"2.7.0-rc.0","vulnerable_version_range":"\u003c 2.7.0-rc.0"}],"ecosystem":"go","package_name":"github.com/docker/distribution"}],"created_at":"2023-02-07T01:02:58.368Z","updated_at":"2024-12-29T01:10:51.994Z","epss_percentage":0.00476,"epss_percentile":0.75502}],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/docker/distribution","docker_dependents_count":10026,"docker_downloads_count":43631287223,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/docker/distribution","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/docker/distribution/dependencies","status":null,"funding_links":[],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fdocker%2Fdistribution/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fdocker%2Fdistribution/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fdocker%2Fdistribution/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fdocker%2Fdistribution/related_packages","maintainers":[],"registry":{"name":"proxy.golang.org","url":"https://proxy.golang.org","ecosystem":"go","default":true,"packages_count":1882895,"maintainers_count":0,"namespaces_count":723926,"keywords_count":97872,"github":"golang","metadata":{"funded_packages_count":39346},"icon_url":"https://github.com/golang.png","created_at":"2022-04-04T15:19:22.939Z","updated_at":"2025-06-06T05:22:27.920Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/namespaces"}},"unique_repositories_count":79,"unique_repositories_count_past_30_days":3,"recent_issues":[{"uuid":"4486835653","node_id":"PR_kwDOHKqUys7di43K","number":671,"state":"open","title":"build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.3+incompatible","user":"dependabot[bot]","labels":["stale"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-20T13:25:59.000Z","updated_at":"2026-06-04T02:17:16.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/docker/distribution","old_version":"2.8.1+incompatible","new_version":"2.8.3+incompatible","repository_url":"https://github.com/docker/distribution"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.3+incompatible.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass \u003ccode\u003eBUILDTAGS\u003c/code\u003e argument to \u003ccode\u003ego build\u003c/code\u003e by \u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable Go build tags by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4009\"\u003edistribution/distribution#4009\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ereference\u003c/code\u003e: replace deprecated function \u003ccode\u003eSplitHostname\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4032\"\u003edistribution/distribution#4032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDont parse errors as JSON unless Content-Type is set to JSON by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4054\"\u003edistribution/distribution#4054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go 1.20.8 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4056\"\u003edistribution/distribution#4056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003eContent-Type\u003c/code\u003e header in registry client \u003ccode\u003eReadFrom\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4053\"\u003edistribution/distribution#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeprecate reference package, migrate to github.com/distribution/reference by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4063\"\u003edistribution/distribution#4063\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edigestset\u003c/code\u003e: deprecate package in favor of \u003ccode\u003ego-digest/digestset\u003c/code\u003e  by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4064\"\u003edistribution/distribution#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not close HTTP request body in HTTP handler by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4068\"\u003edistribution/distribution#4068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd v2.8.3 release notes by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4088\"\u003edistribution/distribution#4088\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4772604ae973031ab32dd9805a4bccf61d94909f\"\u003e\u003ccode\u003e4772604\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4088\"\u003e#4088\u003c/a\u003e from distribution/2.8.3-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a4fa69927538d336b6c537712b03ebb8e4194535\"\u003e\u003ccode\u003ea4fa699\u003c/code\u003e\u003c/a\u003e Add v2.8.3 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/1eb2c30122f5e45360037a9e5191e861b0fb86e6\"\u003e\u003ccode\u003e1eb2c30\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4068\"\u003e#4068\u003c/a\u003e from milosgajdos/2_8-dont-close-request-body\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5e6b1b5c9823f5941f40f8dc2bbf93f86342a897\"\u003e\u003ccode\u003e5e6b1b5\u003c/code\u003e\u003c/a\u003e Do not close HTTP request body in HTTP handler\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b76378843a642c9f92dc0cc528219e103aa9bee\"\u003e\u003ccode\u003e2b76378\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4064\"\u003e#4064\u003c/a\u003e from thaJeztah/2.8_backport_nodigestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/29b00e8b28994a706bb9eb20574ed60416ddc55c\"\u003e\u003ccode\u003e29b00e8\u003c/code\u003e\u003c/a\u003e digestset: deprecate package in favor of go-digest/digestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/d1ab2430e6c6226cf54cb46d9a8c8f253f24f8ec\"\u003e\u003ccode\u003ed1ab243\u003c/code\u003e\u003c/a\u003e [release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/11eb4194f67598afebcc15bf474b488b3c5b09a0\"\u003e\u003ccode\u003e11eb419\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4063\"\u003e#4063\u003c/a\u003e from thaJeztah/2.8_backport_switch_reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/3dda0677474a076ec5746e960fc0fb96ff738fd1\"\u003e\u003ccode\u003e3dda067\u003c/code\u003e\u003c/a\u003e deprecate reference package, migrate to github.com/distribution/reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/da05539ad3168aaba3a0b22aebdbddb3deeba6a2\"\u003e\u003ccode\u003eda05539\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4053\"\u003e#4053\u003c/a\u003e from thaJeztah/2.8_backport_set-content-type-client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.1...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution\u0026package-manager=go_modules\u0026previous-version=2.8.1+incompatible\u0026new-version=2.8.3+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/RemakingEden/dagger/pull/671","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/RemakingEden%2Fdagger/issues/671","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/671/packages"},{"uuid":"4417786786","node_id":"PR_kwDOHmgjqM7aF9yP","number":800,"state":"open","title":"build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.3+incompatible","user":"dependabot[bot]","labels":["stale"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-11T03:04:24.000Z","updated_at":"2026-05-26T02:17:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/docker/distribution","old_version":"2.8.1+incompatible","new_version":"2.8.3+incompatible","repository_url":"https://github.com/docker/distribution"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.3+incompatible.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass \u003ccode\u003eBUILDTAGS\u003c/code\u003e argument to \u003ccode\u003ego build\u003c/code\u003e by \u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable Go build tags by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4009\"\u003edistribution/distribution#4009\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ereference\u003c/code\u003e: replace deprecated function \u003ccode\u003eSplitHostname\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4032\"\u003edistribution/distribution#4032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDont parse errors as JSON unless Content-Type is set to JSON by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4054\"\u003edistribution/distribution#4054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go 1.20.8 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4056\"\u003edistribution/distribution#4056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003eContent-Type\u003c/code\u003e header in registry client \u003ccode\u003eReadFrom\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4053\"\u003edistribution/distribution#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeprecate reference package, migrate to github.com/distribution/reference by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4063\"\u003edistribution/distribution#4063\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edigestset\u003c/code\u003e: deprecate package in favor of \u003ccode\u003ego-digest/digestset\u003c/code\u003e  by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4064\"\u003edistribution/distribution#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not close HTTP request body in HTTP handler by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4068\"\u003edistribution/distribution#4068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd v2.8.3 release notes by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4088\"\u003edistribution/distribution#4088\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4772604ae973031ab32dd9805a4bccf61d94909f\"\u003e\u003ccode\u003e4772604\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4088\"\u003e#4088\u003c/a\u003e from distribution/2.8.3-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a4fa69927538d336b6c537712b03ebb8e4194535\"\u003e\u003ccode\u003ea4fa699\u003c/code\u003e\u003c/a\u003e Add v2.8.3 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/1eb2c30122f5e45360037a9e5191e861b0fb86e6\"\u003e\u003ccode\u003e1eb2c30\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4068\"\u003e#4068\u003c/a\u003e from milosgajdos/2_8-dont-close-request-body\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5e6b1b5c9823f5941f40f8dc2bbf93f86342a897\"\u003e\u003ccode\u003e5e6b1b5\u003c/code\u003e\u003c/a\u003e Do not close HTTP request body in HTTP handler\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b76378843a642c9f92dc0cc528219e103aa9bee\"\u003e\u003ccode\u003e2b76378\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4064\"\u003e#4064\u003c/a\u003e from thaJeztah/2.8_backport_nodigestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/29b00e8b28994a706bb9eb20574ed60416ddc55c\"\u003e\u003ccode\u003e29b00e8\u003c/code\u003e\u003c/a\u003e digestset: deprecate package in favor of go-digest/digestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/d1ab2430e6c6226cf54cb46d9a8c8f253f24f8ec\"\u003e\u003ccode\u003ed1ab243\u003c/code\u003e\u003c/a\u003e [release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/11eb4194f67598afebcc15bf474b488b3c5b09a0\"\u003e\u003ccode\u003e11eb419\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4063\"\u003e#4063\u003c/a\u003e from thaJeztah/2.8_backport_switch_reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/3dda0677474a076ec5746e960fc0fb96ff738fd1\"\u003e\u003ccode\u003e3dda067\u003c/code\u003e\u003c/a\u003e deprecate reference package, migrate to github.com/distribution/reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/da05539ad3168aaba3a0b22aebdbddb3deeba6a2\"\u003e\u003ccode\u003eda05539\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4053\"\u003e#4053\u003c/a\u003e from thaJeztah/2.8_backport_set-content-type-client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.1...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution\u0026package-manager=go_modules\u0026previous-version=2.8.1+incompatible\u0026new-version=2.8.3+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/aria1991/dagger/pull/800","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/aria1991%2Fdagger/issues/800","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/800/packages"},{"uuid":"4391479348","node_id":"PR_kwDOHI0d1M7YxWky","number":831,"state":"closed","title":"Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.3+incompatible","user":"dependabot[bot]","labels":["dependencies","go","stale"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-28T05:45:42.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T12:53:21.000Z","updated_at":"2026-05-28T05:45:53.000Z","time_to_close":1875141,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/docker/distribution","old_version":"2.8.1+incompatible","new_version":"2.8.3+incompatible","repository_url":"https://github.com/docker/distribution"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.3+incompatible.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass \u003ccode\u003eBUILDTAGS\u003c/code\u003e argument to \u003ccode\u003ego build\u003c/code\u003e by \u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable Go build tags by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4009\"\u003edistribution/distribution#4009\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ereference\u003c/code\u003e: replace deprecated function \u003ccode\u003eSplitHostname\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4032\"\u003edistribution/distribution#4032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDont parse errors as JSON unless Content-Type is set to JSON by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4054\"\u003edistribution/distribution#4054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go 1.20.8 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4056\"\u003edistribution/distribution#4056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003eContent-Type\u003c/code\u003e header in registry client \u003ccode\u003eReadFrom\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4053\"\u003edistribution/distribution#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeprecate reference package, migrate to github.com/distribution/reference by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4063\"\u003edistribution/distribution#4063\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edigestset\u003c/code\u003e: deprecate package in favor of \u003ccode\u003ego-digest/digestset\u003c/code\u003e  by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4064\"\u003edistribution/distribution#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not close HTTP request body in HTTP handler by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4068\"\u003edistribution/distribution#4068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd v2.8.3 release notes by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4088\"\u003edistribution/distribution#4088\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4772604ae973031ab32dd9805a4bccf61d94909f\"\u003e\u003ccode\u003e4772604\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4088\"\u003e#4088\u003c/a\u003e from distribution/2.8.3-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a4fa69927538d336b6c537712b03ebb8e4194535\"\u003e\u003ccode\u003ea4fa699\u003c/code\u003e\u003c/a\u003e Add v2.8.3 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/1eb2c30122f5e45360037a9e5191e861b0fb86e6\"\u003e\u003ccode\u003e1eb2c30\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4068\"\u003e#4068\u003c/a\u003e from milosgajdos/2_8-dont-close-request-body\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5e6b1b5c9823f5941f40f8dc2bbf93f86342a897\"\u003e\u003ccode\u003e5e6b1b5\u003c/code\u003e\u003c/a\u003e Do not close HTTP request body in HTTP handler\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b76378843a642c9f92dc0cc528219e103aa9bee\"\u003e\u003ccode\u003e2b76378\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4064\"\u003e#4064\u003c/a\u003e from thaJeztah/2.8_backport_nodigestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/29b00e8b28994a706bb9eb20574ed60416ddc55c\"\u003e\u003ccode\u003e29b00e8\u003c/code\u003e\u003c/a\u003e digestset: deprecate package in favor of go-digest/digestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/d1ab2430e6c6226cf54cb46d9a8c8f253f24f8ec\"\u003e\u003ccode\u003ed1ab243\u003c/code\u003e\u003c/a\u003e [release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/11eb4194f67598afebcc15bf474b488b3c5b09a0\"\u003e\u003ccode\u003e11eb419\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4063\"\u003e#4063\u003c/a\u003e from thaJeztah/2.8_backport_switch_reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/3dda0677474a076ec5746e960fc0fb96ff738fd1\"\u003e\u003ccode\u003e3dda067\u003c/code\u003e\u003c/a\u003e deprecate reference package, migrate to github.com/distribution/reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/da05539ad3168aaba3a0b22aebdbddb3deeba6a2\"\u003e\u003ccode\u003eda05539\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4053\"\u003e#4053\u003c/a\u003e from thaJeztah/2.8_backport_set-content-type-client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.1...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution\u0026package-manager=go_modules\u0026previous-version=2.8.1+incompatible\u0026new-version=2.8.3+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/sultanabubaker/SAST-go-project/pull/831","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sultanabubaker%2FSAST-go-project/issues/831","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/831/packages"},{"uuid":"4168105144","node_id":"PR_kwDOHF4yI87Ogyy2","number":280,"state":"open","title":"build(deps): bump the engine group across 1 directory with 74 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-30T07:07:59.000Z","updated_at":"2026-03-30T07:08:00.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"engine","update_count":74,"packages":[{"name":"github.com/99designs/gqlgen","old_version":"0.17.44","new_version":"0.17.89","repository_url":"https://github.com/99designs/gqlgen"},{"name":"github.com/Khan/genqlient","old_version":"0.7.0","new_version":"0.8.1","repository_url":"https://github.com/Khan/genqlient"},{"name":"github.com/a-h/templ","old_version":"0.2.543","new_version":"0.3.1001","repository_url":"https://github.com/a-h/templ"},{"name":"github.com/adrg/xdg","old_version":"0.4.0","new_version":"0.5.3","repository_url":"https://github.com/adrg/xdg"},{"name":"github.com/charmbracelet/bubbletea","old_version":"0.25.0","new_version":"1.3.10","repository_url":"https://github.com/charmbracelet/bubbletea"},{"name":"github.com/containerd/console","old_version":"1.0.4","new_version":"1.0.5","repository_url":"https://github.com/containerd/console"},{"name":"github.com/containerd/containerd","old_version":"1.7.15","new_version":"1.7.30","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containerd/stargz-snapshotter","old_version":"0.15.1","new_version":"0.18.2","repository_url":"https://github.com/containerd/stargz-snapshotter"},{"name":"github.com/creack/pty","old_version":"1.1.18","new_version":"1.1.24","repository_url":"https://github.com/creack/pty"},{"name":"github.com/dave/jennifer","old_version":"1.7.0","new_version":"1.7.1","repository_url":"https://github.com/dave/jennifer"},{"name":"github.com/docker/distribution","old_version":"2.8.2+incompatible","new_version":"2.8.3+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/docker/docker","old_version":"26.1.0+incompatible","new_version":"28.5.2+incompatible","repository_url":"https://github.com/docker/docker"},{"name":"github.com/dschmidt/go-layerfs","old_version":"0.1.0","new_version":"0.2.0","repository_url":"https://github.com/dschmidt/go-layerfs"},{"name":"github.com/go-git/go-git/v5","old_version":"5.12.0","new_version":"5.17.1","repository_url":"https://github.com/go-git/go-git"},{"name":"github.com/gofrs/flock","old_version":"0.8.1","new_version":"0.13.0","repository_url":"https://github.com/gofrs/flock"},{"name":"github.com/goproxy/goproxy","old_version":"0.16.9","new_version":"0.26.0","repository_url":"https://github.com/goproxy/goproxy"},{"name":"github.com/jackpal/gateway","old_version":"1.0.7","new_version":"1.1.1","repository_url":"https://github.com/jackpal/gateway"},{"name":"github.com/koron-go/prefixw","old_version":"1.0.0","new_version":"1.0.2","repository_url":"https://github.com/koron-go/prefixw"},{"name":"github.com/lmittmann/tint","old_version":"1.0.4","new_version":"1.1.3","repository_url":"https://github.com/lmittmann/tint"},{"name":"github.com/mackerelio/go-osstat","old_version":"0.2.4","new_version":"0.2.7","repository_url":"https://github.com/mackerelio/go-osstat"},{"name":"github.com/moby/patternmatcher","old_version":"0.6.0","new_version":"0.6.1","repository_url":"https://github.com/moby/patternmatcher"},{"name":"github.com/rs/zerolog","old_version":"1.32.0","new_version":"1.35.0","repository_url":"https://github.com/rs/zerolog"},{"name":"github.com/samber/slog-logrus/v2","old_version":"2.2.0","new_version":"2.5.4","repository_url":"https://github.com/samber/slog-logrus"},{"name":"github.com/tidwall/gjson","old_version":"1.17.0","new_version":"1.18.0","repository_url":"https://github.com/tidwall/gjson"},{"name":"github.com/vito/midterm","old_version":"0.1.5-0.20240307214207-d0271a7ca452","new_version":"0.2.4","repository_url":"https://github.com/vito/midterm"},{"name":"github.com/zeebo/xxh3","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/zeebo/xxh3"},{"name":"go.opentelemetry.io/otel/log","old_version":"0.0.1-alpha","new_version":"0.18.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the engine group with 27 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/99designs/gqlgen](https://github.com/99designs/gqlgen) | `0.17.44` | `0.17.89` |\n| [github.com/Khan/genqlient](https://github.com/Khan/genqlient) | `0.7.0` | `0.8.1` |\n| [github.com/a-h/templ](https://github.com/a-h/templ) | `0.2.543` | `0.3.1001` |\n| [github.com/adrg/xdg](https://github.com/adrg/xdg) | `0.4.0` | `0.5.3` |\n| [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) | `0.25.0` | `1.3.10` |\n| [github.com/containerd/console](https://github.com/containerd/console) | `1.0.4` | `1.0.5` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.15` | `1.7.30` |\n| [github.com/containerd/stargz-snapshotter](https://github.com/containerd/stargz-snapshotter) | `0.15.1` | `0.18.2` |\n| [github.com/creack/pty](https://github.com/creack/pty) | `1.1.18` | `1.1.24` |\n| [github.com/dave/jennifer](https://github.com/dave/jennifer) | `1.7.0` | `1.7.1` |\n| [github.com/docker/distribution](https://github.com/docker/distribution) | `2.8.2+incompatible` | `2.8.3+incompatible` |\n| [github.com/docker/docker](https://github.com/docker/docker) | `26.1.0+incompatible` | `28.5.2+incompatible` |\n| [github.com/dschmidt/go-layerfs](https://github.com/dschmidt/go-layerfs) | `0.1.0` | `0.2.0` |\n| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.12.0` | `5.17.1` |\n| [github.com/gofrs/flock](https://github.com/gofrs/flock) | `0.8.1` | `0.13.0` |\n| [github.com/goproxy/goproxy](https://github.com/goproxy/goproxy) | `0.16.9` | `0.26.0` |\n| [github.com/jackpal/gateway](https://github.com/jackpal/gateway) | `1.0.7` | `1.1.1` |\n| [github.com/koron-go/prefixw](https://github.com/koron-go/prefixw) | `1.0.0` | `1.0.2` |\n| [github.com/lmittmann/tint](https://github.com/lmittmann/tint) | `1.0.4` | `1.1.3` |\n| [github.com/mackerelio/go-osstat](https://github.com/mackerelio/go-osstat) | `0.2.4` | `0.2.7` |\n| [github.com/moby/patternmatcher](https://github.com/moby/patternmatcher) | `0.6.0` | `0.6.1` |\n| [github.com/rs/zerolog](https://github.com/rs/zerolog) | `1.32.0` | `1.35.0` |\n| [github.com/samber/slog-logrus/v2](https://github.com/samber/slog-logrus) | `2.2.0` | `2.5.4` |\n| [github.com/tidwall/gjson](https://github.com/tidwall/gjson) | `1.17.0` | `1.18.0` |\n| [github.com/vito/midterm](https://github.com/vito/midterm) | `0.1.5-0.20240307214207-d0271a7ca452` | `0.2.4` |\n| [github.com/zeebo/xxh3](https://github.com/zeebo/xxh3) | `1.0.2` | `1.1.0` |\n| [go.opentelemetry.io/otel/log](https://github.com/open-telemetry/opentelemetry-go) | `0.0.1-alpha` | `0.18.0` |\n\n\nUpdates `github.com/99designs/gqlgen` from 0.17.44 to 0.17.89\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/99designs/gqlgen/releases\"\u003egithub.com/99designs/gqlgen's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.17.89\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature/optimize packages load validation by \u003ca href=\"https://github.com/jhonDoe15\"\u003e\u003ccode\u003e@​jhonDoe15\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4070\"\u003e99designs/gqlgen#4070\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated integration test dependencies by \u003ca href=\"https://github.com/UnAfraid\"\u003e\u003ccode\u003e@​UnAfraid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4071\"\u003e99designs/gqlgen#4071\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor: just split injectTypesFromSchema into smaller methods by \u003ca href=\"https://github.com/atzedus\"\u003e\u003ccode\u003e@​atzedus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4061\"\u003e99designs/gqlgen#4061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore headers from body by \u003ca href=\"https://github.com/jeolted\"\u003e\u003ccode\u003e@​jeolted\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4088\"\u003e99designs/gqlgen#4088\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: batch resolver being called multiple times for interface implementations by \u003ca href=\"https://github.com/tomoikey\"\u003e\u003ccode\u003e@​tomoikey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4087\"\u003e99designs/gqlgen#4087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove use_light_mode_prefetch option by \u003ca href=\"https://github.com/jhonDoe15\"\u003e\u003ccode\u003e@​jhonDoe15\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4080\"\u003e99designs/gqlgen#4080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​graphql-codegen/cli\u003c/code\u003e from 6.1.2 to 6.1.3 in /integration by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4067\"\u003e99designs/gqlgen#4067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4069\"\u003e99designs/gqlgen#4069\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump dawidd6/action-download-artifact from 16 to 19 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4092\"\u003e99designs/gqlgen#4092\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jeolted\"\u003e\u003ccode\u003e@​jeolted\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4088\"\u003e99designs/gqlgen#4088\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/99designs/gqlgen/compare/v0.17.88...v0.17.89\"\u003ehttps://github.com/99designs/gqlgen/compare/v0.17.88...v0.17.89\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.17.88\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd nested batch resolver tests and documentation to batchresolver example by \u003ca href=\"https://github.com/dpulpeiro\"\u003e\u003ccode\u003e@​dpulpeiro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4043\"\u003e99designs/gqlgen#4043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in unmarshalling null to non-nullable bound type by \u003ca href=\"https://github.com/deitrix\"\u003e\u003ccode\u003e@​deitrix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4055\"\u003e99designs/gqlgen#4055\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a bug that causes excessive pruning by \u003ca href=\"https://github.com/AdallomRoy\"\u003e\u003ccode\u003e@​AdallomRoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4054\"\u003e99designs/gqlgen#4054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMissing config options in gqlgen.schema.json by \u003ca href=\"https://github.com/atzedus\"\u003e\u003ccode\u003e@​atzedus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4045\"\u003e99designs/gqlgen#4045\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support \u003ca href=\"https://github.com/goField\"\u003e\u003ccode\u003e@​goField\u003c/code\u003e\u003c/a\u003e(batch: true) directive by \u003ca href=\"https://github.com/dpulpeiro\"\u003e\u003ccode\u003e@​dpulpeiro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4040\"\u003e99designs/gqlgen#4040\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove duplicated buildField batch flag block by \u003ca href=\"https://github.com/dpulpeiro\"\u003e\u003ccode\u003e@​dpulpeiro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4057\"\u003e99designs/gqlgen#4057\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add incremental code generation for follow-schema layout by \u003ca href=\"https://github.com/jhonDoe15\"\u003e\u003ccode\u003e@​jhonDoe15\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4042\"\u003e99designs/gqlgen#4042\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump dawidd6/action-download-artifact from 14 to 15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4037\"\u003e99designs/gqlgen#4037\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump devops-actions/actionlint from 0.1.10 to 0.1.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4036\"\u003e99designs/gqlgen#4036\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​apollo/client\u003c/code\u003e from 4.1.4 to 4.1.5 in /integration by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4035\"\u003e99designs/gqlgen#4035\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​graphql-codegen/client-preset\u003c/code\u003e from 5.2.2 to 5.2.3 in /integration by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4034\"\u003e99designs/gqlgen#4034\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/sosodev/duration from 1.3.1 to 1.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4032\"\u003e99designs/gqlgen#4032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​graphql-codegen/cli\u003c/code\u003e from 6.1.1 to 6.1.2 in /integration by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4033\"\u003e99designs/gqlgen#4033\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump rollup from 4.56.0 to 4.59.0 in /integration in the npm_and_yarn group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4039\"\u003e99designs/gqlgen#4039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/urfave/cli/v3 from 3.6.2 to 3.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4046\"\u003e99designs/gqlgen#4046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​apollo/client\u003c/code\u003e from 4.1.5 to 4.1.6 in /integration by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4048\"\u003e99designs/gqlgen#4048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump mikepenz/action-junit-report from 6.2.0 to 6.3.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4049\"\u003e99designs/gqlgen#4049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/setup-go from 6.2.0 to 6.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4050\"\u003e99designs/gqlgen#4050\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump dawidd6/action-download-artifact from 15 to 16 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4051\"\u003e99designs/gqlgen#4051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4052\"\u003e99designs/gqlgen#4052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump graphql from 16.12.0 to 16.13.0 in /integration by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4047\"\u003e99designs/gqlgen#4047\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump immutable from 3.7.6 to 5.1.5 in /integration in the npm_and_yarn group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4058\"\u003e99designs/gqlgen#4058\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dpulpeiro\"\u003e\u003ccode\u003e@​dpulpeiro\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4043\"\u003e99designs/gqlgen#4043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jhonDoe15\"\u003e\u003ccode\u003e@​jhonDoe15\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4042\"\u003e99designs/gqlgen#4042\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/99designs/gqlgen/compare/v0.17.87...v0.17.88\"\u003ehttps://github.com/99designs/gqlgen/compare/v0.17.87...v0.17.88\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.17.87\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/99designs/gqlgen/blob/master/CHANGELOG.md\"\u003egithub.com/99designs/gqlgen's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCHANGELOG\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/99designs/gqlgen/compare/v0.17.50...HEAD\"\u003eUnreleased\u003c/a\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/99designs/gqlgen/compare/v0.17.49...v0.17.50\"\u003ev0.17.50\u003c/a\u003e - 2024-09-13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003ea6d5d843\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e release v0.17.50\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003ef154d99d\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e Fix Nancy to use Go 1.22\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e6b9e40e8\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e make rewrite default for resolver layout single-file (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://redirect.github.com/99designs/gqlgen/issues/3243\"\u003e#3243\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eBumps the npm_and_yarn group in /integration with 1 update: \u003ca href=\"https://github.com/lukeed/dset\"\u003edset\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eUpdates \u003ccode\u003edset\u003c/code\u003e from 3.1.3 to 3.1.4\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukeed/dset/releases\"\u003eRelease notes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukeed/dset/compare/v3.1.3...v3.1.4\"\u003eCommits\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eupdated-dependencies:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003edependency-name: dset\ndependency-type: indirect\ndependency-group: npm_and_yarn\n...\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBump some more module versions\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate aurora\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid upgrade to go 1.23\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003edowngrade goquery to support pre-Go 1.23 for now\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/76d62cf985e293ae4c352529659381a4caf45565\"\u003e\u003ccode\u003e76d62cf\u003c/code\u003e\u003c/a\u003e release v0.17.89\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/be391aebdd50897dbb7d65fe2ee8b1cb1c63721e\"\u003e\u003ccode\u003ebe391ae\u003c/code\u003e\u003c/a\u003e Remove use_light_mode_prefetch option (\u003ca href=\"https://redirect.github.com/99designs/gqlgen/issues/4080\"\u003e#4080\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/8139cd123fc4ad498aaed4c26886ab76a64281c1\"\u003e\u003ccode\u003e8139cd1\u003c/code\u003e\u003c/a\u003e fix: batch resolver being called multiple times for interface implementations...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/f7f177b0572a89be1cd9e5a3ae6c9c0f90d54826\"\u003e\u003ccode\u003ef7f177b\u003c/code\u003e\u003c/a\u003e Ignore headers from body (\u003ca href=\"https://redirect.github.com/99designs/gqlgen/issues/4088\"\u003e#4088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/5f192ccff3459f2751abae431bdaf386d0ef2df8\"\u003e\u003ccode\u003e5f192cc\u003c/code\u003e\u003c/a\u003e chore(deps): bump dawidd6/action-download-artifact from 16 to 19 (\u003ca href=\"https://redirect.github.com/99designs/gqlgen/issues/4092\"\u003e#4092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/82bf8457f1df0a7073b5f45ef70e8b95eb09cba8\"\u003e\u003ccode\u003e82bf845\u003c/code\u003e\u003c/a\u003e fix: Handle interface-to-interface inheritance in introspection (\u003ca href=\"https://redirect.github.com/99designs/gqlgen/issues/4083\"\u003e#4083\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/daf8f07ffad018bd8b061674bcbf5cb7e9ae9f72\"\u003e\u003ccode\u003edaf8f07\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (\u003ca href=\"https://redirect.github.com/99designs/gqlgen/issues/4069\"\u003e#4069\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/3e779134def8708ff6ac1bb08e0143fa03027037\"\u003e\u003ccode\u003e3e77913\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump \u003ccode\u003e@​graphql-codegen/cli\u003c/code\u003e in /integration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/f92e401550602ddc9c0cf9c35cfe5f3385a5566c\"\u003e\u003ccode\u003ef92e401\u003c/code\u003e\u003c/a\u003e Refactor: just split injectTypesFromSchema into smaller methods (\u003ca href=\"https://redirect.github.com/99designs/gqlgen/issues/4061\"\u003e#4061\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/6edc0f4144c9a9296fc2d8e0d63d5b8ebb02968a\"\u003e\u003ccode\u003e6edc0f4\u003c/code\u003e\u003c/a\u003e Updated integration test dependencies (\u003ca href=\"https://redirect.github.com/99designs/gqlgen/issues/4071\"\u003e#4071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/99designs/gqlgen/compare/v0.17.44...v0.17.89\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/Khan/genqlient` from 0.7.0 to 0.8.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Khan/genqlient/releases\"\u003egithub.com/Khan/genqlient's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.1\u003c/h2\u003e\n\u003cp\u003eThis release fixes a bug introduced in v0.8.0 breaking path resolution on Windows, along with some other small features and bugs.\u003c/p\u003e\n\u003ch3\u003eNew features:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e@genqlient(alias)\u003c/code\u003e directive to customize field names without requiring GraphQL aliases (fixes \u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/367\"\u003e#367\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eauto_camel_case\u003c/code\u003e config option to automatically convert snake_case to camelCase in both field names and type names\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efixed path resolution on Windows\u003c/li\u003e\n\u003cli\u003efixed documentation link in \u003ccode\u003eintroduction.md\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eupgraded version of alexflint/go-arg from 1.4.2 to 1.5.1\u003c/li\u003e\n\u003cli\u003efixed a typo in the struct + fragment error message\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003cp\u003eThis release adds support for genqlient subscriptions; see the \u003ca href=\"https://github.com/Khan/genqlient/blob/HEAD/subscriptions.md\"\u003edocumentation\u003c/a\u003e for more, and thanks to \u003ca href=\"https://github.com/matthieu4294967296moineau\"\u003e\u003ccode\u003e@​matthieu4294967296moineau\u003c/code\u003e\u003c/a\u003e for the original implementation and \u003ca href=\"https://github.com/HaraldNordgren\"\u003e\u003ccode\u003e@​HaraldNordgren\u003c/code\u003e\u003c/a\u003e for additional testing and improvements.\u003c/p\u003e\n\u003cp\u003eNote that genqlient now requires Go 1.22.5 or higher, and is tested through Go 1.23.3.\u003c/p\u003e\n\u003ch3\u003eBreaking changes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egenqlient now forbids \u003ccode\u003eomitempty: false\u003c/code\u003e (including implicit behaviour) when using pointer on non-null input field.\u003c/li\u003e\n\u003cli\u003eThe error text for HTTP errors has changed slightly. If you were parsing it, switch to \u003ca href=\"https://github.com/Khan/genqlient/blob/HEAD/client_config.md#handling-errors\"\u003e\u003ccode\u003eAs\u003c/code\u003e-ing to \u003ccode\u003egraphql.HTTPError\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew features:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egenqlient now supports subscriptions; the websocket protocol is by default \u003ccode\u003egraphql-transport-ws\u003c/code\u003e but can be set to another value.\u003cbr /\u003e\nSee the \u003ca href=\"https://github.com/Khan/genqlient/blob/HEAD/subscriptions.md\"\u003edocumentation\u003c/a\u003e for more details on how to use subscriptions.\u003c/li\u003e\n\u003cli\u003egenqlient now supports double-star globs for schema and query files; see \u003ca href=\"https://github.com/Khan/genqlient/blob/HEAD/genqlient.yaml\"\u003e\u003ccode\u003ehttps://github.com/Khan/genqlient/blob/HEAD/genqlient.yaml\u003c/code\u003e docs\u003c/a\u003e for more.\u003c/li\u003e\n\u003cli\u003egenqlient now generates slices containing all enum values for each enum type.\u003c/li\u003e\n\u003cli\u003egenqlient now returns \u003ccode\u003eIs\u003c/code\u003e/\u003ccode\u003eAs\u003c/code\u003e-able errors when the HTTP request returns a non-200 status.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eomitempty validation:\n\u003cul\u003e\n\u003cli\u003eallow \u003ccode\u003eomitempty\u003c/code\u003e on non-nullable input field, if the field has a default\u003c/li\u003e\n\u003cli\u003eallow \u003ccode\u003eomitempty: false\u003c/code\u003e on an input field, even when it is non-nullable\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edon't do \u003ccode\u003eomitempty\u003c/code\u003e and \u003ccode\u003epointer\u003c/code\u003e input types validation when \u003ccode\u003euse_struct_reference\u003c/code\u003e is used, as the generated type is often not compatible with validation logic.\u003c/li\u003e\n\u003cli\u003ethe \u003ccode\u003eallow_broken_features\u003c/code\u003e option, which no longer did anything, has been removed\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Khan/genqlient/blob/main/docs/CHANGELOG.md\"\u003egithub.com/Khan/genqlient's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.1\u003c/h2\u003e\n\u003cp\u003eThis release fixes a bug introduced in v0.8.0 breaking path resolution on Windows, along with some other small features and bugs.\u003c/p\u003e\n\u003ch3\u003eNew features:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e@genqlient(alias)\u003c/code\u003e directive to customize field names without requiring GraphQL aliases (fixes \u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/367\"\u003e#367\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eauto_camel_case\u003c/code\u003e config option to automatically convert snake_case to camelCase in both field names and type names\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efixed path resolution on Windows\u003c/li\u003e\n\u003cli\u003efixed documentation link in \u003ccode\u003eintroduction.md\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eupgraded version of alexflint/go-arg from 1.4.2 to 1.5.1\u003c/li\u003e\n\u003cli\u003efixed a typo in the struct + fragment error message\u003c/li\u003e\n\u003cli\u003eavoid error when a subscription message is received without a subscription ID\u003c/li\u003e\n\u003cli\u003eavoid closing subscription channels more than once, which could cause a panic in some cases\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003cp\u003eThis release adds support for genqlient subscriptions; see the \u003ca href=\"https://github.com/Khan/genqlient/blob/main/docs/subscriptions.md\"\u003edocumentation\u003c/a\u003e for more, and thanks to \u003ca href=\"https://github.com/matthieu4294967296moineau\"\u003e\u003ccode\u003e@​matthieu4294967296moineau\u003c/code\u003e\u003c/a\u003e for the original implementation and \u003ca href=\"https://github.com/HaraldNordgren\"\u003e\u003ccode\u003e@​HaraldNordgren\u003c/code\u003e\u003c/a\u003e for additional testing and improvements.\u003c/p\u003e\n\u003cp\u003eNote that genqlient now requires Go 1.22.5 or higher, and is tested through Go 1.23.3.\u003c/p\u003e\n\u003ch3\u003eBreaking changes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egenqlient now forbids \u003ccode\u003eomitempty: false\u003c/code\u003e (including implicit behaviour) when using pointer on non-null input field.\u003c/li\u003e\n\u003cli\u003eThe error text for HTTP errors has changed slightly. If you were parsing it, switch to \u003ca href=\"https://github.com/Khan/genqlient/blob/main/docs/client_config.md#handling-errors\"\u003e\u003ccode\u003eAs\u003c/code\u003e-ing to \u003ccode\u003egraphql.HTTPError\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew features:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egenqlient now supports subscriptions; the websocket protocol is by default \u003ccode\u003egraphql-transport-ws\u003c/code\u003e but can be set to another value.\nSee the \u003ca href=\"https://github.com/Khan/genqlient/blob/main/docs/subscriptions.md\"\u003edocumentation\u003c/a\u003e for more details on how to use subscriptions.\u003c/li\u003e\n\u003cli\u003egenqlient now supports double-star globs for schema and query files; see \u003ca href=\"https://github.com/Khan/genqlient/blob/main/docs/genqlient.yaml\"\u003e\u003ccode\u003ehttps://github.com/Khan/genqlient/blob/main/docs/genqlient.yaml\u003c/code\u003e docs\u003c/a\u003e for more.\u003c/li\u003e\n\u003cli\u003egenqlient now generates slices containing all enum values for each enum type.\u003c/li\u003e\n\u003cli\u003egenqlient now returns \u003ccode\u003eIs\u003c/code\u003e/\u003ccode\u003eAs\u003c/code\u003e-able errors when the HTTP request returns a non-200 status.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eomitempty validation:\n\u003cul\u003e\n\u003cli\u003eallow \u003ccode\u003eomitempty\u003c/code\u003e on non-nullable input field, if the field has a default\u003c/li\u003e\n\u003cli\u003eallow \u003ccode\u003eomitempty: false\u003c/code\u003e on an input field, even when it is non-nullable\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edon't do \u003ccode\u003eomitempty\u003c/code\u003e and \u003ccode\u003epointer\u003c/code\u003e input types validation when \u003ccode\u003euse_struct_reference\u003c/code\u003e is used, as the generated type is often not compatible with validation logic.\u003c/li\u003e\n\u003cli\u003ethe \u003ccode\u003eallow_broken_features\u003c/code\u003e option, which no longer did anything, has been removed\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/6309a6ef5f325d254be1a91756b56fd9ec5441a3\"\u003e\u003ccode\u003e6309a6e\u003c/code\u003e\u003c/a\u003e Release v0.8.1 (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/381\"\u003e#381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/ad1db8f531b790837fe52947d8e5527752821d9f\"\u003e\u003ccode\u003ead1db8f\u003c/code\u003e\u003c/a\u003e Fix typo frragment -\u0026gt; fragment (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/380\"\u003e#380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/e2e0ef0ffa068f8abdfa61c737ed7c23dc70500f\"\u003e\u003ccode\u003ee2e0ef0\u003c/code\u003e\u003c/a\u003e Auto snake case (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/377\"\u003e#377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/bc17161536c0b61b8ed24bfb955a7d16caeec692\"\u003e\u003ccode\u003ebc17161\u003c/code\u003e\u003c/a\u003e Add field aliasing (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/376\"\u003e#376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/86db6f08b9de0db041beae947bb2e6f9b02d2748\"\u003e\u003ccode\u003e86db6f0\u003c/code\u003e\u003c/a\u003e chore: upgrade alexflint/go-arg (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/375\"\u003e#375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/3a0d213034f77f0523632d1627b239c5a59888ce\"\u003e\u003ccode\u003e3a0d213\u003c/code\u003e\u003c/a\u003e Matching in genqlient by Normalizing Paths (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/373\"\u003e#373\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/63893acf8f44252a5d074757821e5ae4ce965fc4\"\u003e\u003ccode\u003e63893ac\u003c/code\u003e\u003c/a\u003e Fix link in introduction.md (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/78a03a6c6df684eba7233c8efc9ffb9d4ffdfcea\"\u003e\u003ccode\u003e78a03a6\u003c/code\u003e\u003c/a\u003e Release v0.8.0 (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/8ba2f831316f9d31e059bfafb856bdff7f2196ab\"\u003e\u003ccode\u003e8ba2f83\u003c/code\u003e\u003c/a\u003e Fix documentation for client error As-ability, and add tests (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/369\"\u003e#369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/6010b636967a16fed1058591b70899b3608fb2cb\"\u003e\u003ccode\u003e6010b63\u003c/code\u003e\u003c/a\u003e HTTPError wraps full Response for typed output (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/366\"\u003e#366\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Khan/genqlient/compare/v0.7.0...v0.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/a-h/templ` from 0.2.543 to 0.3.1001\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/a-h/templ/releases\"\u003egithub.com/a-h/templ's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.3.1001\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e2c505c0 chore: add unit test to cover recent fix\u003c/li\u003e\n\u003cli\u003e4233429 chore: bump compiler to Go 1.26\u003c/li\u003e\n\u003cli\u003e1b9a429 chore: bump deps in fiber example\u003c/li\u003e\n\u003cli\u003e54981db chore: bump docusaurus version\u003c/li\u003e\n\u003cli\u003ee606c30 chore: bump flake builder\u003c/li\u003e\n\u003cli\u003e66bc28b chore: bump gofiber example deps\u003c/li\u003e\n\u003cli\u003e95f88a6 chore: bump to Go 1.25, update csrf example\u003c/li\u003e\n\u003cli\u003e916a243 chore: bump version\u003c/li\u003e\n\u003cli\u003e45dda73 chore: fix test broken by merge\u003c/li\u003e\n\u003cli\u003e5ddd784 chore: revert Nix bump to Go 1.26 because it breaks the golangci-lint package\u003c/li\u003e\n\u003cli\u003e4037d8a feat: add Range to BoolConstantAttribute nodes (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1340\"\u003e#1340\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eafb0034 feat: add Range to BooleanExpressionAttribute nodes (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1336\"\u003e#1336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec80f745 feat: add Range to ChildrenExpression nodes (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1337\"\u003e#1337\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb0f5243 feat: add Range to ConditionalAttribute nodes (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1338\"\u003e#1338\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e60fc376 feat: add Range to ConstantAttribute nodes (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1341\"\u003e#1341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb4e809e feat: add Range to SpreadAttributes nodes (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1335\"\u003e#1335\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5824d4b feat: add TLS support to live reload proxy (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1345\"\u003e#1345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ee9a940b feat: strip space from CSS classname rendering, closes \u003ca href=\"https://redirect.github.com/a-h/templ/issues/1074\"\u003e#1074\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1346\"\u003e#1346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebdda41e fix: don't remove unaliased hyphenated imports if they're used (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1342\"\u003e#1342\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec2ff8bb fix: issue 1253 (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecf6235a fix: proxy escaping characters (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1321\"\u003e#1321\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ed97730c fix: support nushell for prettier, fixes \u003ca href=\"https://redirect.github.com/a-h/templ/issues/1266\"\u003e#1266\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1343\"\u003e#1343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb666bd7 fix: undefined variable in proxy test range loop (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1324\"\u003e#1324\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebe8271d refactor: skip some more tests that require prettier\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.3.977\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ee269629 chore: bump nix dependencies\u003c/li\u003e\n\u003cli\u003ee16061b chore: bump npm docs (npm audit fix)\u003c/li\u003e\n\u003cli\u003eacc6444 chore: bump versions in examples\u003c/li\u003e\n\u003cli\u003e54b3856 chore: fix broken unit test\u003c/li\u003e\n\u003cli\u003e8662cdb feat(proxy): flush streamed html (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1271\"\u003e#1271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edc31b64 feat: add Range to DocType nodes (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1302\"\u003e#1302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebe9d6c9 feat: add Range to Whitespace nodes (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1301\"\u003e#1301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ea74cfa9 feat: add prettier to templ info command\u003c/li\u003e\n\u003cli\u003e0d69ba4 feat: add support for \u0026quot;fallthrough\u0026quot; in case statements (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1289\"\u003e#1289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ea7df818 fix: LSP diagnostics on Windows (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1274\"\u003e#1274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e40d2b42 fix: LSP proxy SourceMapCache should not store nil SourceMaps (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1294\"\u003e#1294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e25dc2ce fix: normalize leading whitespaces in multiline go code (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1305\"\u003e#1305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e7be7dd6 fix: prevent templ fmt from adding whitespace to blank lines in inline functions (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1287\"\u003e#1287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e554eab8 fix: wait for proxy to be ready upon restart (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1299\"\u003e#1299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.3.960\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e7a75104 chore: bump version\u003c/li\u003e\n\u003cli\u003e8b51dc9 chore: bump version\u003c/li\u003e\n\u003cli\u003e336ca10 chore: bump version\u003c/li\u003e\n\u003cli\u003eb75203b chore: fix ensure generated\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/5ddd784440b232930161d76c7ca85d922fdcf183\"\u003e\u003ccode\u003e5ddd784\u003c/code\u003e\u003c/a\u003e chore: revert Nix bump to Go 1.26 because it breaks the golangci-lint package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/66bc28ba98f86760cb4bf6b4bf053712b078cdac\"\u003e\u003ccode\u003e66bc28b\u003c/code\u003e\u003c/a\u003e chore: bump gofiber example deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/4233429a642783b86210bb4dcdd96a1e3f85805b\"\u003e\u003ccode\u003e4233429\u003c/code\u003e\u003c/a\u003e chore: bump compiler to Go 1.26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/45dda7376a22bd23ccf0a06938205fd4d707584a\"\u003e\u003ccode\u003e45dda73\u003c/code\u003e\u003c/a\u003e chore: fix test broken by merge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/916a24376495584474b2fb93a92e11a64c8ac929\"\u003e\u003ccode\u003e916a243\u003c/code\u003e\u003c/a\u003e chore: bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/d97730c370b9f8961590feb60ed0b50af997ae62\"\u003e\u003ccode\u003ed97730c\u003c/code\u003e\u003c/a\u003e fix: support nushell for prettier, fixes \u003ca href=\"https://redirect.github.com/a-h/templ/issues/1266\"\u003e#1266\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1343\"\u003e#1343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/c2ff8bbb347008e470f5fbb7e9f5a793a8196b4e\"\u003e\u003ccode\u003ec2ff8bb\u003c/code\u003e\u003c/a\u003e fix: issue 1253 (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/5824d4b54de71e8f2bb183171f873a263cc7ed19\"\u003e\u003ccode\u003e5824d4b\u003c/code\u003e\u003c/a\u003e feat: add TLS support to live reload proxy (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1345\"\u003e#1345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/be8271d5c7d5a1d2d8f6bd18317fe2ba68d55a00\"\u003e\u003ccode\u003ebe8271d\u003c/code\u003e\u003c/a\u003e refactor: skip some more tests that require prettier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/e9a940b9a9c5dacc7fe721fe815df9c4c5371053\"\u003e\u003ccode\u003ee9a940b\u003c/code\u003e\u003c/a\u003e feat: strip space from CSS classname rendering, closes \u003ca href=\"https://redirect.github.com/a-h/templ/issues/1074\"\u003e#1074\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1346\"\u003e#1346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/a-h/templ/compare/v0.2.543...v0.3.1001\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/adrg/xdg` from 0.4.0 to 0.5.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/adrg/xdg/releases\"\u003egithub.com/adrg/xdg's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.3\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003exdg.SearchRuntimeFile\u003c/code\u003e to also look in the operating system's temporary directory for runtime files.\nThis covers unlikely cases in which runtime files cannot be written relative to the base runtime directory either because it does not exist or it is not accessible, so \u003ccode\u003exdg.RuntimeFile\u003c/code\u003e suggests the operating system's temporary directory as a suitable fallback location.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved package testing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.2\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated logic of \u003ccode\u003exdg.RuntimeFile\u003c/code\u003e: due to the special nature of the \u003ccode\u003eruntime directory\u003c/code\u003e, the function no longer attempts to create it if it does not exist. If that's the case, the function uses the operating system's \u003ccode\u003etemporary directory\u003c/code\u003e as a fallback. The function still creates subdirectories relative to the base runtime directory or its fallback.\u003c/p\u003e\n\u003cp\u003eJustification: the creation of the runtime directory is not in the scope of this package as it has special requirements defined by the \u003ca href=\"https://specifications.freedesktop.org/basedir-spec/latest\"\u003eXDG Base Directory Specification\u003c/a\u003e. Relevant excerpt:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eThe lifetime of the directory MUST be bound to the user being logged in. It MUST be created  when the user first logs in and if the user fully logs out the directory MUST be removed. If the user logs in more than once they should get pointed to the same directory, and it is mandatory that the directory continues to exist from their first login to their last logout on the system, and not removed in between. Files in the directory MUST not survive reboot or a full logout/login cycle.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eAlso, on \u003ccode\u003eLinux\u003c/code\u003e, the parent directories of the default user runtime directory are owned by the root user so they cannot be created by a regular user. \u003ca href=\"https://www.freedesktop.org/software/systemd/man/latest/pam_systemd.html\"\u003epam_systemd\u003c/a\u003e is usually responsible for creating the runtime directory (\u003ccode\u003e/run/user/$UID\u003c/code\u003e).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for the non-standard \u003ccode\u003eXDG_BIN_HOME\u003c/code\u003e base directory.\nSee \u003ca href=\"https://github.com/adrg/xdg?tab=readme-ov-file#xdg-base-directory\"\u003eXDG base directories\u003c/a\u003e README section for more details.\u003c/li\u003e\n\u003cli\u003eAdded more config and data search locations on \u003ccode\u003emacOS\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e~/.config\u003c/code\u003e at the end of the list of default locations for \u003ccode\u003eXDG_CONFIG_DIRS\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003e~/.local/share\u003c/code\u003e at the end of the list of default locations for \u003ccode\u003eXDG_DATA_DIRS\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdded more application search locations on \u003ccode\u003eWindows\u003c/code\u003e:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e%ProgramFiles%\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e%ProgramFiles%\\Common Files\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e%LOCALAPPDATA%\\Programs\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e%LOCALAPPDATA%\\Programs\\Common\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003egolang.org/x/sys\u003c/code\u003e dependency to the latest version.\u003c/li\u003e\n\u003cli\u003eImproved package testing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.0\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003euser-dirs.dirs\u003c/code\u003e config file is now parsed on Unix-like operating systems (except for macOS and Plan 9).\nSee \u003ca href=\"https://github.com/adrg/xdg?tab=readme-ov-file#xdg-user-directories\"\u003eXDG user directories\u003c/a\u003e README section for more details.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003egolang.org/x/sys\u003c/code\u003e dependency to the latest version.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eInternal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eMoved all path related functionality in internal \u003ccode\u003epathutil\u003c/code\u003e package.\u003c/li\u003e\n\u003cli\u003eAdded internal \u003ccode\u003euserdirs\u003c/code\u003e package:\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003exdg.UserDirectories\u003c/code\u003e to \u003ccode\u003euserdirs.Directories\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAdded parsing functions for \u003ccode\u003euser-dirs.dirs\u003c/code\u003e config file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eImproved package testing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/aa865a51a1b35fd06925fd6b8604991e79e3167e\"\u003e\u003ccode\u003eaa865a5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/adrg/xdg/issues/101\"\u003e#101\u003c/a\u003e from adrg/update-search-runtime-file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/71a81eccf3e9ac9ebf03e8c11ca3ed60a06eac7f\"\u003e\u003ccode\u003e71a81ec\u003c/code\u003e\u003c/a\u003e Minor xdg.SearchRuntimeFile function documentation update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/88111eba52ac2a211b97194266db5207c975c266\"\u003e\u003ccode\u003e88111eb\u003c/code\u003e\u003c/a\u003e Minor example update in README.md and doc.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/d9f76be86d944bf2b9bdb8544952111e2533f3ad\"\u003e\u003ccode\u003ed9f76be\u003c/code\u003e\u003c/a\u003e Improve non-existent runtime directory test case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/800775a49c0a7877af5dca22104b90dc7e788cd0\"\u003e\u003ccode\u003e800775a\u003c/code\u003e\u003c/a\u003e Update xdg.SearchRuntimeFile to also look in temporary directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/2335a687b19a49dafb193856d64d911d33c4b3c1\"\u003e\u003ccode\u003e2335a68\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/adrg/xdg/issues/99\"\u003e#99\u003c/a\u003e from adrg/improve-runtime-file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/221e50698e5b31d277289e971f645299279efdd5\"\u003e\u003ccode\u003e221e506\u003c/code\u003e\u003c/a\u003e Minor non-existent runtime directory test case fix on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/9bbb6024b2e9ee213bbed1f63ae8ea6063767d5b\"\u003e\u003ccode\u003e9bbb602\u003c/code\u003e\u003c/a\u003e Minor error format improvement in pathutil.Create and pathutil.Search\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/987b3ce5c440036b799a21a633a699be91530d0a\"\u003e\u003ccode\u003e987b3ce\u003c/code\u003e\u003c/a\u003e Minor README.md update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/3c39d559725cf005c392630100f4f338b49daf24\"\u003e\u003ccode\u003e3c39d55\u003c/code\u003e\u003c/a\u003e Add non-existent runtime directory test case\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/adrg/xdg/compare/v0.4.0...v0.5.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/charmbracelet/bubbletea` from 0.25.0 to 1.3.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/charmbracelet/bubbletea/releases\"\u003egithub.com/charmbracelet/bubbletea's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.10\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e9edf69c677c7353eca5fae6d3ea3986af39717b7: fix: handle setWindowTitleMsg and windowSizeMsg in eventLoop (\u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003eThoughts? Questions? We love hearing from you. Feel free to reach out on \u003ca href=\"https://x.com/charmcli\"\u003eX\u003c/a\u003e, \u003ca href=\"https://charm.land/discord\"\u003eDiscord\u003c/a\u003e, \u003ca href=\"https://charm.land/slack\"\u003eSlack\u003c/a\u003e, \u003ca href=\"https://mastodon.social/@charmcli\"\u003eThe Fediverse\u003c/a\u003e, \u003ca href=\"https://bsky.app/profile/charm.land\"\u003eBluesky\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev1.3.9\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eNew Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e314b50c7b452fd737d28582ae9d27c04ea725001: feat: properly call nested sequenceMsg and batchMsg (\u003ca href=\"https://github.com/wolfmagnate\"\u003e\u003ccode\u003e@​wolfmagnate\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e9e0e8f0df1c55044ed04bd17f4b460e01e94dc9c: fix: recover from nested panics in Sequence and Batch commands (\u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther work\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e6e1282a76358cb680de9d4de7520f9f99c9e2903: add example for the nested Sequence and Batch (\u003ca href=\"https://github.com/wolfmagnate\"\u003e\u003ccode\u003e@​wolfmagnate\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e0290af4a499ee6a3e22822cebe1e74fdeac313be: simplify case for BatchMsg (\u003ca href=\"https://github.com/wolfmagnate\"\u003e\u003ccode\u003e@​wolfmagnate\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003eThoughts? Questions? We love hearing from you. Feel free to reach out on \u003ca href=\"https://twitter.com/charmcli\"\u003eTwitter\u003c/a\u003e, \u003ca href=\"https://charm.land/discord\"\u003eDiscord\u003c/a\u003e, \u003ca href=\"https://charm.land/slack\"\u003eSlack\u003c/a\u003e, \u003ca href=\"https://mastodon.technology/@charm\"\u003eThe Fediverse\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev1.3.8\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e21eecd586367fd0cd78da6842c48f9c4b1185b6f: fix: send batch commands to cmds channel instead of executing them in event loop (\u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/1473\"\u003e#1473\u003c/a\u003e) (\u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003eThoughts? Questions? We love hearing from you. Feel free to reach out on \u003ca href=\"https://twitter.com/charmcli\"\u003eTwitter\u003c/a\u003e, \u003ca href=\"https://charm.land/discord\"\u003eDiscord\u003c/a\u003e, \u003ca href=\"https://charm.land/slack\"\u003eSlack\u003c/a\u003e, \u003ca href=\"https://mastodon.technology/@charm\"\u003eThe Fediverse\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev1.3.7\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e28ab4f41b29fef14d900c46a4873a45891a9ee9b: fix(renderer): properly reset cursor position to start of line (\u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/1472\"\u003e#1472\u003c/a\u003e) (\u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec76509a9d4974207cd66255707d14f4f938f7f52: fix: compact sequences like batches (\u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/958\"\u003e#958\u003c/a\u003e) (\u003ca href=\"https://github.com/jdhenke\"\u003e\u003ccode\u003e@​jdhenke\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ef5da8d068af74764b271a197de54e2bc2bfedb38: fix: handle nested SequenceMsg in event loop and use sync.WaitGroup f… (\u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/1463\"\u003e#1463\u003c/a\u003e) (\u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e80ea844a7650c84e13958de14cdd4f63ac1775aa: fix: lint issues in key_windows.go and tty_windows.go (\u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ec3136ed49037a096fe05c6cb16f0a14a38e20c58: docs(license): update copyright date range (\u003ca href=\"https://github.com/meowgorithm\"\u003e\u003ccode\u003e@​meowgorithm\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e919805f8f0d134af7e3569b0054c13b561976dfa: docs(readme): update footer art (\u003ca href=\"https://github.com/meowgorithm\"\u003e\u003ccode\u003e@​meowgorithm\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ef01583bb899e125c7a26d3b870eff585ec0f4816: docs: show the correct branch in the build badge (\u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther work\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/9edf69c677c7353eca5fae6d3ea3986af39717b7\"\u003e\u003ccode\u003e9edf69c\u003c/code\u003e\u003c/a\u003e fix: handle setWindowTitleMsg and windowSizeMsg in eventLoop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/31c0299982a8237acc35979ce07f25f441c62cd6\"\u003e\u003ccode\u003e31c0299\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/lucasb-eyer/go-colorful (\u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/1496\"\u003e#1496\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/ffa05021909e14c478cbe138ca78effbea04e4e0\"\u003e\u003ccode\u003effa0502\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/848\"\u003e#848\u003c/a\u003e from wolfmagnate/fix-nested-cmd-order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/9e0e8f0df1c55044ed04bd17f4b460e01e94dc9c\"\u003e\u003ccode\u003e9e0e8f0\u003c/code\u003e\u003c/a\u003e fix: recover from nested panics in Sequence and Batch commands\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/0966c3a140902959f86223eb4092bb52a74e8c96\"\u003e\u003ccode\u003e0966c3a\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix-nested-cmd-order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/21eecd586367fd0cd78da6842c48f9c4b1185b6f\"\u003e\u003ccode\u003e21eecd5\u003c/code\u003e\u003c/a\u003e fix: send batch commands to cmds channel instead of executing them in event l...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/9aae1f0a1bce0226c058b969f8f13f40bf012a69\"\u003e\u003ccode\u003e9aae1f0\u003c/code\u003e\u003c/a\u003e chore(examples): go mod tidy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/41f39959f2617a5cba6530608690e98c682c4439\"\u003e\u003ccode\u003e41f3995\u003c/code\u003e\u003c/a\u003e chore(deps): bump golang.org/x/sys in the all group (\u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/1492\"\u003e#1492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/3da2d282196bb732a8b80a373318d73f29b6bb55\"\u003e\u003ccode\u003e3da2d28\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/setup-go from 5 to 6 in the all group (\u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/1491\"\u003e#1491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/28ab4f41b29fef14d900c46a4873a45891a9ee9b\"\u003e\u003ccode\u003e28ab4f4\u003c/code\u003e\u003c/a\u003e fix(renderer): properly reset cursor position to start of line (\u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/1472\"\u003e#1472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/charmbracelet/bubbletea/compare/v0.25.0...v1.3.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/charmbracelet/lipgloss` from 0.10.0 to 1.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/charmbracelet/lipgloss/releases\"\u003egithub.com/charmbracelet/lipgloss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003ch2\u003eTables, Improved\u003c/h2\u003e\n\u003cp\u003eIn this release, the inimitable \u003ca href=\"https://github.com/andreynering\"\u003e\u003ccode\u003e@​andreynering\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/bashbunni\"\u003e\u003ccode\u003e@​bashbunni\u003c/code\u003e\u003c/a\u003e majorly overhauled on the table sizing and content wrapping algorithms. Tables will now be much smarter on deciding the ideal width of each column, and contents now wraps by default inside cells.\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// Table content wraps by default.\r\nt := table.New().\r\n    Headers(someHeaders...).\r\n    Rows(someRows...).\r\n    Width(80)\r\n\u003cp\u003efmt.Println(t)\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// Actually, let's not wrap the content.\r\nt := table.New().\r\n    Headers(someHeaders...).\r\n    Rows(someRows...).\r\n    Width(80).\r\n    Wrap(false)\r\n\r\nfmt.Println(t)\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eNew Border Styles\u003c/h2\u003e\n\u003cp\u003eAlso, we added two new border styles that you can use to generate tables in Markdown and ASCII styles.\u003c/p\u003e\n\u003ch3\u003eMarkdown Tables\u003c/h3\u003e\n\u003cp\u003eTo render tables correctly for Markdown you'll want to use \u003ca href=\"https://pkg.go.dev/github.com/charmbracelet/lipgloss@v1.1.0#MarkdownBorder\"\u003e\u003ccode\u003elipgloss.MarkdownBorder\u003c/code\u003e\u003c/a\u003e \u003cem\u003eand\u003c/em\u003e disable the top and bottom borders.\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003et := table.New().\r\n    Headers(someHeaders...).\r\n    Rows(someRows).\r\n    Border(lipgloss.MarkdownBorder()).\r\n    BorderTop(false).\r\n    BorderBottom(false)\r\n\u003cp\u003efmt.Println(t)\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/f0e45475a64ee60d712b81145172d3739db36a93\"\u003e\u003ccode\u003ef0e4547\u003c/code\u003e\u003c/a\u003e chore: fix lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/fb0d75756388d327a7d6f3721c83d6e122aee6f2\"\u003e\u003ccode\u003efb0d757\u003c/code\u003e\u003c/a\u003e chore(taskfile): delete \u003ccode\u003elint:all\u003c/code\u003e and \u003ccode\u003elint:soft\u003c/code\u003e tasks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/1209cf0750c629e5e4d5f3fe99bf8fc3454733b1\"\u003e\u003ccode\u003e1209cf0\u003c/code\u003e\u003c/a\u003e ci: sync golangci-lint config (\u003ca href=\"https://redirect.github.com/charmbracelet/lipgloss/issues/490\"\u003e#490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/c454a0adaafcf9ff18704e8b27aa8fe4a2d22026\"\u003e\u003ccode\u003ec454a0a\u003c/code\u003e\u003c/a\u003e feat(tables): add markdown and ascii border style for tables (\u003ca href=\"https://redirect.github.com/charmbracelet/lipgloss/issues/480\"\u003e#480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/341996d8a0782447c845154288e42d7f50baf27b\"\u003e\u003ccode\u003e341996d\u003c/code\u003e\u003c/a\u003e chore: update \u003ccode\u003echarmbracelet/x/cellbuf\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/1f1209e8be34adf156ed35bed6aded58410f071b\"\u003e\u003ccode\u003e1f1209e\u003c/code\u003e\u003c/a\u003e feat(table): use cellbuf to preserve styles for wrapped content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/2aa2eb0349ddb873dcd4548a642cc3b3e6809d90\"\u003e\u003ccode\u003e2aa2eb0\u003c/code\u003e\u003c/a\u003e test(table): test wrapping cell styles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/9500f10a6b9145b4d3ed9b317ad952ca162dbde3\"\u003e\u003ccode\u003e9500f10\u003c/code\u003e\u003c/a\u003e fix(table): ensure we're passing the right row index to \u003ccode\u003estyleFunc\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/7b191c57d42d0bb7e73873719ad5d572aced14ec\"\u003e\u003ccode\u003e7b191c5\u003c/code\u003e\u003c/a\u003e fix(test): make table wrapping tests use golden files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/9cfb7dd7998c648cbe502b96bac83ddb8ca2a38c\"\u003e\u003ccode\u003e9cfb7dd\u003c/code\u003e\u003c/a\u003e test(table): check truncation logic for overflow and nowrap\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/charmbracelet/lipgloss/compare/v0.10.0...v1.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/console` from 1.0.4 to 1.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/console/releases\"\u003egithub.com/containerd/console's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add solaris to non-supported shim. by \u003ca href=\"https://github.com/jperkin\"\u003e\u003ccode\u003e@​jperkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/console/pull/84\"\u003econtainerd/console#84\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epty: add GetPtyFromFile as safer GetPty by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/console/pull/86\"\u003econtainerd/console#86\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jperkin\"\u003e\u003ccode\u003e@​jperkin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containerd/console/pull/84\"\u003econtainerd/console#84\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containerd/console/pull/86\"\u003econtainerd/console#86\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/containerd/console/compare/v1.0.4...v1.0.5\"\u003ehttps://github.com/containerd/console/compare/v1.0.4...v1.0.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/console/commit/c8d962180f543ac07c008ecc79a413406ea10c0b\"\u003e\u003ccode\u003ec8d9621\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/console/issues/86\"\u003e#86\u003c/a\u003e from cyphar/newpty-from-file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/console/commit/fa4de4c0aec0e866904828dbb2c5a1383dd56bd3\"\u003e\u003ccode\u003efa4de4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/console/issues/84\"\u003e#84\u003c/a\u003e from jperkin/fix-solaris\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/console/commit/c79e45e6b8addceef7d8bb3c96809bd7f0ed4433\"\u003e\u003ccode\u003ec79e45e\u003c/code\u003e\u003c/a\u003e pty: add GetPtyFromFile as safer GetPty\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/console/commit/12ba7453ffca933d433261ec89cbb9b97974567a\"\u003e\u003ccode\u003e12ba745\u003c/code\u003e\u003c/a\u003e tc: make internal handlers take File interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/console/commit/9dd67e11b32547c0e9e9bdb9c593ca008b9177c1\"\u003e\u003ccode\u003e9dd67e1\u003c/code\u003e\u003c/a\u003e gha: bump containerd/project-checks to v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/console/commit/37ae7bbd2fb26e22e74a2c9431eb1ad61d274fdf\"\u003e\u003ccode\u003e37ae7bb\u003c/code\u003e\u003c/a\u003e fix: add solaris to non-supported shim.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containerd/console/compare/v1.0.4...v1.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.7.15 to 1.7.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.30\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.30 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirtieth patch release for containerd 1.7 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix NRI dropping requested CDI devices silently\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRedact all query parameters in CRI error logs\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12551\"\u003e#12551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.4\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12619\"\u003e#12619\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eMike Brown\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eAndrey Noskov\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eDavanum Srinivas\u003c/li\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eKrisztian Litkey\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for v1.7.30 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12652\"\u003e#12652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d2e\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix NRI dropping requested CDI devices silently (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f47e\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003escript/setup/install-cni: install CNI plugins v1.9.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12660\"\u003e#12660\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b562\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ego.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12640\"\u003e#12640\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b47\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd2224\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/71c1c8666c6a999cc8c319160b6b2ea38c4a2c9e\"\u003e\u003ccode\u003e71c1c86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12652\"\u003e#12652\u003c/a\u003e from dmcgowan/prepare-1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a8ce78b8eb3e4b5c6eca0cc4d5a5706288bc5184\"\u003e\u003ccode\u003ea8ce78b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12650\"\u003e#12650\u003c/a\u003e from klihub/fixes/1.7.x/nri-cdi-device-injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ba2b3a20c5101cabe91768d9360b1f0b7055f492\"\u003e\u003ccode\u003eba2b3a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12660\"\u003e#12660\u003c/a\u003e from AkihiroSuda/cni-1.9.0-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f4\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b5\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3b655c21e08e51cbd81d353cdcfc7a1d722ea322\"\u003e\u003ccode\u003e3b655c2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12640\"\u003e#12640\u003c/a\u003e from AkihiroSuda/dev-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd22\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ee49d1747c357cd45119750d4db464f957f4d793\"\u003e\u003ccode\u003eee49d17\u003c/code\u003e\u003c/a\u003e Update Go requirements in BUILDING\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.15...v1.7.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/continuity` from 0.4.3 to 0.4.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/continuity/releases\"\u003egithub.com/containerd/continuity's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.4.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eupdate golangci-lint to vl.55.0 by \u003ca href=\"https://github.com/henry118\"\u003e\u003ccode\u003e@​henry118\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/233\"\u003econtainerd/continuity#233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efs: add DiffDirChanges function to get changeset fast by \u003ca href=\"https://github.com/fuweid\"\u003e\u003ccode\u003e@​fuweid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/145\"\u003econtainerd/continuity#145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esupport filesystem magic for linux by \u003ca href=\"https://github.com/yylt\"\u003e\u003ccode\u003e@​yylt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/239\"\u003econtainerd/continuity#239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/protobuf from 1.26.0 to 1.33.0 in /cmd/continuity by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/237\"\u003econtainerd/continuity#237\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/protobuf from 1.26.0 to 1.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/238\"\u003econtainerd/continuity#238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efs: implement Atime for Windows by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/241\"\u003econtainerd/continuity#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix TestDiffDirChangeWithOverlayfs (also updates the CI to use Ubuntu 24.04) by \u003ca href=\"https://github.com/AkihiroSuda\"\u003e\u003ccode\u003e@​AkihiroSuda\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/249\"\u003econtainerd/continuity#249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eswitch to github.com/containerd/log module by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/243\"\u003econtainerd/continuity#243\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egha: run CI on go1.22 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/242\"\u003econtainerd/continuity#242\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: prune indirect gopkg.in/yaml.v3 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/250\"\u003econtainerd/continuity#250\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egha: update CodeQL action to v3, run on go1.22 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/251\"\u003econtainerd/continuity#251\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efs: properly handle ENOTSUP in copyXAttrs by \u003ca href=\"https://github.com/sondavidb\"\u003e\u003ccode\u003e@​sondavidb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/245\"\u003econtainerd/continuity#245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego-fix: remove pre-go1.17 build-tags by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/252\"\u003econtainerd/continuity#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ekind.String(): fix missing case statements for iota consts in switch by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/256\"\u003econtainerd/continuity#256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecmd/continuity/commands: MountCmd: remove macOS remnants by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/254\"\u003econtainerd/continuity#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: bump up by \u003ca href=\"https://github.com/AkihiroSuda\"\u003e\u003ccode\u003e@​AkihiroSuda\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/257\"\u003econtainerd/continuity#257\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yylt\"\u003e\u003ccode\u003e@​yylt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/239\"\u003econtainerd/continuity#239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/237\"\u003econtainerd/continuity#237\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sondavidb\"\u003e\u003ccode\u003e@​sondavidb\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/245\"\u003econtainerd/continuity#245\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/containerd/continuity/compare/v0.4.3...v0.4.4\"\u003ehttps://github.com/containerd/continuity/compare/v0.4.3...v0.4.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/2fab5e9ef807da8b932addc4ca1fe6c551ca1c15\"\u003e\u003ccode\u003e2fab5e9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/continuity/issues/257\"\u003e#257\u003c/a\u003e from AkihiroSuda/dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/8ae2b5ed00ea2ce911d163c19b85de58ffeaee10\"\u003e\u003ccode\u003e8ae2b5e\u003c/code\u003e\u003c/a\u003e Disable FUSE for FreeBSD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/ef3b6f490ced58b82bf25ffd3ca5c242bedf06ef\"\u003e\u003ccode\u003eef3b6f4\u003c/code\u003e\u003c/a\u003e go.mod: bump up\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/332293b49b3d268b404b4ff539be3b909170ade0\"\u003e\u003ccode\u003e332293b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/continuity/issues/254\"\u003e#254\u003c/a\u003e from thaJeztah/rm_macos_bits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/1287117cdbc7879395a64e0bd04aafd151fa4b69\"\u003e\u003ccode\u003e1287117\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/continuity/issues/256\"\u003e#256\u003c/a\u003e from thaJeztah/fix_kind\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/0a983fcf9e1c92e9b4a102e66e5f2e59f2c3925f\"\u003e\u003ccode\u003e0a983fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/continuity/issues/252\"\u003e#252\u003c/a\u003e from thaJeztah/gofix_buildtags\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/75b1c65ec9b850224f4e37b006ebd779bcf6f2e8\"\u003e\u003ccode\u003e75b1c65\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/continuity/issues/245\"\u003e#245\u003c/a\u003e from sondavidb/properly-handle-fs-without-xattrs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/cb01a52dedbb5cadd243e15be7fefb6906861bd7\"\u003e\u003ccode\u003ecb01a52\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/continuity/issues/251\"\u003e#251\u003c/a\u003e from thaJeztah/bump_codeql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/7d074e72420162b4e873d4699f2518c02fcb983f\"\u003e\u003ccode\u003e7d074e7\u003c/code\u003e\u003c/a\u003e kind.String(): fix missing case statements for iota consts in switch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/327ebdd9c1ddcbfd517279a3602efa286dfe5cdc\"\u003e\u003ccode\u003e327ebdd\u003c/code\u003e\u003c/a\u003e cmd/continuity/commands: ...\n\n_Description has been truncated_","html_url":"https://github.com/samalba/dagger/pull/280","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/samalba%2Fdagger/issues/280","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/280/packages"},{"uuid":"3981261403","node_id":"PR_kwDOPcPlF87Fzjh6","number":670,"state":"open","title":"build(deps): bump the go_modules group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-24T03:16:54.000Z","updated_at":"2026-02-25T06:02:09.689Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go_modules","update_count":5,"packages":[{"name":"github.com/docker/distribution","old_version":"2.8.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/golang-jwt/jwt/v4","old_version":"4.5.0","new_version":"4.5.2","repository_url":"https://github.com/golang-jwt/jwt"},{"name":"github.com/jackc/pgproto3/v2","old_version":"2.3.0","new_version":"2.3.3","repository_url":"https://github.com/jackc/pgproto3"},{"name":"github.com/jackc/pgx/v4","old_version":"4.16.0","new_version":"4.18.2","repository_url":"https://github.com/jackc/pgx"},{"name":"golang.org/x/crypto","old_version":"0.41.0","new_version":"0.45.0","repository_url":"https://github.com/golang/crypto"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 5 updates in the /components/ambient-api-server directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/docker/distribution](https://github.com/docker/distribution) | `2.8.1+incompatible` | `2.8.2+incompatible` |\n| [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) | `4.5.0` | `4.5.2` |\n| [github.com/jackc/pgproto3/v2](https://github.com/jackc/pgproto3) | `2.3.0` | `2.3.3` |\n| [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) | `4.16.0` | `4.18.2` |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.41.0` | `0.45.0` |\n\n\nUpdates `github.com/docker/distribution` from 2.8.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/golang-jwt/jwt/v4` from 4.5.0 to 4.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/golang-jwt/jwt/releases\"\u003egithub.com/golang-jwt/jwt/v4's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.5.2\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.5.1\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cp\u003eUnclear documentation of the error behavior in \u003ccode\u003eParseWithClaims\u003c/code\u003e in \u0026lt;= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by \u003ccode\u003eParseWithClaims\u003c/code\u003e return both error codes. If users only check for the \u003ccode\u003ejwt.ErrTokenExpired \u003c/code\u003e using \u003ccode\u003eerror.Is\u003c/code\u003e, they will ignore the embedded \u003ccode\u003ejwt.ErrTokenSignatureInvalid\u003c/code\u003e and thus potentially accept invalid tokens.\u003c/p\u003e\n\u003cp\u003eThis issue was documented in \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\u003c/a\u003e and fixed in this release.\u003c/p\u003e\n\u003cp\u003eNote: \u003ccode\u003ev5\u003c/code\u003e was not affected by this issue. So upgrading to this release version is also recommended.\u003c/p\u003e\n\u003ch1\u003eWhat's Changed\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBack-ported error-handling logic in \u003ccode\u003eParseWithClaims\u003c/code\u003e from \u003ccode\u003ev5\u003c/code\u003e branch. This fixes \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/2f0e9add62078527821828c76865661aa7718a84\"\u003e\u003ccode\u003e2f0e9ad\u003c/code\u003e\u003c/a\u003e Backporting 0951d18 to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c\"\u003e\u003ccode\u003e7b1c1c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgproto3/v2` from 2.3.0 to 2.3.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007\"\u003e\u003ccode\u003e945c212\u003c/code\u003e\u003c/a\u003e Backport fixes from pgx v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/0c0f7b03fb4967dfff8de06d07a9fe20baf83449\"\u003e\u003ccode\u003e0c0f7b0\u003c/code\u003e\u003c/a\u003e Add pgx v5 note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/f59ff94cbed817a4c9f755696894e1f919756cfc\"\u003e\u003ccode\u003ef59ff94\u003c/code\u003e\u003c/a\u003e UnmarshalJSON: removing hex decode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/fd427c06da934db1e3a73859ba6bed4d0810fb08\"\u003e\u003ccode\u003efd427c0\u003c/code\u003e\u003c/a\u003e Don't panic when receiving zero bytes with \u0026quot;slice bounds out of range\u0026quot;\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jackc/pgproto3/compare/v2.3.0...v2.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgx/v4` from 4.16.0 to 4.18.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md\"\u003egithub.com/jackc/pgx/v4's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.18.2 (March 4, 2024)\u003c/h1\u003e\n\u003cp\u003eFix CVE-2024-27289\u003c/p\u003e\n\u003cp\u003eSQL injection can occur when all of the following conditions are met:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eThe non-default simple protocol is used.\u003c/li\u003e\n\u003cli\u003eA placeholder for a numeric value must be immediately preceded by a minus.\u003c/li\u003e\n\u003cli\u003eThere must be a second placeholder for a string value after the first placeholder; both must be on the same line.\u003c/li\u003e\n\u003cli\u003eBoth parameter values must be user-controlled.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eThanks to Paul Gerste for reporting this issue.\u003c/p\u003e\n\u003cp\u003eFix CVE-2024-27304\u003c/p\u003e\n\u003cp\u003eSQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer\noverflow in the calculated message size can cause the one large message to be sent as multiple messages under the\nattacker's control.\u003c/p\u003e\n\u003cp\u003eThanks to Paul Gerste for reporting this issue.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix *dbTx.Exec not checking if it is already closed\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.18.1 (February 27, 2023)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Support pgx v4 and v5 stdlib in same program (Tomáš Procházka)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.18.0 (February 11, 2023)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade pgconn to v1.14.0\u003c/li\u003e\n\u003cli\u003eUpgrade pgproto3 to v2.3.2\u003c/li\u003e\n\u003cli\u003eUpgrade pgtype to v1.14.0\u003c/li\u003e\n\u003cli\u003eFix query sanitizer when query text contains Unicode replacement character\u003c/li\u003e\n\u003cli\u003eFix context with value in BeforeConnect (David Harju)\u003c/li\u003e\n\u003cli\u003eSupport pgx v4 and v5 stdlib in same program (Vitalii Solodilov)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.17.2 (September 3, 2022)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix panic when logging batch error (Tom Möller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.17.1 (August 27, 2022)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade puddle to v1.3.0 - fixes context failing to cancel Acquire when acquire is creating resource which was introduced in v4.17.0 (James Hartig)\u003c/li\u003e\n\u003cli\u003eFix atomic alignment on 32-bit platforms\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.17.0 (August 6, 2022)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade pgconn to v1.13.0\u003c/li\u003e\n\u003cli\u003eUpgrade pgproto3 to v2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade pgtype to v1.12.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/14690df4c533758df97f7cc561cb9062155045c6\"\u003e\u003ccode\u003e14690df\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/779548e1f725060db4f4fc528325d7304aa34f93\"\u003e\u003ccode\u003e779548e\u003c/code\u003e\u003c/a\u003e Update required Go version to 1.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/80e96622d64b9c4dcc7d78a2200c8eade1713118\"\u003e\u003ccode\u003e80e9662\u003c/code\u003e\u003c/a\u003e Update github.com/jackc/pgconn to v1.14.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/0bf9ac391c87b05d3c44cf0bbc43b9556761bc64\"\u003e\u003ccode\u003e0bf9ac3\u003c/code\u003e\u003c/a\u003e Fix erroneous test case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df\"\u003e\u003ccode\u003ef94eb0e\u003c/code\u003e\u003c/a\u003e Always wrap arguments in parentheses in the SQL sanitizer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/826a89229b8b1cdf18e4190afa437d3df9901b9c\"\u003e\u003ccode\u003e826a892\u003c/code\u003e\u003c/a\u003e Fix SQL injection via line comment creation in simple protocol\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7d882f9aa7b33f88fcf9da6b795685c5821950fd\"\u003e\u003ccode\u003e7d882f9\u003c/code\u003e\u003c/a\u003e Fix *dbTx.Exec not checking if it is already closed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/1d07b8b939810f2417b6c2010acac08d64be6e7d\"\u003e\u003ccode\u003e1d07b8b\u003c/code\u003e\u003c/a\u003e go mod tidy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/13468eb321a0bacbb0cbdfddb1ea1d62e68e0652\"\u003e\u003ccode\u003e13468eb\u003c/code\u003e\u003c/a\u003e Release v4.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7fed69b9540b7725f38abae5759a0cc98c541048\"\u003e\u003ccode\u003e7fed69b\u003c/code\u003e\u003c/a\u003e simplify duplicate \u003ccode\u003epgx\u003c/code\u003e registration guard\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jackc/pgx/compare/v4.16.0...v4.18.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.41.0 to 0.45.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e0068c0098be10d7025c99ab7c50ce454c1f0f9\"\u003e\u003ccode\u003e4e0068c\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c\"\u003e\u003ccode\u003ee79546e\u003c/code\u003e\u003c/a\u003e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f91f7a7c31bf90b39c1de895ad116a2bacc88748\"\u003e\u003ccode\u003ef91f7a7\u003c/code\u003e\u003c/a\u003e ssh/agent: prevent panic on malformed constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/2df4153a0311bdfea44376e0eb6ef2faefb0275b\"\u003e\u003ccode\u003e2df4153\u003c/code\u003e\u003c/a\u003e acme/autocert: let automatic renewal work with short lifetime certs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/bcf6a849efcf4702fa5172cb0998b46c3da1e989\"\u003e\u003ccode\u003ebcf6a84\u003c/code\u003e\u003c/a\u003e acme: pass context to request\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b4f2b62076abeee4e43fb59544dac565715fbf1e\"\u003e\u003ccode\u003eb4f2b62\u003c/code\u003e\u003c/a\u003e ssh: fix error message on unsupported cipher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/79ec3a51fcc7fbd2691d56155d578225ccc542e2\"\u003e\u003ccode\u003e79ec3a5\u003c/code\u003e\u003c/a\u003e ssh: allow to bind to a hostname in remote forwarding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/122a78f140d9d3303ed3261bc374bbbca149140f\"\u003e\u003ccode\u003e122a78f\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/c0531f9c34514ad5c5551e2d6ce569ca673a8afd\"\u003e\u003ccode\u003ec0531f9\u003c/code\u003e\u003c/a\u003e all: eliminate vet diagnostics\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/0997000b45e3a40598272081bcad03ffd21b8adb\"\u003e\u003ccode\u003e0997000\u003c/code\u003e\u003c/a\u003e all: fix some comments\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.41.0...v0.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ambient-code/platform/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ambient-code/platform/pull/670","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ambient-code%2Fplatform/issues/670","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/670/packages"},{"uuid":"3596267902","node_id":"PR_kwDOHscbzc6x7IK7","number":34,"state":"open","title":"Bump the go_modules group across 1 directory with 13 updates","user":"dependabot[bot]","labels":["wontfix","dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2025-11-06T15:16:26.000Z","updated_at":"2025-11-21T20:50:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":13,"packages":[{"name":"filippo.io/age","old_version":"1.0.0-beta7","new_version":"1.2.1","repository_url":"https://github.com/FiloSottile/age"},{"name":"github.com/golang-jwt/jwt/v4","old_version":"4.0.0","new_version":"4.5.2","repository_url":"https://github.com/golang-jwt/jwt"},{"name":"github.com/hashicorp/go-slug","old_version":"0.8.1","new_version":"0.16.3","repository_url":"https://github.com/hashicorp/go-slug"},{"name":"github.com/ulikunitz/xz","old_version":"0.5.8","new_version":"0.5.14","repository_url":"https://github.com/ulikunitz/xz"},{"name":"golang.org/x/oauth2","old_version":"0.0.0-20211104180415-d3ed0bb246c8","new_version":"0.27.0","repository_url":"https://github.com/golang/oauth2"},{"name":"google.golang.org/protobuf","old_version":"1.27.1","new_version":"1.33.0"},{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/docker/docker","old_version":"20.10.12+incompatible","new_version":"25.0.13+incompatible","repository_url":"https://github.com/docker/docker"},{"name":"github.com/hashicorp/go-retryablehttp","old_version":"0.7.1","new_version":"0.7.7","repository_url":"https://github.com/hashicorp/go-retryablehttp"},{"name":"github.com/prometheus/client_golang","old_version":"1.11.0","new_version":"1.11.1","repository_url":"https://github.com/prometheus/client_golang"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 10 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [filippo.io/age](https://github.com/FiloSottile/age) | `1.0.0-beta7` | `1.2.1` |\n| [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) | `4.0.0` | `4.5.2` |\n| [github.com/hashicorp/go-slug](https://github.com/hashicorp/go-slug) | `0.8.1` | `0.16.3` |\n| [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) | `0.5.8` | `0.5.14` |\n| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.0.0-20211104180415-d3ed0bb246c8` | `0.27.0` |\n| google.golang.org/protobuf | `1.27.1` | `1.33.0` |\n| [github.com/docker/distribution](https://github.com/docker/distribution) | `2.7.1+incompatible` | `2.8.2+incompatible` |\n| [github.com/docker/docker](https://github.com/docker/docker) | `20.10.12+incompatible` | `25.0.13+incompatible` |\n| [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) | `0.7.1` | `0.7.7` |\n| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.11.0` | `1.11.1` |\n\n\nUpdates `filippo.io/age` from 1.0.0-beta7 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/FiloSottile/age/releases\"\u003efilippo.io/age's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eage v1.2.1: security fix\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability that could allow an attacker to execute an arbitrary binary under certain conditions.\u003c/p\u003e\n\u003cp\u003eSee GHSA-32gq-x56h-299c.\u003c/p\u003e\n\u003cp\u003ePlugin names may now only contain alphanumeric characters or the four special characters \u003ccode\u003e+-._\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThanks to ⬡-49016 for reporting this issue.\u003c/p\u003e\n\u003ch2\u003eage v1.2.0\u003c/h2\u003e\n\u003cp\u003eA small release to build the release binaries with a more recent Go toolchain, and to fix a couple CLI edge cases (\u003ca href=\"https://redirect.github.com/FiloSottile/age/issues/491\"\u003eFiloSottile/age#491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/FiloSottile/age/issues/555\"\u003eFiloSottile/age#555\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eThe Go module now exposes a plugin package that provides an age plugin client. That is, Recipient and Identity implementations that invoke a plugin binary, allowing the use of age plugins in Go programs.\u003c/p\u003e\n\u003cp\u003eFinally, Recipients can now return a set of \u0026quot;labels\u0026quot; by implementing RecipientWithLabels. This allows replicating the special behavior of the scrypt Recipient in third-party Recipients, or applying policy useful for authenticated or post-quantum Recipients.\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e// RecipientWithLabels can be optionally implemented by a Recipient, in which\n// case Encrypt will use WrapWithLabels instead of Wrap.\n//\n// Encrypt will succeed only if the labels returned by all the recipients\n// (assuming the empty set for those that don't implement RecipientWithLabels)\n// are the same.\n//\n// This can be used to ensure a recipient is only used with other recipients\n// with equivalent properties (for example by setting a \u0026quot;postquantum\u0026quot; label) or\n// to ensure a recipient is always used alone (by returning a random label, for\n// example to preserve its authentication properties).\ntype RecipientWithLabels interface {\n\tWrapWithLabels(fileKey []byte) (s []*Stanza, labels []string, err error)\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eage v1.1.1 is a patch release to fix \u003ccode\u003ego install filippo.io/age/...@latest\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/FiloSottile/age/releases/tag/v1.1.0\"\u003ethe release notes for v1.1.0 for changes since v1.0.0\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eage v1.1.0: plugin and YubiKeys support\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eage is a simple, modern and secure file encryption tool, format, and Go library. It features small explicit keys, no config options, and UNIX-style composability. Learn more by reading the \u003ca href=\"https://github.com/FiloSottile/age/blob/main/README.md\"\u003eREADME\u003c/a\u003e, the \u003ca href=\"https://filippo.io/age/age.1\"\u003eage(1) man page\u003c/a\u003e, the \u003ca href=\"https://pkg.go.dev/filippo.io/age\"\u003eGo API reference\u003c/a\u003e, the \u003ca href=\"https://age-encryption.org/v1\"\u003eformat specification\u003c/a\u003e, or the \u003ca href=\"https://github.com/FiloSottile/age/compare/v1.0.0...v1.1.0\"\u003efull release changelog\u003c/a\u003e. Watch the repository or \u003ca href=\"https://abyssdomain.expert/@filippo\"\u003e\u003ccode\u003efollow @​filippo@abyssdomain.expert\u003c/code\u003e\u003c/a\u003e to be notified of new releases.\u003c/p\u003e\n\u003cp\u003e🛠️ FYI, age now has an extensive \u003ca href=\"https://c2sp.org/CCTV/age\"\u003etest suite\u003c/a\u003e which all age implementations are encouraged to adopt.\u003c/p\u003e\n\u003ch2\u003ePlugin support\u003c/h2\u003e\n\u003cp\u003eThe age CLI now supports plugins, such as \u003ca href=\"https://github.com/str4d/age-plugin-yubikey\"\u003eage-plugin-yubikey\u003c/a\u003e by \u003ca href=\"https://github.com/str4d\"\u003e\u003ccode\u003e@​str4d\u003c/code\u003e\u003c/a\u003e. To try it on macOS with Homebrew:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e$ brew upgrade age\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/482cf6fc9babd3ab06f6606762aac10447222201\"\u003e\u003ccode\u003e482cf6f\u003c/code\u003e\u003c/a\u003e plugin: restrict characters in plugin names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/cda3988cc76a139426281a1d812914b71435bd18\"\u003e\u003ccode\u003ecda3988\u003c/code\u003e\u003c/a\u003e all: fix staticcheck warnings (\u003ca href=\"https://redirect.github.com/FiloSottile/age/issues/589\"\u003e#589\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/176e245b3cb3ada322c21eef0bce166dc5a5e4c7\"\u003e\u003ccode\u003e176e245\u003c/code\u003e\u003c/a\u003e README: rotate Sigsum keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/faefdc3c81efa89fd41998b77c62234ca56be10b\"\u003e\u003ccode\u003efaefdc3\u003c/code\u003e\u003c/a\u003e README: document Sigsum proofs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/bbe6ce5eeb1bb70cfc705d0961c943f0dd637ffd\"\u003e\u003ccode\u003ebbe6ce5\u003c/code\u003e\u003c/a\u003e .github/workflows: update artifacts Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/1e1badabf74064ee800d19817a725f4803fa4e94\"\u003e\u003ccode\u003e1e1bada\u003c/code\u003e\u003c/a\u003e .github/workflows: go-version stable, not latest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/2293a9afef6984915cb28d2a7264b145604d61e9\"\u003e\u003ccode\u003e2293a9a\u003c/code\u003e\u003c/a\u003e .github/workflows: use latest Go for bootstrap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/01fe9cd84aa5380cd09b8761af919e5d0a1386ad\"\u003e\u003ccode\u003e01fe9cd\u003c/code\u003e\u003c/a\u003e README: add pkgx installation instructions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/bd0511b415355bf84a3861c77d47d9337ab367b1\"\u003e\u003ccode\u003ebd0511b\u003c/code\u003e\u003c/a\u003e cmd/age: detect output/input file reuse when possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/febaaded8756511fd12b7aea122e44be80c35862\"\u003e\u003ccode\u003efebaade\u003c/code\u003e\u003c/a\u003e cmd/age: create file for empty decryptions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FiloSottile/age/compare/v1.0.0-beta7...v1.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/golang-jwt/jwt/v4` from 4.0.0 to 4.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/golang-jwt/jwt/releases\"\u003egithub.com/golang-jwt/jwt/v4's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.5.2\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.5.1\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cp\u003eUnclear documentation of the error behavior in \u003ccode\u003eParseWithClaims\u003c/code\u003e in \u0026lt;= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by \u003ccode\u003eParseWithClaims\u003c/code\u003e return both error codes. If users only check for the \u003ccode\u003ejwt.ErrTokenExpired \u003c/code\u003e using \u003ccode\u003eerror.Is\u003c/code\u003e, they will ignore the embedded \u003ccode\u003ejwt.ErrTokenSignatureInvalid\u003c/code\u003e and thus potentially accept invalid tokens.\u003c/p\u003e\n\u003cp\u003eThis issue was documented in \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\u003c/a\u003e and fixed in this release.\u003c/p\u003e\n\u003cp\u003eNote: \u003ccode\u003ev5\u003c/code\u003e was not affected by this issue. So upgrading to this release version is also recommended.\u003c/p\u003e\n\u003ch1\u003eWhat's Changed\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBack-ported error-handling logic in \u003ccode\u003eParseWithClaims\u003c/code\u003e from \u003ccode\u003ev5\u003c/code\u003e branch. This fixes \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow strict base64 decoding by \u003ca href=\"https://github.com/AlexanderYastrebov\"\u003e\u003ccode\u003e@​AlexanderYastrebov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/259\"\u003egolang-jwt/jwt#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.4.3...v4.5.0\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.4.3...v4.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.4.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: link update for README.md for v4 by \u003ca href=\"https://github.com/krokite\"\u003e\u003ccode\u003e@​krokite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/217\"\u003egolang-jwt/jwt#217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement a BearerExtractor by \u003ca href=\"https://github.com/WhyNotHugo\"\u003e\u003ccode\u003e@​WhyNotHugo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/226\"\u003egolang-jwt/jwt#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump matrix to support latest go version (go1.19) by \u003ca href=\"https://github.com/mfridman\"\u003e\u003ccode\u003e@​mfridman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/231\"\u003egolang-jwt/jwt#231\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude \u003ca href=\"https://github.com/golang-jwt/jwe\"\u003ehttps://github.com/golang-jwt/jwe\u003c/a\u003e in README by \u003ca href=\"https://github.com/oxisto\"\u003e\u003ccode\u003e@​oxisto\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/229\"\u003egolang-jwt/jwt#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd doc comment to ParseWithClaims by \u003ca href=\"https://github.com/jkopczyn\"\u003e\u003ccode\u003e@​jkopczyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/232\"\u003egolang-jwt/jwt#232\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor: removed the unneeded if statement by \u003ca href=\"https://github.com/Krout0n\"\u003e\u003ccode\u003e@​Krout0n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/241\"\u003egolang-jwt/jwt#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNo pointer embedding in the example by \u003ca href=\"https://github.com/oxisto\"\u003e\u003ccode\u003e@​oxisto\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/255\"\u003egolang-jwt/jwt#255\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/krokite\"\u003e\u003ccode\u003e@​krokite\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/217\"\u003egolang-jwt/jwt#217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WhyNotHugo\"\u003e\u003ccode\u003e@​WhyNotHugo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/226\"\u003egolang-jwt/jwt#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jkopczyn\"\u003e\u003ccode\u003e@​jkopczyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/232\"\u003egolang-jwt/jwt#232\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krout0n\"\u003e\u003ccode\u003e@​Krout0n\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/241\"\u003egolang-jwt/jwt#241\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.4.2...v4.4.3\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.4.2...v4.4.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.4.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded MicahParks/keyfunc to extensions by \u003ca href=\"https://github.com/oxisto\"\u003e\u003ccode\u003e@​oxisto\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/194\"\u003egolang-jwt/jwt#194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link to v4 on pkg.go.dev page by \u003ca href=\"https://github.com/polRk\"\u003e\u003ccode\u003e@​polRk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/195\"\u003egolang-jwt/jwt#195\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md\"\u003egithub.com/golang-jwt/jwt/v4's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ccode\u003ejwt-go\u003c/code\u003e Version History\u003c/h1\u003e\n\u003cp\u003eThe following version history is kept for historic purposes. To retrieve the current changes of each version, please refer to the change-log of the specific release versions on \u003ca href=\"https://github.com/golang-jwt/jwt/releases\"\u003ehttps://github.com/golang-jwt/jwt/releases\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/2f0e9add62078527821828c76865661aa7718a84\"\u003e\u003ccode\u003e2f0e9ad\u003c/code\u003e\u003c/a\u003e Backporting 0951d18 to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c\"\u003e\u003ccode\u003e7b1c1c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/9358574a7a1a2c8d644f22b6e8de627ba85c58d0\"\u003e\u003ccode\u003e9358574\u003c/code\u003e\u003c/a\u003e Allow strict base64 decoding (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/2f0984a28be854685a0b59b71d597f10f2c49cff\"\u003e\u003ccode\u003e2f0984a\u003c/code\u003e\u003c/a\u003e Using \u003ccode\u003etparse\u003c/code\u003e for nicer CI test display (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/251\"\u003e#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/2101c1f4bc589dcef71b5f750191a8db07c82431\"\u003e\u003ccode\u003e2101c1f\u003c/code\u003e\u003c/a\u003e No pointer embedding in the example (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/35053d4e202c7cffd7ecc96ce2b247e2117f838e\"\u003e\u003ccode\u003e35053d4\u003c/code\u003e\u003c/a\u003e Removed unneeded if statement (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/241\"\u003e#241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/0c4e3879854669acd15ea435f2c8aada6c73810a\"\u003e\u003ccode\u003e0c4e387\u003c/code\u003e\u003c/a\u003e Add doc comment to ParseWithClaims (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/bfea432b1a9da383509086a2141c06dc103e82f9\"\u003e\u003ccode\u003ebfea432\u003c/code\u003e\u003c/a\u003e Include \u003ca href=\"https://github.com/golang-jwt/jwe\"\u003ehttps://github.com/golang-jwt/jwe\u003c/a\u003e in README (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/229\"\u003e#229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/d81acbf7f30f11e5ef65030008b876e46a3ca7d0\"\u003e\u003ccode\u003ed81acbf\u003c/code\u003e\u003c/a\u003e Bump matrix to support latest go version (go1.19) (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/231\"\u003e#231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/fdaf0eb0e0c1f33ca4bc05ce761d931fc236007f\"\u003e\u003ccode\u003efdaf0eb\u003c/code\u003e\u003c/a\u003e Implement a BearerExtractor (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.0.0...v4.5.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/hashicorp/go-slug` from 0.8.1 to 0.16.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hashicorp/go-slug/releases\"\u003egithub.com/hashicorp/go-slug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.16.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdjust destination path check by \u003ca href=\"https://github.com/NodyHub\"\u003e\u003ccode\u003e@​NodyHub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/76\"\u003ehashicorp/go-slug#76\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: This release may have issues when unpacking a tarball, we recommend using 0.16.4 or later.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hashicorp/go-slug/compare/v0.16.2...v0.16.3\"\u003ehttps://github.com/hashicorp/go-slug/compare/v0.16.2...v0.16.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.16.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CODEOWNERS file in .github/CODEOWNERS by \u003ca href=\"https://github.com/mukeshjc\"\u003e\u003ccode\u003e@​mukeshjc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/72\"\u003ehashicorp/go-slug#72\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate unused pack/unpack option \u003ccode\u003eAllowSymlinkTarget\u003c/code\u003e by \u003ca href=\"https://github.com/NodyHub\"\u003e\u003ccode\u003e@​NodyHub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/74\"\u003ehashicorp/go-slug#74\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mukeshjc\"\u003e\u003ccode\u003e@​mukeshjc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/72\"\u003ehashicorp/go-slug#72\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NodyHub\"\u003e\u003ccode\u003e@​NodyHub\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/74\"\u003ehashicorp/go-slug#74\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hashicorp/go-slug/compare/v0.16.1...v0.16.2\"\u003ehttps://github.com/hashicorp/go-slug/compare/v0.16.1...v0.16.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.16.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/68\"\u003e#68\u003c/a\u003e: Fix panic in \u003ccode\u003esourcebundle\u003c/code\u003e package when RegistryMeta and Packages aren't the same size.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hashicorp/go-slug/compare/v0.16.0...v0.16.1\"\u003ehttps://github.com/hashicorp/go-slug/compare/v0.16.0...v0.16.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.16.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/64\"\u003e#64\u003c/a\u003e: Remove the \u003ccode\u003e.Append(...)\u003c/code\u003e function from the \u003ccode\u003esourcebundle\u003c/code\u003e diagnostics API. Consumers should instead use the built-in golang \u003ccode\u003eappend()\u003c/code\u003e function. This ensures type-safety as you can't attempt to insert an invalid object into the diagnostics using the built-in function.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: this is technically a breaking change for consumers of the \u003ccode\u003esourcebundle\u003c/code\u003e package since it removes a method, but we had previously marked it as experimental in the v0.12.0 release and warned that its API is subject to change. The package continues to be experimental and may change further before stabilizing.\u003c/p\u003e\n\u003ch2\u003ev0.15.2\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003esourcebundle\u003c/code\u003e: Fixed a bug in the PackageMeta receiver method \u003ccode\u003eGetCommitMessage() string\u003c/code\u003e that caused it to return an empty string instead of the git commit message.  (\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/61\"\u003e#61\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003ev0.15.1\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/59\"\u003e#59\u003c/a\u003e: expose registry module version deprecation data in \u003ccode\u003esourcebundle\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003ev0.15.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/56/files\"\u003e#56\u003c/a\u003e: collect commit messages in package meta struct.\u003c/p\u003e\n\u003cp\u003eNote: this is technically a breaking change for consumers of the sourcebundle package since it removes a method, but we had previously marked it as experimental in the v0.12.0 release and warned that its API is subject to change. The package continues to be experimental and may change further before stabilizing.\u003c/p\u003e\n\u003ch2\u003ev0.14.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/55\"\u003e#55\u003c/a\u003e: revise the experimental \u003ccode\u003esourcebundle\u003c/code\u003e package fetcher and registry client interfaces to improve future extensibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: this is technically a breaking change for consumers of the \u003ccode\u003esourcebundle\u003c/code\u003e package, but we had previously marked it as experimental in the v0.12.0 release and warned that its API is subject to change. The package continues to be experimental and may change further before stabilizing.\u003c/p\u003e\n\u003ch2\u003ev0.13.4\u003c/h2\u003e\n\u003cp\u003eFixed a bug with default exclusion rules for .terraformignore which caused the \u003ccode\u003e.terraform/modules\u003c/code\u003e directory to be excluded\u003c/p\u003e\n\u003ch2\u003ev0.13.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/9a9315589124e21b01ffe8a7816f4f2bea7da8b4\"\u003e\u003ccode\u003e9a93155\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/76\"\u003e#76\u003c/a\u003e from hashicorp/nodyhub/adjust-path-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/fbb041690f076f8e983a0f5f0d7406545a41359a\"\u003e\u003ccode\u003efbb0416\u003c/code\u003e\u003c/a\u003e improve sanitization checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/53c172a3e00fc1ac280365255b56af57846abdb4\"\u003e\u003ccode\u003e53c172a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/74\"\u003e#74\u003c/a\u003e from hashicorp/nodyhub/depricate-option-allow-symlink-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/a6204cf5b83cac1430fb575f48423e3bd2e8a3ac\"\u003e\u003ccode\u003ea6204cf\u003c/code\u003e\u003c/a\u003e depricate unused pack/unpack option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/82d53eadfab53add56dd3fc6a2141d65579c20b6\"\u003e\u003ccode\u003e82d53ea\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/72\"\u003e#72\u003c/a\u003e from hashicorp/add-codeowners\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/1030616226cb2437f1780d11cebbdacb5c8f2ae0\"\u003e\u003ccode\u003e1030616\u003c/code\u003e\u003c/a\u003e Add CODEOWNERS file in .github/CODEOWNERS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/6004eb1bc5144a120f3e780aeb63e1582b9b72d7\"\u003e\u003ccode\u003e6004eb1\u003c/code\u003e\u003c/a\u003e Pin action refs to latest trusted by TSCCR (\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/69\"\u003e#69\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/82b71b9ba81f90d84bb8bff8a2f6b6cda5bd46ad\"\u003e\u003ccode\u003e82b71b9\u003c/code\u003e\u003c/a\u003e sourcebundle: Fix panic when RegistryMeta and Packages aren't the same size (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/bb15d99c98c0941f30301a31ca39673a1f5bada0\"\u003e\u003ccode\u003ebb15d99\u003c/code\u003e\u003c/a\u003e Pin action refs to latest trusted by TSCCR (\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/66\"\u003e#66\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/18b3ddeef74292c53b2cc237a16a243ca2fc544d\"\u003e\u003ccode\u003e18b3dde\u003c/code\u003e\u003c/a\u003e sourcebundle: remove the option to append anything into a diagnostic that wil...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hashicorp/go-slug/compare/v0.8.1...v0.16.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/ulikunitz/xz` from 0.5.8 to 0.5.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/7184815834c4777e8fa665946721d5fe114c2c35\"\u003e\u003ccode\u003e7184815\u003c/code\u003e\u003c/a\u003e Preparation of release v0.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2\"\u003e\u003ccode\u003e88ddf1d\u003c/code\u003e\u003c/a\u003e Address Security Issue GHSA-jc7w-c686-c4v9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/c8314b8f21e9c5e25b52da07544cac14db277e89\"\u003e\u003ccode\u003ec8314b8\u003c/code\u003e\u003c/a\u003e Add new package xio with WriteCloserStack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/4f11dce79b9977ec2976a978d6c594ea1c23cf29\"\u003e\u003ccode\u003e4f11dce\u003c/code\u003e\u003c/a\u003e Update README.md and SECURITY.md to address security questions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/f56ebbfaa2400067dcda8ade26ce912c2873ca08\"\u003e\u003ccode\u003ef56ebbf\u003c/code\u003e\u003c/a\u003e TODO.md: fix a typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/9d122a61c181b044e6b8b9c09979dfe7c513e2db\"\u003e\u003ccode\u003e9d122a6\u003c/code\u003e\u003c/a\u003e release version v0.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/4ce6f08566c86bf66a9bc1c2f811336ae2e462c0\"\u003e\u003ccode\u003e4ce6f08\u003c/code\u003e\u003c/a\u003e lzma: fix handling of small dictionary sizes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/0b7c695d23f84aa7e968bbcaa1980847683d909a\"\u003e\u003ccode\u003e0b7c695\u003c/code\u003e\u003c/a\u003e xz: add reader benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/553507794087117cd9bdc95c924c1c5611bd991a\"\u003e\u003ccode\u003e5535077\u003c/code\u003e\u003c/a\u003e xz: add compression reate to Writer benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/886dc9acde193dec013d4812372011c64f6efbc2\"\u003e\u003ccode\u003e886dc9a\u003c/code\u003e\u003c/a\u003e xz: add benchmark for Writer\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ulikunitz/xz/compare/v0.5.8...v0.5.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.0.0-20220127200216-cd36cc0744dd to 0.21.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/commits/v0.21.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.0.0-20211104180415-d3ed0bb246c8 to 0.27.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/oauth2/commits/v0.27.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.3.7 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/9c2f3a21352d1ff4e47776534e3f334b39ec0183\"\u003e\u003ccode\u003e9c2f3a2\u003c/code\u003e\u003c/a\u003e cmd/gotext: fix segfault in extract \u0026amp; rewrite commands\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/59e1219a5f3786e7011dc4816d0dbb09fee91bc8\"\u003e\u003ccode\u003e59e1219\u003c/code\u003e\u003c/a\u003e message: optimize lookupAndFormat function for better performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/a20a3e249605cda389f7039e0fccaabf709c47b3\"\u003e\u003ccode\u003ea20a3e2\u003c/code\u003e\u003c/a\u003e x/text: update x/tools for go/ssa range-over-func fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/8d533a0c40adec778a7d09ac6c8aa640d3c883f4\"\u003e\u003ccode\u003e8d533a0\u003c/code\u003e\u003c/a\u003e encoding/charmap: update UCM spec file URL prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/6c97a165dd661335ff7bce6104a008558123c353\"\u003e\u003ccode\u003e6c97a16\u003c/code\u003e\u003c/a\u003e all: update go directive to 1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f488e191e67ed95a5b9b7b39024e5a5f5f1ffd02\"\u003e\u003ccode\u003ef488e19\u003c/code\u003e\u003c/a\u003e unicode/norm: fix function name on comment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/fb697c0580b4b6ab0a21ca17e64788b981fb6018\"\u003e\u003ccode\u003efb697c0\u003c/code\u003e\u003c/a\u003e cmd/gotext: actually use -dir flag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f3e69ed4a8ab60c16ae76f4ddb08f2726b0a9428\"\u003e\u003ccode\u003ef3e69ed\u003c/code\u003e\u003c/a\u003e cmd/gotext: fix misbehaviors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/ab07ad1b65bc4cdc738e747f7569a3795d2e60ec\"\u003e\u003ccode\u003eab07ad1\u003c/code\u003e\u003c/a\u003e all: remove repetitive words\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e50348080f29449bcd6808c11400b3d45f08b09d\"\u003e\u003ccode\u003ee503480\u003c/code\u003e\u003c/a\u003e encoding/japanese, language: shorten very long sub-test names\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/text/compare/v0.3.7...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/protobuf` from 1.27.1 to 1.33.0\n\nUpdates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker` from 20.10.12+incompatible to 25.0.13+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/docker/releases\"\u003egithub.com/docker/docker's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev25.0.13\u003c/h2\u003e\n\u003ch2\u003e25.0.13\u003c/h2\u003e\n\u003cp\u003eFor a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/milestone/207?closed=1\"\u003emoby/moby, 25.0.13 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChanges to the Engine API, see \u003ca href=\"https://github.com/moby/moby/blob/v25.0.13/docs/api/version-history.md\"\u003eAPI version history\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes and enhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent restoration of iptables rules for deleted networks and containers on firewalld reload. \u003ca href=\"https://redirect.github.com/moby/moby/pull/50445\"\u003emoby/moby#50445\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Swarm services becoming unreachable from published ports after a firewalld reload. \u003ca href=\"https://redirect.github.com/moby/moby/pull/50445\"\u003emoby/moby#50445\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove the reliability of the Swarm overlay network control plane by fixing longstanding issues with NetworkDB. \u003ca href=\"https://redirect.github.com/moby/moby/pull/50511\"\u003emoby/moby#50511\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove the reliability of Swarm overlay container networks by fixing longstanding issues with the overlay network driver. \u003ca href=\"https://redirect.github.com/moby/moby/pull/50551\"\u003emoby/moby#50551\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev25.0.12\u003c/h2\u003e\n\u003ch2\u003e25.0.12\u003c/h2\u003e\n\u003cp\u003eFor a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.12\"\u003emoby/moby, 25.0.12 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChanges to the Engine API, see \u003ca href=\"https://github.com/moby/moby/blob/v25.0.12/docs/api/version-history.md\"\u003eAPI version history\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes and enhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where all new tasks in the Swarm could get stuck in the PENDING state forever after scaling up a service with placement preferences. \u003ca href=\"https://redirect.github.com/moby/moby/pull/50203\"\u003emoby/moby#50203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix an issue which made DNS service discovery for Swarm services unreliable. \u003ca href=\"https://redirect.github.com/moby/moby/pull/50230\"\u003emoby/moby#50230\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePackaging updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Go toolchain to go1.23.9. \u003ca href=\"https://redirect.github.com/moby/moby/pull/50053\"\u003emoby/moby#50053\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev25.0.11\u003c/h2\u003e\n\u003ch2\u003e25.0.11\u003c/h2\u003e\n\u003cp\u003eFor a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.11\"\u003emoby/moby, 25.0.11 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChanges to the Engine API, see \u003ca href=\"https://github.com/moby/moby/blob/v25.0.11/docs/api/version-history.md\"\u003eAPI version history\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNetworking\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[25.0] Backport network fixes by \u003ca href=\"https://github.com/dperny\"\u003e\u003ccode\u003e@​dperny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/moby/pull/50005\"\u003emoby/moby#50005\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eKnown Issues\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSome Swarm services are not discoverable over DNS \u003ca href=\"https://redirect.github.com/moby/moby/issues/50129\"\u003emoby/moby#50129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/moby/compare/v25.0.10...v25.0.11\"\u003ehttps://github.com/moby/moby/compare/v25.0.10...v25.0.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev25.0.10\u003c/h2\u003e\n\u003ch2\u003e25.0.10\u003c/h2\u003e\n\u003cp\u003eFor a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/165516eb478021fdc99976e5aadc26bf73c1e51b\"\u003e\u003ccode\u003e165516e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/50551\"\u003e#50551\u003c/a\u003e from corhere/backport-25.0/libn/all-the-overlay-fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/f099e911bd99581bb0f6c0802cc5c10081c457b4\"\u003e\u003ccode\u003ef099e91\u003c/code\u003e\u003c/a\u003e libnetwork: handle coalesced endpoint events\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/bace1b8a3bf33718a6c2d387cc7a9841f0b87b99\"\u003e\u003ccode\u003ebace1b8\u003c/code\u003e\u003c/a\u003e libnetwork/d/overlay: handle coalesced peer updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/f9e54290b54fe990110341cc2a985e245d3a05d2\"\u003e\u003ccode\u003ef9e5429\u003c/code\u003e\u003c/a\u003e libn/d/win/overlay: dedupe NetworkDB definitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/fc3df5523007c1a96e194a4146aea5f49bb58c01\"\u003e\u003ccode\u003efc3df55\u003c/code\u003e\u003c/a\u003e libn/d/overlay: extract hashable address types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/b22872af606cbea4fafd4f47fbcf61fdba274a04\"\u003e\u003ccode\u003eb22872a\u003c/code\u003e\u003c/a\u003e libnetwork/driverapi: make EventNotify optional\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/c7e17ae65d89e9441c6ec461bfeb75bad90cd338\"\u003e\u003ccode\u003ec7e17ae\u003c/code\u003e\u003c/a\u003e libn/networkdb: report prev value in update events\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/d60c71a9d7b28adfd29464148ffc0f4ed7d598f9\"\u003e\u003ccode\u003ed60c71a\u003c/code\u003e\u003c/a\u003e libnetwork/d/overlay: fix logical race conditions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/ad54b8f9ce80e611e505046e8363b27338005a6c\"\u003e\u003ccode\u003ead54b8f\u003c/code\u003e\u003c/a\u003e libn/d/overlay: fix encryption race conditions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/8075689abd554f17bafad09f51869ae6bf4f4987\"\u003e\u003ccode\u003e8075689\u003c/code\u003e\u003c/a\u003e libn/d/overlay: inline secMapWalk into only caller\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker/compare/v20.10.12...v25.0.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/hashicorp/go-retryablehttp` from 0.7.1 to 0.7.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md\"\u003egithub.com/hashicorp/go-retryablehttp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.7.7 (May 30, 2024)\u003c/h2\u003e\n\u003cp\u003eBUG FIXES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: avoid potentially leaking URL-embedded basic authentication credentials in logs (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.7.6 (May 9, 2024)\u003c/h2\u003e\n\u003cp\u003eENHANCEMENTS:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: support a \u003ccode\u003eRetryPrepare\u003c/code\u003e function for modifying the request before retrying (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: support HTTP-date values for \u003ccode\u003eRetry-After\u003c/code\u003e header value (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: avoid reading entire body when the body is a \u003ccode\u003e*bytes.Reader\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/197\"\u003e#197\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBUG FIXES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: fix a broken check for invalid server certificate in go 1.20+ (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/210\"\u003e#210\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.7.5 (Nov 8, 2023)\u003c/h2\u003e\n\u003cp\u003eBUG FIXES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: fixes an issue where the request body is not preserved on temporary redirects or re-established HTTP/2 connections (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/207\"\u003e#207\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.7.4 (Jun 6, 2023)\u003c/h2\u003e\n\u003cp\u003eBUG FIXES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: fixing an issue where the Content-Type header wouldn't be sent with an empty payload when using HTTP/2 (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/194\"\u003e#194\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.7.3 (May 15, 2023)\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/1542b31176d3973a6ecbc06c05a2d0df89b59afb\"\u003e\u003ccode\u003e1542b31\u003c/code\u003e\u003c/a\u003e v0.7.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/defb9f441dcf67a2a56fae733482836ea83349ac\"\u003e\u003ccode\u003edefb9f4\u003c/code\u003e\u003c/a\u003e v0.7.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a\"\u003e\u003ccode\u003ea99f07b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/158\"\u003e#158\u003c/a\u003e from dany74q/danny/redacted-url-in-logs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/8a28c574da4098c0612fe1c7135f1f6de113d411\"\u003e\u003ccode\u003e8a28c57\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into danny/redacted-url-in-logs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/86e852df43aa0d94150c4629d74e5116d1ff3348\"\u003e\u003ccode\u003e86e852d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/227\"\u003e#227\u003c/a\u003e from hashicorp/dependabot/github_actions/actions/chec...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/47fe99e6460cddc5f433aad2b54dcf32281f8a53\"\u003e\u003ccode\u003e47fe99e\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.5 to 4.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/490fc06be0931548d3523a4245d15e9dc5d9214d\"\u003e\u003ccode\u003e490fc06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/226\"\u003e#226\u003c/a\u003e from testwill/ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/f3e9417dbfcd0dc2b4a02a1dfdeb75f1e636b692\"\u003e\u003ccode\u003ef3e9417\u003c/code\u003e\u003c/a\u003e chore: remove refs to deprecated io/ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/d969eaa9c97860482749df718a35b4a269361055\"\u003e\u003ccode\u003ed969eaa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/225\"\u003e#225\u003c/a\u003e from hashicorp/manicminer-patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/2ad8ed4a1d9e632284f6937e91b2f9a1d30e8298\"\u003e\u003ccode\u003e2ad8ed4\u003c/code\u003e\u003c/a\u003e v0.7.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hashicorp/go-retryablehttp/compare/v0.7.1...v0.7.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/prometheus/client_golang` from 1.11.0 to 1.11.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/releases\"\u003egithub.com/prometheus/client_golang's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.11.1 / 2022-02-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[SECURITY FIX] promhttp: Check validity of method and code label values \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/987\"\u003eprometheus/client_golang#987\u003c/a\u003e (Addressed \u003ca href=\"https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p\"\u003e\u003ccode\u003eCVE-2022-21698\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epromhttp: Check validity of method and code label values by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/kakkoyun\"\u003e\u003ccode\u003e@​kakkoyun\u003c/code\u003e\u003c/a\u003e in  \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/987\"\u003eprometheus/client_golang#987\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1\"\u003ehttps://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md\"\u003egithub.com/prometheus/client_golang's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch2\u003e1.23.2 / 2025-09-05\u003c/h2\u003e\n\u003cp\u003eThis release is made to upgrade to prometheus/common v0.66.1, which drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement).\nThere are no functional changes.\u003c/p\u003e\n\u003ch2\u003e1.23.1 / 2025-09-04\u003c/h2\u003e\n\u003cp\u003eThis release is made to be compatible with a backwards incompatible API change\nin prometheus/common v0.66.0. There are no functional changes.\u003c/p\u003e\n\u003ch2\u003e1.23.0 / 2025-07-30\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1812\"\u003e#1812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1766\"\u003e#1766\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add exemplars for native histograms \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1686\"\u003e#1686\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] exp/api: Bubble up status code from writeResponse \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1823\"\u003e#1823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1833\"\u003e#1833\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] exp/api: client prompt return on context cancellation \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1729\"\u003e#1729\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.22.0 / 2025-04-07\u003c/h2\u003e\n\u003cp\u003e:warning: This release contains potential breaking change if you use experimental \u003ccode\u003ezstd\u003c/code\u003e support introduce in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1496\"\u003e#1496\u003c/a\u003e :warning:\u003c/p\u003e\n\u003cp\u003eExperimental support for \u003ccode\u003ezstd\u003c/code\u003e on scrape was added, controlled by the request \u003ccode\u003eAccept-Encoding\u003c/code\u003e header.\nIt was enabled by default since version 1.20, but now you need to add a blank import to enable it.\nThe decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon,\n\u003ca href=\"https://redirect.github.com/golang/go/issues/62513\"\u003egolang/go#62513\u003c/a\u003e however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.\u003c/p\u003e\n\u003cp\u003ee.g.:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003eimport (\n  _ \u0026quot;github.com/prometheus/client_golang/prometheus/promhttp/zstd\u0026quot;\n)\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003e[FEATURE] prometheus: Add new CollectorFunc utility \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1724\"\u003e#1724\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1738\"\u003e#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] api: \u003ccode\u003eWithLookbackDelta\u003c/code\u003e and \u003ccode\u003eWithStats\u003c/code\u003e options have been added to API client. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1743\"\u003e#1743\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] :warning: promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1765\"\u003e#1765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.1 / 2025-03-04\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] prometheus: Revert of \u003ccode\u003eInc\u003c/code\u003e, \u003ccode\u003eAdd\u003c/code\u003e and \u003ccode\u003eObserve\u003c/code\u003e cumulative metric CAS optimizations (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1661\"\u003e#1661\u003c/a\u003e), causing regressions on low contention cases.\u003c/li\u003e\n\u003cli\u003e[BUGFIX] prometheus: Fix GOOS=ios build, broken due to process_collector_* wrong build tags.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.0 / 2025-02-17\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/989baa30fe956631907493ccee1f8e7708660d96\"\u003e\u003ccode\u003e989baa3\u003c/code\u003e\u003c/a\u003e promhttp: Check validity of method and code label values (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/962\"\u003e#962\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/987\"\u003e#987\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.0.0-20211117183948-ae814b36b871 to 0.24.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/commits/v0.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/spring-financial-group/helmfile/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/spring-financial-group/helmfile/pull/34","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/spring-financial-group%2Fhelmfile/issues/34","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/34/packages"},{"uuid":"3489199246","node_id":"PR_kwDOPUzTr86sYBsw","number":70,"state":"open","title":"build(deps): bump github.com/docker/distribution from 2.8.2+incompatible to 2.8.3+incompatible","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-10-06T21:34:46.000Z","updated_at":"2025-10-07T16:07:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/docker/distribution","old_version":"2.8.2+incompatible","new_version":"2.8.3+incompatible","repository_url":"https://github.com/docker/distribution"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.2+incompatible to 2.8.3+incompatible.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass \u003ccode\u003eBUILDTAGS\u003c/code\u003e argument to \u003ccode\u003ego build\u003c/code\u003e by \u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable Go build tags by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4009\"\u003edistribution/distribution#4009\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ereference\u003c/code\u003e: replace deprecated function \u003ccode\u003eSplitHostname\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4032\"\u003edistribution/distribution#4032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDont parse errors as JSON unless Content-Type is set to JSON by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4054\"\u003edistribution/distribution#4054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go 1.20.8 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4056\"\u003edistribution/distribution#4056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003eContent-Type\u003c/code\u003e header in registry client \u003ccode\u003eReadFrom\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4053\"\u003edistribution/distribution#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeprecate reference package, migrate to github.com/distribution/reference by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4063\"\u003edistribution/distribution#4063\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edigestset\u003c/code\u003e: deprecate package in favor of \u003ccode\u003ego-digest/digestset\u003c/code\u003e  by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4064\"\u003edistribution/distribution#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not close HTTP request body in HTTP handler by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4068\"\u003edistribution/distribution#4068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd v2.8.3 release notes by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4088\"\u003edistribution/distribution#4088\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4772604ae973031ab32dd9805a4bccf61d94909f\"\u003e\u003ccode\u003e4772604\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4088\"\u003e#4088\u003c/a\u003e from distribution/2.8.3-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a4fa69927538d336b6c537712b03ebb8e4194535\"\u003e\u003ccode\u003ea4fa699\u003c/code\u003e\u003c/a\u003e Add v2.8.3 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/1eb2c30122f5e45360037a9e5191e861b0fb86e6\"\u003e\u003ccode\u003e1eb2c30\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4068\"\u003e#4068\u003c/a\u003e from milosgajdos/2_8-dont-close-request-body\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5e6b1b5c9823f5941f40f8dc2bbf93f86342a897\"\u003e\u003ccode\u003e5e6b1b5\u003c/code\u003e\u003c/a\u003e Do not close HTTP request body in HTTP handler\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b76378843a642c9f92dc0cc528219e103aa9bee\"\u003e\u003ccode\u003e2b76378\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4064\"\u003e#4064\u003c/a\u003e from thaJeztah/2.8_backport_nodigestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/29b00e8b28994a706bb9eb20574ed60416ddc55c\"\u003e\u003ccode\u003e29b00e8\u003c/code\u003e\u003c/a\u003e digestset: deprecate package in favor of go-digest/digestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/d1ab2430e6c6226cf54cb46d9a8c8f253f24f8ec\"\u003e\u003ccode\u003ed1ab243\u003c/code\u003e\u003c/a\u003e [release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/11eb4194f67598afebcc15bf474b488b3c5b09a0\"\u003e\u003ccode\u003e11eb419\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4063\"\u003e#4063\u003c/a\u003e from thaJeztah/2.8_backport_switch_reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/3dda0677474a076ec5746e960fc0fb96ff738fd1\"\u003e\u003ccode\u003e3dda067\u003c/code\u003e\u003c/a\u003e deprecate reference package, migrate to github.com/distribution/reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/da05539ad3168aaba3a0b22aebdbddb3deeba6a2\"\u003e\u003ccode\u003eda05539\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4053\"\u003e#4053\u003c/a\u003e from thaJeztah/2.8_backport_set-content-type-client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.2...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution\u0026package-manager=go_modules\u0026previous-version=2.8.2+incompatible\u0026new-version=2.8.3+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/foundriesio/fioup/pull/70","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/foundriesio%2Ffioup/issues/70","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/70/packages"},{"uuid":"2811450045","node_id":"PR_kwDOKbJdCc6nk1K9","number":22,"state":"open","title":"build(deps): bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.2+incompatible","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-09-09T10:31:18.000Z","updated_at":"2025-09-09T10:31:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.7.1+incompatible to 2.8.2+incompatible.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution\u0026package-manager=go_modules\u0026previous-version=2.7.1+incompatible\u0026new-version=2.8.2+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kahlys/codex/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/kahlys/codex/pull/22","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kahlys%2Fcodex/issues/22","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/22/packages"},{"uuid":"3364812625","node_id":"PR_kwDOOTONfc6l4rQ9","number":14,"state":"open","title":"Bump the go_modules group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-28T22:02:15.000Z","updated_at":"2025-08-28T22:02:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":9,"packages":[{"name":"gopkg.in/yaml.v3","old_version":"3.0.0-20210107192922-496545a6307b","new_version":"3.0.1"},{"name":"github.com/docker/distribution","old_version":"2.8.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/docker/docker","old_version":"20.10.14+incompatible","new_version":"28.0.0+incompatible","repository_url":"https://github.com/docker/docker"},{"name":"github.com/moby/buildkit","old_version":"0.10.3","new_version":"0.12.5","repository_url":"https://github.com/moby/buildkit"},{"name":"github.com/lestrrat-go/jwx","old_version":"1.2.25","new_version":"1.2.29","repository_url":"https://github.com/lestrrat-go/jwx"},{"name":"golang.org/x/oauth2","old_version":"0.0.0-20220411215720-9780585627b5","new_version":"0.27.0","repository_url":"https://github.com/golang/oauth2"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| gopkg.in/yaml.v3 | `3.0.0-20210107192922-496545a6307b` | `3.0.1` |\n| [github.com/docker/distribution](https://github.com/docker/distribution) | `2.8.1+incompatible` | `2.8.2+incompatible` |\n| [github.com/docker/docker](https://github.com/docker/docker) | `20.10.14+incompatible` | `28.0.0+incompatible` |\n| [github.com/moby/buildkit](https://github.com/moby/buildkit) | `0.10.3` | `0.12.5` |\n| [github.com/lestrrat-go/jwx](https://github.com/lestrrat-go/jwx) | `1.2.25` | `1.2.29` |\n| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.0.0-20220411215720-9780585627b5` | `0.27.0` |\n\n\nUpdates `gopkg.in/yaml.v3` from 3.0.0-20210107192922-496545a6307b to 3.0.1\n\nUpdates `github.com/docker/distribution` from 2.8.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker` from 20.10.14+incompatible to 28.0.0+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/docker/releases\"\u003egithub.com/docker/docker's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev28.0.0\u003c/h2\u003e\n\u003ch1\u003e28.0.0\u003c/h1\u003e\n\u003cp\u003eFor a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.0.0\"\u003edocker/cli, 28.0.0 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.0.0\"\u003emoby/moby, 28.0.0 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecated and removed features, see \u003ca href=\"https://github.com/docker/cli/blob/v28.0.0/docs/deprecated.md\"\u003eDeprecated Features\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eChanges to the Engine API, see \u003ca href=\"https://github.com/moby/moby/blob/v28.0.0/docs/api/version-history.md\"\u003eAPI version history\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ability to mount an image inside a container via \u003ccode\u003e--mount type=image\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48798\"\u003emoby/moby#48798\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eYou can also specify \u003ccode\u003e--mount type=image,image-subpath=[subpath],...\u003c/code\u003e option to mount a specific path from the image. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5755\"\u003edocker/cli#5755\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker images --tree\u003c/code\u003e now shows metadata badges. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5744\"\u003edocker/cli#5744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker load\u003c/code\u003e, \u003ccode\u003edocker save\u003c/code\u003e, and \u003ccode\u003edocker history\u003c/code\u003e now support a \u003ccode\u003e--platform\u003c/code\u003e flag allowing you to choose a specific platform for single-platform operations on multi-platform images. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5331\"\u003edocker/cli#5331\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eOOMScoreAdj\u003c/code\u003e to \u003ccode\u003edocker service create\u003c/code\u003e and \u003ccode\u003edocker stack\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5145\"\u003edocker/cli#5145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker buildx prune\u003c/code\u003e now supports \u003ccode\u003ereserved-space\u003c/code\u003e, \u003ccode\u003emax-used-space\u003c/code\u003e, \u003ccode\u003emin-free-space\u003c/code\u003e and \u003ccode\u003ekeep-bytes\u003c/code\u003e filters. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48720\"\u003emoby/moby#48720\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWindows: Add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47955\"\u003emoby/moby#47955\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNetworking\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edocker-proxy\u003c/code\u003e binary has been updated, older versions will not work with the updated \u003ccode\u003edockerd\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48132\"\u003emoby/moby#48132\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eClose a window in which the userland proxy (\u003ccode\u003edocker-proxy\u003c/code\u003e) could accept TCP connections, that would then fail after \u003ccode\u003eiptables\u003c/code\u003e NAT rules were set up.\u003c/li\u003e\n\u003cli\u003eThe executable \u003ccode\u003erootlesskit-docker-proxy\u003c/code\u003e is no longer used, it has been removed from the build and distribution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDNS nameservers read from the host's \u003ccode\u003e/etc/resolv.conf\u003c/code\u003e are now always accessed from the host's network namespace. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48290\"\u003emoby/moby#48290\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eWhen the host's \u003ccode\u003e/etc/resolv.conf\u003c/code\u003e contains no nameservers and there are no \u003ccode\u003e--dns\u003c/code\u003e overrides, Google's DNS servers are no longer used, apart from by the default bridge network and in build containers.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eContainer interfaces in bridge and macvlan networks now use randomly generated MAC addresses. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48808\"\u003emoby/moby#48808\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eGratuitous ARP / Neighbour Advertisement messages will be sent when the interfaces are started so that, when IP addresses are reused, they're associated with the newly generated MAC address.\u003c/li\u003e\n\u003cli\u003eIPv6 addresses in the default bridge network are now IPAM-assigned, rather than being derived from the MAC address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eThe deprecated OCI \u003ccode\u003eprestart\u003c/code\u003e hook is now only used by build containers. For other containers, network interfaces are added to the network namespace after task creation is complete, before the container task is started. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47406\"\u003emoby/moby#47406\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a new \u003ccode\u003egw-priority\u003c/code\u003e option to \u003ccode\u003edocker run\u003c/code\u003e, \u003ccode\u003edocker container create\u003c/code\u003e, and \u003ccode\u003edocker network connect\u003c/code\u003e. This option will be used by the Engine to determine which network provides the default gateway for a container. On \u003ccode\u003edocker run\u003c/code\u003e, this option is only available through the extended \u003ccode\u003e--network\u003c/code\u003e syntax. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5664\"\u003edocker/cli#5664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a new netlabel \u003ccode\u003ecom.docker.network.endpoint.ifname\u003c/code\u003e to customize the interface name used when connecting a container to a network. It's supported by all built-in network drivers on Linux. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49155\"\u003emoby/moby#49155\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eWhen a container is created with multiple networks specified, there's no guarantee on the order networks will be connected to the container. So, if a custom interface name uses the same prefix as the auto-generated names, for example \u003ccode\u003eeth\u003c/code\u003e, the container might fail to start.\u003c/li\u003e\n\u003cli\u003eThe recommended practice is to use a different prefix, for example \u003ccode\u003een0\u003c/code\u003e, or a numerical suffix high enough to never collide, for example \u003ccode\u003eeth100\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThis label can be specified on \u003ccode\u003edocker network connect\u003c/code\u003e via the \u003ccode\u003e--driver-opt\u003c/code\u003e flag, for example \u003ccode\u003edocker network connect --driver-opt=com.docker.network.endpoint.ifname=foobar …\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eOr via the long-form \u003ccode\u003e--network\u003c/code\u003e flag on \u003ccode\u003edocker run\u003c/code\u003e, for example \u003ccode\u003edocker run --network=name=bridge,driver-opt=com.docker.network.endpoint.ifname=foobar …\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eIf a custom network driver reports capability \u003ccode\u003eGwAllocChecker\u003c/code\u003e then, before a network is created, it will get a \u003ccode\u003eGwAllocCheckerRequest\u003c/code\u003e with the network's options. The custom driver may then reply that no gateway IP address should be allocated. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49372\"\u003emoby/moby#49372\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePort publishing in bridge networks\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003edockerd\u003c/code\u003e now requires \u003ccode\u003eipset\u003c/code\u003e support in the Linux kernel. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48596\"\u003emoby/moby#48596\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eiptables\u003c/code\u003e and \u003ccode\u003eip6tables\u003c/code\u003e rules used to implement port publishing and network isolation have been extensively modified. This enables some of the following functional changes, and is a first step in refactoring to enable native \u003ccode\u003enftables\u003c/code\u003e support in a future release. \u003ca href=\"https://redirect.github.com/moby/moby/issues/48815\"\u003emoby/moby#48815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf it becomes necessary to downgrade to an earlier version of the daemon, some manual cleanup of the new rules will be necessary. The simplest and surest approach is to reboot the host, or use \u003ccode\u003eiptables -F\u003c/code\u003e and \u003ccode\u003eip6tables -F\u003c/code\u003e to flush all existing \u003ccode\u003eiptables\u003c/code\u003e rules from the \u003ccode\u003efilter\u003c/code\u003e table before starting the older version of the daemon. When that is not possible, run the following commands as root:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eiptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eiptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -j DOCKER; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -j DOCKER\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eIf you were previously running with the iptables filter-FORWARD policy set to \u003ccode\u003eACCEPT\u003c/code\u003e and need to restore access to unpublished ports, also delete per-bridge-network rules from the \u003ccode\u003eDOCKER\u003c/code\u003e chains. For example, \u003ccode\u003eiptables -D DOCKER ! -i docker0 -o docker0 -j DROP\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix a security issue that was allowing remote hosts to connect directly to a container on its published ports. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49325\"\u003emoby/moby#49325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a security issue that was allowing neighbor hosts to connect to ports mapped on a loopback address. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49325\"\u003emoby/moby#49325\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/af898abe44662d9554fb15ee4d4a7307f1b8e315\"\u003e\u003ccode\u003eaf898ab\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49495\"\u003e#49495\u003c/a\u003e from vvoland/update-buildkit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/d67f035d31bab71be3ae7dcaacba41f5a98aad11\"\u003e\u003ccode\u003ed67f035\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/buildkit v0.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/00ab386b5a2ebcf85b6a03b800f593c3a140c6a8\"\u003e\u003ccode\u003e00ab386\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49491\"\u003e#49491\u003c/a\u003e from vvoland/update-buildkit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/1fde8c46159cb41f584c01551f83cc21ecf924d9\"\u003e\u003ccode\u003e1fde8c4\u003c/code\u003e\u003c/a\u003e builder-next: fix cdi manager\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/cde9f0752e9c9f63b459e0247ff7df0b35488af3\"\u003e\u003ccode\u003ecde9f07\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/buildkit v0.20.0-rc3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/89e1429b65f194b25fe2e31088a4c4e69a651a47\"\u003e\u003ccode\u003e89e1429\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49490\"\u003e#49490\u003c/a\u003e from thaJeztah/dockerfile_linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/b2b55903d0bb54e11bfe22204c1e0b73627943eb\"\u003e\u003ccode\u003eb2b5590\u003c/code\u003e\u003c/a\u003e Dockerfile: fix linting warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/62bc5979908f152a8929ce44927cbdd929bf53ea\"\u003e\u003ccode\u003e62bc597\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49480\"\u003e#49480\u003c/a\u003e from thaJeztah/docs_api_1.48\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/670cd81423932b3e9103f0893c5d5e63a079ae58\"\u003e\u003ccode\u003e670cd81\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49485\"\u003e#49485\u003c/a\u003e from vvoland/c8d-list-panic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/a3628f3f8e806ede250e2c95f6757070c9fb56e4\"\u003e\u003ccode\u003ea3628f3\u003c/code\u003e\u003c/a\u003e docs/api: add documentation for API v1.48\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker/compare/v20.10.14...v28.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/buildkit` from 0.10.3 to 0.12.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/bac3f2b673f3f9d33e79046008e7a38e856b3dc6\"\u003e\u003ccode\u003ebac3f2b\u003c/code\u003e\u003c/a\u003e update runc to v1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/f781267af1acb688e94740e1fdc22c1bf587d7fd\"\u003e\u003ccode\u003ef781267\u003c/code\u003e\u003c/a\u003e exec: add extra validation for submount sources\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/d089e0b9527ba85075a2db02b55e7002847a0e8d\"\u003e\u003ccode\u003ed089e0b\u003c/code\u003e\u003c/a\u003e oci: fix error handling on submount calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/00fe637d43aba66f0937f5bdf4b9fc96991794fd\"\u003e\u003ccode\u003e00fe637\u003c/code\u003e\u003c/a\u003e executor: recheck mount stub path within root after container run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e\"\u003e\u003ccode\u003e92cc595\u003c/code\u003e\u003c/a\u003e llbsolver: make sure interactive container API validates entitlements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e\"\u003e\u003ccode\u003e5026d95\u003c/code\u003e\u003c/a\u003e gateway: pass executor with build and not access worker directly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/7718bd5c3dc8fc5cd246a30cc41766e7a53c043c\"\u003e\u003ccode\u003e7718bd5\u003c/code\u003e\u003c/a\u003e pb: add extra validation to protobuf types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/e1924dc32da35bfb0bfdbb9d0fc7bca25e552330\"\u003e\u003ccode\u003ee1924dc\u003c/code\u003e\u003c/a\u003e sourcepolicy: add validations for nil values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/96663dd35bf3787d7efb1ee7fd9ac7fe533582ae\"\u003e\u003ccode\u003e96663dd\u003c/code\u003e\u003c/a\u003e exporter: add validation for platforms key value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/481d9c45f473c58537f39694a38d7995cc656987\"\u003e\u003ccode\u003e481d9c4\u003c/code\u003e\u003c/a\u003e exporter: add validation for invalid platorm\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/buildkit/compare/v0.10.3...v0.12.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.0.0-20220427172511-eb4f295cb31f to 0.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/commits/v0.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.0.0-20220421235706-1d1ef9303861 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/commits/v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/protobuf` from 1.28.0 to 1.30.0\n\nUpdates `github.com/lestrrat-go/jwx` from 1.2.25 to 1.2.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lestrrat-go/jwx/releases\"\u003egithub.com/lestrrat-go/jwx's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev1.2.29 07 Mar 2024\u003c/h1\u003e\n\u003ch2\u003e[Security]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e[jwe] Added \u003ccode\u003ejwe.Settings(jwe.WithMaxDecompressBufferSize(int64))\u003c/code\u003e to specify the\nmaximum size of a decompressed JWE payload. The default value is 10MB. If you\nare compressing payloads greater than this, you need to explicitly set it.\u003c/p\u003e\n\u003cp\u003eUnlike in v2, there is no way to set this globally. Please use v2 if this is required.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.2.28\u003c/h2\u003e\n\u003cpre\u003e\u003ccode\u003ev1.2.28 09 Jan 2024\n[Security Fixes]\n  * [jws] JWS messages formated in full JSON format (i.e. not the compact format, which\n    consists of three base64 strings concatenated with a '.') with missing \u0026quot;protected\u0026quot;\n    headers could cause a panic, thereby introducing a possiblity of a DoS.\n\u003cpre\u003e\u003ccode\u003eThis has been fixed so that the `jws.Parse` function succeeds in parsing a JWS message\nlacking a protected header. Calling `jws.Verify` on this same JWS message will result\nin a failed verification attempt. Note that this behavior will differ slightly when\nparsing JWS messages in compact form, which result in an error.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.27\u003c/h2\u003e\n\u003cpre\u003e\u003ccode\u003ev1.2.27 - 03 Dec 2023\n[Security]\n  * [jwe] A large number in p2c parameter for PBKDF2 based encryptions could cause a DoS attack,\n    similar to https://nvd.nist.gov/vuln/detail/CVE-2022-36083.  All users should upgrade, as\n    unlike v2, v1 attempts to decrypt JWEs on JWTs by default.\n    [GHSA-7f9x-gw85-8grf]\n\u003cp\u003e[Bug Fixes]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[jwk] jwk.Set(jwk.KeyOpsKey, \u0026lt;jwk.KeyOperation\u0026gt;) now works (previously, either\nSet(.., \u0026lt;string\u0026gt;) or Set(..., []jwk.KeyOperation{...}) worked, but not a single\njwk.KeyOperation\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[SECURITY] v1.2.26\u003c/h2\u003e\n\u003cpre\u003e\u003ccode\u003ev1.2.26 - 14 Jun 2023\n[Security]\n  * Potential Padding Oracle Attack Vulnerability and Timing Attack Vulnerability\n    for JWE AES-CBC encrypted payloads affecting all v2 releases up to v2.0.10,\n    all v1 releases up to v1.2.25, and all v0 releases up to v0.9.2 have been reported by\n    @shogo82148.\n\u003cpre\u003e\u003ccode\u003ePlease note that v0 versions will NOT receive fixes.\nThis release fixes these vulnerabilities for the v1 series.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lestrrat-go/jwx/blob/v1.2.29/Changes\"\u003egithub.com/lestrrat-go/jwx's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003ev1.2.29 07 Mar 2024\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e[jwe] Added \u003ccode\u003ejwe.Settings(jwe.WithMaxDecompressBufferSize(int64))\u003c/code\u003e to specify the\nmaximum size of a decompressed JWE payload. The default value is 10MB. If you\nare compressing payloads greater than this, you need to explicitly set it.\u003c/p\u003e\n\u003cp\u003eUnlike in v2, there is no way to set this globally. Please use v2 if this is required.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ev1.2.28 09 Jan 2024\n[Security Fixes]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e[jws] JWS messages formated in full JSON format (i.e. not the compact format, which\nconsists of three base64 strings concatenated with a '.') with missing \u0026quot;protected\u0026quot;\nheaders could cause a panic, thereby introducing a possiblity of a DoS.\u003c/p\u003e\n\u003cp\u003eThis has been fixed so that the \u003ccode\u003ejws.Parse\u003c/code\u003e function succeeds in parsing a JWS message\nlacking a protected header. Calling \u003ccode\u003ejws.Verify\u003c/code\u003e on this same JWS message will result\nin a failed verification attempt. Note that this behavior will differ slightly when\nparsing JWS messages in compact form, which result in an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ev1.2.27 - 03 Dec 2023\n[Security]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[jwe] A large number in p2c parameter for PBKDF2 based encryptions could cause a DoS attack,\nsimilar to \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2022-36083\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2022-36083\u003c/a\u003e.  All users should upgrade, as\nunlike v2, v1 attempts to decrypt JWEs on JWTs by default.\n[GHSA-7f9x-gw85-8grf]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[Bug Fixes]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[jwk] jwk.Set(jwk.KeyOpsKey, \u0026lt;jwk.KeyOperation\u0026gt;) now works (previously, either\nSet(.., \u003c!-- raw HTML omitted --\u003e) or Set(..., []jwk.KeyOperation{...}) worked, but not a single\njwk.KeyOperation\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ev1.2.26 - 14 Jun 2023\n[Security]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ePotential Padding Oracle Attack Vulnerability and Timing Attack Vulnerability\nfor JWE AES-CBC encrypted payloads affecting all v2 releases up to v2.0.10,\nall v1 releases up to v1.2.25, and all v0 releases up to v0.9.2 have been reported by\n\u003ca href=\"https://github.com/shogo82148\"\u003e\u003ccode\u003e@​shogo82148\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003ePlease note that v0 versions will NOT receive fixes.\nThis release fixes these vulnerabilities for the v1 series.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[Miscellaneous]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJWE tests now only run algorithms that are supported by the underlying\n\u003ccode\u003ejose\u003c/code\u003e tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/1025f8eec3bd80c8d8f1be8f9cad989a5b78fd4b\"\u003e\u003ccode\u003e1025f8e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lestrrat-go/jwx/issues/1092\"\u003e#1092\u003c/a\u003e from lestrrat-go/develop/v1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/4399ace82658d4639eb88342074fa97d68cc96f0\"\u003e\u003ccode\u003e4399ace\u003c/code\u003e\u003c/a\u003e Merge branch 'v1' into develop/v1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/dc80fede7c3766cda714a5cf0f4ce4b0ca5bec1c\"\u003e\u003ccode\u003edc80fed\u003c/code\u003e\u003c/a\u003e Update Changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/e4c1511301301a4481cc3cd3f5c6353a34be3e43\"\u003e\u003ccode\u003ee4c1511\u003c/code\u003e\u003c/a\u003e silence linter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/d01027d74c7376d66037a10f4f64af9af26a7e34\"\u003e\u003ccode\u003ed01027d\u003c/code\u003e\u003c/a\u003e Merge pull request from GHSA-hj3v-m684-v259\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/3d6e0e07be993dae07ec0b8b5d3a42f58a684ffc\"\u003e\u003ccode\u003e3d6e0e0\u003c/code\u003e\u003c/a\u003e Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (\u003ca href=\"https://redirect.github.com/lestrrat-go/jwx/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/3af5916bf0c6129e01487c8e47db534c8faa0c2a\"\u003e\u003ccode\u003e3af5916\u003c/code\u003e\u003c/a\u003e Bump golang.org/x/crypto from 0.19.0 to 0.21.0 (\u003ca href=\"https://redirect.github.com/lestrrat-go/jwx/issues/1087\"\u003e#1087\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/7a05818b361ae2594ec3294559438f1a5a90005e\"\u003e\u003ccode\u003e7a05818\u003c/code\u003e\u003c/a\u003e Bump golang.org/x/crypto from 0.18.0 to 0.19.0 (\u003ca href=\"https://redirect.github.com/lestrrat-go/jwx/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/8e2aacdf170d1cc9a5d9f7fbcb4738799315ce82\"\u003e\u003ccode\u003e8e2aacd\u003c/code\u003e\u003c/a\u003e Bump golangci/golangci-lint-action from 3 to 4 (\u003ca href=\"https://redirect.github.com/lestrrat-go/jwx/issues/1076\"\u003e#1076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/4b1fd05ad8bd33899aaf10f5d42b9e52291fda80\"\u003e\u003ccode\u003e4b1fd05\u003c/code\u003e\u003c/a\u003e Bump kentaro-m/auto-assign-action from 1.2.6 to 2.0.0 (\u003ca href=\"https://redirect.github.com/lestrrat-go/jwx/issues/1068\"\u003e#1068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lestrrat-go/jwx/compare/v1.2.25...v1.2.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.0.0-20220411215720-9780585627b5 to 0.27.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/oauth2/commits/v0.27.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AKJUS/secure-repo/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/AKJUS/secure-repo/pull/14","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Fsecure-repo/issues/14","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/14/packages"},{"uuid":"2782805201","node_id":"PR_kwDONplZoM6l3jzR","number":3,"state":"open","title":"build(deps): bump the go_modules group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-28T19:44:39.000Z","updated_at":"2025-08-28T19:44:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go_modules","update_count":5,"packages":[{"name":"golang.org/x/net","old_version":"0.36.0","new_version":"0.38.0","repository_url":"https://github.com/golang/net"},{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/opencontainers/runc","old_version":"1.0.2","new_version":"1.2.0","repository_url":"https://github.com/opencontainers/runc"},{"name":"github.com/ulikunitz/xz","old_version":"0.5.12","new_version":"0.5.14","repository_url":"https://github.com/ulikunitz/xz"},{"name":"golang.org/x/oauth2","old_version":"0.17.0","new_version":"0.27.0","repository_url":"https://github.com/golang/oauth2"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [golang.org/x/net](https://github.com/golang/net) | `0.36.0` | `0.38.0` |\n| [github.com/docker/distribution](https://github.com/docker/distribution) | `2.7.1+incompatible` | `2.8.2+incompatible` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.0.2` | `1.2.0` |\n| [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) | `0.5.12` | `0.5.14` |\n| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.17.0` | `0.27.0` |\n\n\nUpdates `golang.org/x/net` from 0.36.0 to 0.38.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9\"\u003e\u003ccode\u003ee1fcd82\u003c/code\u003e\u003c/a\u003e html: properly handle trailing solidus in unquoted attribute value in foreign...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ebed060e8f30f20235f74808c22125fd86b15edd\"\u003e\u003ccode\u003eebed060\u003c/code\u003e\u003c/a\u003e internal/http3: fix build of tests with GOEXPERIMENT=nosynctest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/1f1fa29e0a46fffe18c43a9da8daa5a0b180dfa9\"\u003e\u003ccode\u003e1f1fa29\u003c/code\u003e\u003c/a\u003e publicsuffix: regenerate table\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/12150816f701c912a32a376754ab28dd3878833a\"\u003e\u003ccode\u003e1215081\u003c/code\u003e\u003c/a\u003e http2: improve error when server sends HTTP/1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/312450e473eae9f9e6173ad895c80bc5ea2f79ad\"\u003e\u003ccode\u003e312450e\u003c/code\u003e\u003c/a\u003e html: ensure \u0026lt;search\u0026gt; tag closes \u0026lt;p\u0026gt; and update tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/09731f9bf919b00b344c763894cd1920b3d96d90\"\u003e\u003ccode\u003e09731f9\u003c/code\u003e\u003c/a\u003e http2: improve handling of lost PING in Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/55989e24b972a90ab99308fdc7ea1fb58a96fef1\"\u003e\u003ccode\u003e55989e2\u003c/code\u003e\u003c/a\u003e http2/h2c: use ResponseController for hijacking connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/2914f46773171f4fa13e276df1135bafef677801\"\u003e\u003ccode\u003e2914f46\u003c/code\u003e\u003c/a\u003e websocket: re-recommend gorilla/websocket\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/99b3ae0643f9a2f9d820fcbba5f9e4c83b23bd48\"\u003e\u003ccode\u003e99b3ae0\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/compare/v0.36.0...v0.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.0.2 to 1.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.2.0 -- \u0026quot;できるときにできることをやるんだ。それが今だ。\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the long-awaited release of runc 1.2.0! The primary changes from rc3\nare general improvements and fixes for minor regressions related to the\nnew /proc/self/exe cloning logic in runc 1.2, follow-on patches related\nto CVE-2024-45310, as well as some other minor changes.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIn order to alleviate the remaining concerns around the memory usage and\n(arguably somewhat unimportant, but measurable) performance overhead of\nmemfds for cloning \u003ccode\u003e/proc/self/exe\u003c/code\u003e, we have added a new protection using\n\u003ccode\u003eoverlayfs\u003c/code\u003e that is used if you have enough privileges and the running\nkernel supports it. It has effectively no performance nor memory overhead\n(compared to no cloning at all). (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4448\"\u003e#4448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe original fix for \u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv\"\u003eCVE-2024-45310\u003c/a\u003e was intentionally very\nlimited in scope to make it easier to review, however it also did not handle\nall possible \u003ccode\u003eos.MkdirAll\u003c/code\u003e cases and thus could lead to regressions. We have\nswitched to the more complete implementation in the newer versions of\n\u003ccode\u003egithub.com/cyphar/filepath-securejoin\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4393\"\u003e#4393\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4400\"\u003e#4400\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4421\"\u003e#4421\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4430\"\u003e#4430\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIn certain situations (a system with lots of mounts or racing mounts) we\ncould accidentally end up leaking mounts from the container into the host.\nThis has been fixed. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4417\"\u003e#4417\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe fallback logic for \u003ccode\u003eO_TMPFILE\u003c/code\u003e clones of \u003ccode\u003e/proc/self/exe\u003c/code\u003e had a minor\nbug that would cause us to miss non-\u003ccode\u003enoexec\u003c/code\u003e directories and thus fail to\nstart containers on some systems. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4444\"\u003e#4444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSometimes the cloned \u003ccode\u003e/proc/self/exe\u003c/code\u003e file descriptor could be placed in a\nway that it would get clobbered by the Go runtime. We had a fix for this\nalready but it turns out it could still break in rare circumstances, but it\nhas now been fixed. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4294\"\u003e#4294\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4452\"\u003e#4452\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIt is not possible for \u003ccode\u003erunc kill\u003c/code\u003e to work properly in some specific\nconfigurations (such as rootless containers with no cgroups and a shared pid\nnamespace). We now output a warning for such configurations. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4398\"\u003e#4398\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ememfd-bind: update the documentation and make path handling with the systemd\nunit more idiomatic. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4428\"\u003e#4428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWe now use v0.16 of Cilium's eBPF library, including fixes that quite a few\ndownstreams asked for. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4397\"\u003e#4397\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4396\"\u003e#4396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSome internal \u003ccode\u003erunc init\u003c/code\u003e synchronisation that was no longer necessary (due\nto the \u003ccode\u003e/proc/self/exe\u003c/code\u003e cloning move to Go) was removed. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4441\"\u003e#4441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStatic Linking Notices\u003c/h3\u003e\n\u003cp\u003eThe \u003ccode\u003erunc\u003c/code\u003e binary distributed with this release are \u003cem\u003estatically linked\u003c/em\u003e with\nthe following \u003ca href=\"https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html\"\u003eGNU LGPL-2.1\u003c/a\u003e licensed libraries, with \u003ccode\u003erunc\u003c/code\u003e acting\nas a \u0026quot;work that uses the Library\u0026quot;:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seccomp/libseccomp\"\u003elibseccomp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe versions of these libraries were not modified from their upstream versions,\nbut in order to comply with the LGPL-2.1 (§6(a)), we have attached the\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/main/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.0] - 2024-10-22\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eできるときにできることをやるんだ。それが今だ。\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIn order to alleviate the remaining concerns around the memory usage and\n(arguably somewhat unimportant, but measurable) performance overhead of\nmemfds for cloning \u003ccode\u003e/proc/self/exe\u003c/code\u003e, we have added a new protection using\n\u003ccode\u003eoverlayfs\u003c/code\u003e that is used if you have enough privileges and the running\nkernel supports it. It has effectively no performance nor memory overhead\n(compared to no cloning at all). (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4448\"\u003e#4448\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe original fix for \u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv\"\u003eCVE-2024-45310\u003c/a\u003e was intentionally very\nlimited in scope to make it easier to review, however it also did not handle\nall possible \u003ccode\u003eos.MkdirAll\u003c/code\u003e cases and thus could lead to regressions. We have\nswitched to the more complete implementation in the newer versions of\n\u003ccode\u003egithub.com/cyphar/filepath-securejoin\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4393\"\u003e#4393\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4400\"\u003e#4400\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4421\"\u003e#4421\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4430\"\u003e#4430\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIn certain situations (a system with lots of mounts or racing mounts) we\ncould accidentally end up leaking mounts from the container into the host.\nThis has been fixed. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4417\"\u003e#4417\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe fallback logic for \u003ccode\u003eO_TMPFILE\u003c/code\u003e clones of \u003ccode\u003e/proc/self/exe\u003c/code\u003e had a minor\nbug that would cause us to miss non-\u003ccode\u003enoexec\u003c/code\u003e directories and thus fail to\nstart containers on some systems. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4444\"\u003e#4444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSometimes the cloned \u003ccode\u003e/proc/self/exe\u003c/code\u003e file descriptor could be placed in a\nway that it would get clobbered by the Go runtime. We had a fix for this\nalready but it turns out it could still break in rare circumstances, but it\nhas now been fixed. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4294\"\u003e#4294\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4452\"\u003e#4452\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIt is not possible for \u003ccode\u003erunc kill\u003c/code\u003e to work properly in some specific\nconfigurations (such as rootless containers with no cgroups and a shared pid\nnamespace). We now output a warning for such configurations. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4398\"\u003e#4398\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ememfd-bind: update the documentation and make path handling with the systemd\nunit more idiomatic. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4428\"\u003e#4428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWe now use v0.16 of Cilium's eBPF library, including fixes that quite a few\ndownstreams asked for. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4397\"\u003e#4397\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4396\"\u003e#4396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSome internal \u003ccode\u003erunc init\u003c/code\u003e synchronisation that was no longer necessary (due\nto the \u003ccode\u003e/proc/self/exe\u003c/code\u003e cloning move to Go) was removed. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4441\"\u003e#4441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0-rc.3] - 2024-09-02\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eThe supreme happiness of life is the conviction that we are loved.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv\"\u003eCVE-2024-45310\u003c/a\u003e, a low-severity attack that allowed\nmaliciously configured containers to create empty files and directories on\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/0b9fa21be2bcba45f6d9d748b4bcf70cfbffbc19\"\u003e\u003ccode\u003e0b9fa21\u003c/code\u003e\u003c/a\u003e VERSION: release v1.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/5190d6124bd65d92468abad364660e5a2978f149\"\u003e\u003ccode\u003e5190d61\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4452\"\u003e#4452\u003c/a\u003e from lifubang/fix-fd-reuse-race\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/ca45a2c52db89dd3dbf04fb10964aa7a7e3e4959\"\u003e\u003ccode\u003eca45a2c\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4446\"\u003e#4446\u003c/a\u003e into opencontainers/runc:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/568231cc4ef4b0c20ff50185c006d48827903fe4\"\u003e\u003ccode\u003e568231c\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;increase memory.max in cgroups.bats\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e66992669172d1b5a10e553dc40a7c1853097d85\"\u003e\u003ccode\u003ee669926\u003c/code\u003e\u003c/a\u003e fix an error caused by fd reuse race when starting runc init\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/ca8ca3ce07403327ecc998cf031b3ec9d22d8c63\"\u003e\u003ccode\u003eca8ca3c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4448\"\u003e#4448\u003c/a\u003e from cyphar/cloned-binary-overlayfs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/08faf151069ed3a54f5d2b2770c09ee644c9d703\"\u003e\u003ccode\u003e08faf15\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4429\"\u003e#4429\u003c/a\u003e from kolyshkin/cap-load\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/515f09f7b1dbd442298132592c7e9689b855dbdf\"\u003e\u003ccode\u003e515f09f\u003c/code\u003e\u003c/a\u003e dmz: use overlayfs to write-protect /proc/self/exe if possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/8cfbccb6d99a1bcfad5b16fb3f0bbca97cb5be4c\"\u003e\u003ccode\u003e8cfbccb\u003c/code\u003e\u003c/a\u003e tests: integration: add helper to check if we're in a userns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/8bebdbafd8e5199d7734747a91ba7e8dd369aca8\"\u003e\u003ccode\u003e8bebdba\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4456\"\u003e#4456\u003c/a\u003e from kolyshkin/misc-ci-cleanups\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.0.2...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/ulikunitz/xz` from 0.5.12 to 0.5.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/7184815834c4777e8fa665946721d5fe114c2c35\"\u003e\u003ccode\u003e7184815\u003c/code\u003e\u003c/a\u003e Preparation of release v0.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2\"\u003e\u003ccode\u003e88ddf1d\u003c/code\u003e\u003c/a\u003e Address Security Issue GHSA-jc7w-c686-c4v9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/c8314b8f21e9c5e25b52da07544cac14db277e89\"\u003e\u003ccode\u003ec8314b8\u003c/code\u003e\u003c/a\u003e Add new package xio with WriteCloserStack\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ulikunitz/xz/compare/v0.5.12...v0.5.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.17.0 to 0.27.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/681b4d8edca1bcfea5bce685d77ea7b82ed3e7b3\"\u003e\u003ccode\u003e681b4d8\u003c/code\u003e\u003c/a\u003e jws: split token into fixed number of parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/3f78298beea38fb76a3fbca33e3056f4b7eb5502\"\u003e\u003ccode\u003e3f78298\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.23.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/109dabf9017129171d1807e485ca5633ecd095ac\"\u003e\u003ccode\u003e109dabf\u003c/code\u003e\u003c/a\u003e endpoints: add links/provider for Discord\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/ac571fa341c2a2b979d2b2c8341fd24767ef5d47\"\u003e\u003ccode\u003eac571fa\u003c/code\u003e\u003c/a\u003e oauth2: fix docs for Config.DeviceAuth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/314ee5b92bf23c4973aa8e61eba3ff458e80eef2\"\u003e\u003ccode\u003e314ee5b\u003c/code\u003e\u003c/a\u003e endpoints: add patreon endpoint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/b9c813be7d0ec3262d46deb8677ba5cda93d95ec\"\u003e\u003ccode\u003eb9c813b\u003c/code\u003e\u003c/a\u003e google: add warning about externally-provided credentials\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/49a531d12a9ad6fa9f5a070d577ac752ada772c9\"\u003e\u003ccode\u003e49a531d\u003c/code\u003e\u003c/a\u003e all: make method and struct comments match the names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/22134a41033e44c2cd074106770ab5b7ca910d15\"\u003e\u003ccode\u003e22134a4\u003c/code\u003e\u003c/a\u003e README: don't recommend go get\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/3e6480915d39dd1a80fa460e56413857f02cc1b9\"\u003e\u003ccode\u003e3e64809\u003c/code\u003e\u003c/a\u003e x/oauth2: add Token.ExpiresIn\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/16a9973a41c72ea3e252e9c14be34fcaa2928211\"\u003e\u003ccode\u003e16a9973\u003c/code\u003e\u003c/a\u003e jwt: rename example to avoid vet error\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/oauth2/compare/v0.17.0...v0.27.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/offsoc/cloudpods/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/offsoc/cloudpods/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/offsoc%2Fcloudpods/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"3363488490","node_id":"PR_kwDOHQjzDM6l0M8P","number":91,"state":"open","title":"build(deps): bump the go_modules group with 7 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-28T14:10:57.000Z","updated_at":"2025-08-28T14:10:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go_modules","update_count":7,"packages":[{"name":"github.com/containerd/containerd","old_version":"1.6.3-0.20220401172941-5ff8fce1fcc6","new_version":"1.6.38","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/docker/buildx","old_version":"0.8.2","new_version":"0.21.3","repository_url":"https://github.com/docker/buildx"},{"name":"github.com/docker/distribution","old_version":"2.8.1+incompatible","new_version":"2.8.3+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/go-git/go-git/v5","old_version":"5.4.2","new_version":"5.13.0","repository_url":"https://github.com/go-git/go-git"},{"name":"github.com/moby/buildkit","old_version":"0.10.2","new_version":"0.20.0","repository_url":"https://github.com/moby/buildkit"},{"name":"google.golang.org/grpc","old_version":"1.46.0","new_version":"1.69.4","repository_url":"https://github.com/grpc/grpc-go"},{"name":"gopkg.in/yaml.v3","old_version":"3.0.0-20210107192922-496545a6307b","new_version":"3.0.1"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 7 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.6.3-0.20220401172941-5ff8fce1fcc6` | `1.6.38` |\n| [github.com/docker/buildx](https://github.com/docker/buildx) | `0.8.2` | `0.21.3` |\n| [github.com/docker/distribution](https://github.com/docker/distribution) | `2.8.1+incompatible` | `2.8.3+incompatible` |\n| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.4.2` | `5.13.0` |\n| [github.com/moby/buildkit](https://github.com/moby/buildkit) | `0.10.2` | `0.20.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.46.0` | `1.69.4` |\n| gopkg.in/yaml.v3 | `3.0.0-20210107192922-496545a6307b` | `3.0.1` |\n\nUpdates `github.com/containerd/containerd` from 1.6.3-0.20220401172941-5ff8fce1fcc6 to 1.6.38\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.6.38\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.6.38 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirty-eighth patch release for containerd 1.6 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix integer overflow in User ID handling (\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg\"\u003eGHSA-265r-hfxg-fhmg\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix fatal map concurrency error in httpstream (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11319\"\u003e#11319\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eAkhil Mohan\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eCraig Ingram\u003c/li\u003e\n\u003cli\u003eKohei Tokunaga\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eningmingxiao\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a\"\u003e\u003ccode\u003ecf158e884\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f\"\u003e\u003ccode\u003e9639b9625\u003c/code\u003e\u003c/a\u003e validate uid/gid\u003c/li\u003e\n\u003cli\u003ePrepare release notes for v1.6.38 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11539\"\u003e#11539\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/eee34bac2c401b3e4381594e99f6220bf8258c9c\"\u003e\u003ccode\u003eeee34bac2\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.6.38\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate build to go1.23.7, test go1.24.1 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11421\"\u003e#11421\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/b67a35baf0a97c87033f1a6c9bdf97630fe4e9e8\"\u003e\u003ccode\u003eb67a35baf\u003c/code\u003e\u003c/a\u003e move exclude-dirs to issues.exclude-dirs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2104a41efece4a12a34e03f00d780e905b95b5a5\"\u003e\u003ccode\u003e2104a41ef\u003c/code\u003e\u003c/a\u003e update golangci-lint to 1.60.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/820e81adccbf3819d282a6597db98bd4df49c12c\"\u003e\u003ccode\u003e820e81adc\u003c/code\u003e\u003c/a\u003e update build to go1.23.7, test go1.24.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove hashicorp/go-multierror dependency and fix CI (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11500\"\u003e#11500\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7cc3b3dcec509f1ce2e5d52887520baa48201c54\"\u003e\u003ccode\u003e7cc3b3dce\u003c/code\u003e\u003c/a\u003e e2e: use the shim bundled with containerd artifact\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0733895f3de3df51fe4e14563ee94a98df1be8dd\"\u003e\u003ccode\u003e0733895f3\u003c/code\u003e\u003c/a\u003e Remove unnecessary joinError unwrap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/054c4cc79c929eecfb9724fd1c3e9f13a4cd5701\"\u003e\u003ccode\u003e054c4cc79\u003c/code\u003e\u003c/a\u003e Remove hashicorp/go-multierror\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ff21be0ee8b274c05a542a096c1042ef63857f09\"\u003e\u003ccode\u003eff21be0ee\u003c/code\u003e\u003c/a\u003e Update go to 1.20 to use its multi error support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/f63b5fd3f9b4b809d94d4a3053c4d76a7753072c\"\u003e\u003ccode\u003ef63b5fd3f\u003c/code\u003e\u003c/a\u003e update containerd/project-checks to 1.2.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix fatal map concurrency error in httpstream (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11319\"\u003e#11319\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/abd1692cf27bcff4590207bdd8a827b06657c446\"\u003e\u003ccode\u003eabd1692cf\u003c/code\u003e\u003c/a\u003e fix fatal error: concurrent map iteration and map write\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containerd/containerd/commits/v1.6.38\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/buildx` from 0.8.2 to 0.21.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/buildx/releases\"\u003egithub.com/docker/buildx's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.21.3\u003c/h2\u003e\n\u003cp\u003eWelcome to the v0.21.3 release of buildx!\u003c/p\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/docker/buildx/issues\"\u003ehttps://github.com/docker/buildx/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eTõnis Tiigi\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNotable Changes\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nThis release contains security fixes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFix possible credential leakage to telemetry endpoint. \u003ca href=\"https://github.com/docker/buildx/security/advisories/GHSA-m4gq-fm9h-8q75\"\u003eGHSA-m4gq-fm9h-8q75\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused fields from local state group that could potentially leak credentials.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003cp\u003ePrevious release can be found at \u003ca href=\"https://github.com/docker/buildx/releases/tag/v0.21.2\"\u003ev0.21.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.21.2\u003c/h2\u003e\n\u003cp\u003eWelcome to the v0.21.2 release of buildx!\u003c/p\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/docker/buildx/issues\"\u003ehttps://github.com/docker/buildx/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLaurent Goderre\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eJonathan A. Sternberg\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNotable Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of attestation extra arguments \u003ca href=\"https://redirect.github.com/docker/buildx/issues/3027\"\u003e#3027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the cache attribute not being skipped when empty with Bake overrides \u003ca href=\"https://redirect.github.com/docker/buildx/issues/3021\"\u003e#3021\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/7b5fecbd7a62d73843f7a73a6d4ec353c0555ef5\"\u003e\u003ccode\u003e7b5fecb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/buildx/issues/3067\"\u003e#3067\u003c/a\u003e from crazy-max/0.21_picks_0.21.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/05f75a5bd5abb5e391b70f9e8226aed9bed69508\"\u003e\u003ccode\u003e05f75a5\u003c/code\u003e\u003c/a\u003e localstate: remove definition and inputs fields from group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/0982070af84d476b232d2d75ab551c3222592db1\"\u003e\u003ccode\u003e0982070\u003c/code\u003e\u003c/a\u003e otel: avoid tracing raw os arguments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/1360a9e8d25a2c3d03c2776d53ae62e6ff0a843d\"\u003e\u003ccode\u003e1360a9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/buildx/issues/3037\"\u003e#3037\u003c/a\u003e from crazy-max/0.21_picks_0.21.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/6019a2b32f3444a282e0540b0492f27b261f826f\"\u003e\u003ccode\u003e6019a2b\u003c/code\u003e\u003c/a\u003e buildflags: skip empty cache entries when parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/6da88e1555db601a28291777ab592193fe5c868b\"\u003e\u003ccode\u003e6da88e1\u003c/code\u003e\u003c/a\u003e Fix handling of attest extra arguments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/41f8e5c85c343f697d47ab79e9bf718bf45d8a64\"\u003e\u003ccode\u003e41f8e5c\u003c/code\u003e\u003c/a\u003e Add attest extra args tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/7c2359c6bf8b3331413c0fe95918fe1cfe9aa127\"\u003e\u003ccode\u003e7c2359c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/buildx/issues/3018\"\u003e#3018\u003c/a\u003e from crazy-max/0.21_picks_0.21.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/65a52b5272ebc22fd43dbd52faf611ad37f5d575\"\u003e\u003ccode\u003e65a52b5\u003c/code\u003e\u003c/a\u003e remove accidental debug\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/34ed52e4ae66478e29c2ca88ac1a3a6ef5a56759\"\u003e\u003ccode\u003e34ed52e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/buildx/issues/3011\"\u003e#3011\u003c/a\u003e from jsternberg/v0.21.0-picks\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/buildx/compare/v0.8.2...v0.21.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/distribution` from 2.8.1+incompatible to 2.8.3+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass \u003ccode\u003eBUILDTAGS\u003c/code\u003e argument to \u003ccode\u003ego build\u003c/code\u003e by \u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable Go build tags by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4009\"\u003edistribution/distribution#4009\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ereference\u003c/code\u003e: replace deprecated function \u003ccode\u003eSplitHostname\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4032\"\u003edistribution/distribution#4032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDont parse errors as JSON unless Content-Type is set to JSON by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4054\"\u003edistribution/distribution#4054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go 1.20.8 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4056\"\u003edistribution/distribution#4056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003eContent-Type\u003c/code\u003e header in registry client \u003ccode\u003eReadFrom\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4053\"\u003edistribution/distribution#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeprecate reference package, migrate to github.com/distribution/reference by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4063\"\u003edistribution/distribution#4063\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edigestset\u003c/code\u003e: deprecate package in favor of \u003ccode\u003ego-digest/digestset\u003c/code\u003e  by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4064\"\u003edistribution/distribution#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not close HTTP request body in HTTP handler by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4068\"\u003edistribution/distribution#4068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd v2.8.3 release notes by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4088\"\u003edistribution/distribution#4088\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4772604ae973031ab32dd9805a4bccf61d94909f\"\u003e\u003ccode\u003e4772604\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4088\"\u003e#4088\u003c/a\u003e from distribution/2.8.3-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a4fa69927538d336b6c537712b03ebb8e4194535\"\u003e\u003ccode\u003ea4fa699\u003c/code\u003e\u003c/a\u003e Add v2.8.3 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/1eb2c30122f5e45360037a9e5191e861b0fb86e6\"\u003e\u003ccode\u003e1eb2c30\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4068\"\u003e#4068\u003c/a\u003e from milosgajdos/2_8-dont-close-request-body\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5e6b1b5c9823f5941f40f8dc2bbf93f86342a897\"\u003e\u003ccode\u003e5e6b1b5\u003c/code\u003e\u003c/a\u003e Do not close HTTP request body in HTTP handler\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b76378843a642c9f92dc0cc528219e103aa9bee\"\u003e\u003ccode\u003e2b76378\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4064\"\u003e#4064\u003c/a\u003e from thaJeztah/2.8_backport_nodigestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/29b00e8b28994a706bb9eb20574ed60416ddc55c\"\u003e\u003ccode\u003e29b00e8\u003c/code\u003e\u003c/a\u003e digestset: deprecate package in favor of go-digest/digestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/d1ab2430e6c6226cf54cb46d9a8c8f253f24f8ec\"\u003e\u003ccode\u003ed1ab243\u003c/code\u003e\u003c/a\u003e [release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/11eb4194f67598afebcc15bf474b488b3c5b09a0\"\u003e\u003ccode\u003e11eb419\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4063\"\u003e#4063\u003c/a\u003e from thaJeztah/2.8_backport_switch_reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/3dda0677474a076ec5746e960fc0fb96ff738fd1\"\u003e\u003ccode\u003e3dda067\u003c/code\u003e\u003c/a\u003e deprecate reference package, migrate to github.com/distribution/reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/da05539ad3168aaba3a0b22aebdbddb3deeba6a2\"\u003e\u003ccode\u003eda05539\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4053\"\u003e#4053\u003c/a\u003e from thaJeztah/2.8_backport_set-content-type-client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.1...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-git/go-git/v5` from 5.4.2 to 5.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-git/go-git/releases\"\u003egithub.com/go-git/go-git/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild: bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 in /cli/go-git by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1065\"\u003ego-git/go-git#1065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/net from 0.22.0 to 0.23.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1068\"\u003ego-git/go-git#1068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/net from 0.23.0 to 0.24.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1071\"\u003ego-git/go-git#1071\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly support skipping of non-mandatory extensions  by \u003ca href=\"https://github.com/codablock\"\u003e\u003ccode\u003e@​codablock\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1066\"\u003ego-git/go-git#1066\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egit: Refine some codes in test and non-test. by \u003ca href=\"https://github.com/onee-only\"\u003e\u003ccode\u003e@​onee-only\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1077\"\u003ego-git/go-git#1077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: protocol/packp, client-side filter capability support by \u003ca href=\"https://github.com/edigaryev\"\u003e\u003ccode\u003e@​edigaryev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1000\"\u003ego-git/go-git#1000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/net from 0.22.0 to 0.23.0 in /cli/go-git by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1078\"\u003ego-git/go-git#1078\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: fix sideband demux on flush by \u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1084\"\u003ego-git/go-git#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estorage: dotgit, head reference usually comes first by \u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1085\"\u003ego-git/go-git#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/text from 0.14.0 to 0.15.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1091\"\u003ego-git/go-git#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/crypto from 0.22.0 to 0.23.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1094\"\u003ego-git/go-git#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/net from 0.24.0 to 0.25.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1093\"\u003ego-git/go-git#1093\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egit: Added an example for Repository.Branches by \u003ca href=\"https://github.com/johnmatthiggins\"\u003e\u003ccode\u003e@​johnmatthiggins\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1088\"\u003ego-git/go-git#1088\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egit: worktree_commit, Modify checking empty commit. Fixes \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/723\"\u003e#723\u003c/a\u003e by \u003ca href=\"https://github.com/onee-only\"\u003e\u003ccode\u003e@​onee-only\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1050\"\u003ego-git/go-git#1050\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: transport/http, Wrap http errors to return reason. Fixes \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1097\"\u003e#1097\u003c/a\u003e by \u003ca href=\"https://github.com/ggambetti\"\u003e\u003ccode\u003e@​ggambetti\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1100\"\u003ego-git/go-git#1100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/sys from 0.20.0 to 0.21.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1106\"\u003ego-git/go-git#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/text from 0.15.0 to 0.16.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1107\"\u003ego-git/go-git#1107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumps Go versions and go-billy by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1056\"\u003ego-git/go-git#1056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e_examples: Fixed a dead link COMPATIBILITY.md by \u003ca href=\"https://github.com/gecko655\"\u003e\u003ccode\u003e@​gecko655\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1109\"\u003ego-git/go-git#1109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump github.com/jessevdk/go-flags from 1.5.0 to 1.6.1 in /cli/go-git by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1115\"\u003ego-git/go-git#1115\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump github.com/elazarl/goproxy from v0.0.0-20230808193330-2592e75ae04a to v0.0.0-20240618083138-03be62527ccb by \u003ca href=\"https://github.com/hbelmiro\"\u003e\u003ccode\u003e@​hbelmiro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1124\"\u003ego-git/go-git#1124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/net from 0.25.0 to 0.26.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1104\"\u003ego-git/go-git#1104\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd option approximating \u003ccode\u003egit clean -x\u003c/code\u003e flag. by \u003ca href=\"https://github.com/msuozzo\"\u003e\u003ccode\u003e@​msuozzo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/995\"\u003ego-git/go-git#995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Add option approximating \u003ccode\u003egit clean -x\u003c/code\u003e flag.\u0026quot; by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1129\"\u003ego-git/go-git#1129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix reference updated concurrently error for the filesystem storer by \u003ca href=\"https://github.com/Javier-varez\"\u003e\u003ccode\u003e@​Javier-varez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1116\"\u003ego-git/go-git#1116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/net from 0.26.0 to 0.27.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1134\"\u003ego-git/go-git#1134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eutils: merkletrie, Align error message with upstream by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1142\"\u003ego-git/go-git#1142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: transport/file, Change paths to absolute by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1141\"\u003ego-git/go-git#1141\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: gitignore, Fix loading of ignored .gitignore files. by \u003ca href=\"https://github.com/Achilleshiel\"\u003e\u003ccode\u003e@​Achilleshiel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1114\"\u003ego-git/go-git#1114\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump github.com/skeema/knownhosts from 1.2.2 to 1.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1147\"\u003ego-git/go-git#1147\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: transport/ssh, Add support for SSH \u003ca href=\"https://github.com/cert-authority\"\u003e\u003ccode\u003e@​cert-authority\u003c/code\u003e\u003c/a\u003e. by \u003ca href=\"https://github.com/Javier-varez\"\u003e\u003ccode\u003e@​Javier-varez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1157\"\u003ego-git/go-git#1157\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: run example tests during CI workflow by \u003ca href=\"https://github.com/crazybolillo\"\u003e\u003ccode\u003e@​crazybolillo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1030\"\u003ego-git/go-git#1030\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estorage: filesystem, Fix object cache not working due to uninitialised objects being put into cache by \u003ca href=\"https://github.com/SatelliteMind\"\u003e\u003ccode\u003e@​SatelliteMind\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1138\"\u003ego-git/go-git#1138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egit: Fix fetching missing commits by \u003ca href=\"https://github.com/AriehSchneier\"\u003e\u003ccode\u003e@​AriehSchneier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1032\"\u003ego-git/go-git#1032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: format/packfile, remove duplicate checks in findMatch() by \u003ca href=\"https://github.com/edigaryev\"\u003e\u003ccode\u003e@​edigaryev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1152\"\u003ego-git/go-git#1152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egit: worktree, Fix file reported as \u003ccode\u003eUntracked\u003c/code\u003e while it is committed by \u003ca href=\"https://github.com/rodrigocam\"\u003e\u003ccode\u003e@​rodrigocam\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1023\"\u003ego-git/go-git#1023\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/sys from 0.22.0 to 0.23.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1160\"\u003ego-git/go-git#1160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: filemode, Remove check for setting size of .git/index file  by \u003ca href=\"https://github.com/nicholasSUSE\"\u003e\u003ccode\u003e@​nicholasSUSE\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1159\"\u003ego-git/go-git#1159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/net from 0.27.0 to 0.28.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1163\"\u003ego-git/go-git#1163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix some lint warning and increase stalebot to 180 days by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1128\"\u003ego-git/go-git#1128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadjust path extracted from file: url on Windows by \u003ca href=\"https://github.com/tomqwpl\"\u003e\u003ccode\u003e@​tomqwpl\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/416\"\u003ego-git/go-git#416\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/sys from 0.23.0 to 0.24.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1164\"\u003ego-git/go-git#1164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RestoreStaged to Worktree that mimics the behaviour of git restore --staged \u003c!-- raw HTML omitted --\u003e... by \u003ca href=\"https://github.com/ben-tbotlabs\"\u003e\u003ccode\u003e@​ben-tbotlabs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/493\"\u003ego-git/go-git#493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: signature, support the same x509 signature formats as git by \u003ca href=\"https://github.com/yoavamit\"\u003e\u003ccode\u003e@​yoavamit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1169\"\u003ego-git/go-git#1169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: allow discovery of non bare repos in fsLoader by \u003ca href=\"https://github.com/jakobmoellerdev\"\u003e\u003ccode\u003e@​jakobmoellerdev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1170\"\u003ego-git/go-git#1170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/sys from 0.24.0 to 0.25.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1178\"\u003ego-git/go-git#1178\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/text from 0.17.0 to 0.18.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1179\"\u003ego-git/go-git#1179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/net from 0.28.0 to 0.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1184\"\u003ego-git/go-git#1184\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/94bd4af1deb15a64e90c6287eaf9e9f09b192a1f\"\u003e\u003ccode\u003e94bd4af\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1261\"\u003e#1261\u003c/a\u003e from BeChris/issue680\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/8b7f5ba6f0cade1a25c5c4ca9e4d07a95c639945\"\u003e\u003ccode\u003e8b7f5ba\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1262\"\u003e#1262\u003c/a\u003e from go-git/dependabot/go_modules/github.com/elazarl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/41d80a059a481d4c623bc8185c41ce82ed8ce985\"\u003e\u003ccode\u003e41d80a0\u003c/code\u003e\u003c/a\u003e build: bump github.com/elazarl/goproxy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/499814044f111480b2a17a07c5a7a4c523ce5b87\"\u003e\u003ccode\u003e4998140\u003c/code\u003e\u003c/a\u003e git: worktree_commit, sanitize author and commiter name and email before crea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/9049625b98bd05edb9f1d00e7ff5da763afc0745\"\u003e\u003ccode\u003e9049625\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1260\"\u003e#1260\u003c/a\u003e from go-git/dependabot/github_actions/github/codeql-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/dae48b4340d1cc6b562ade40b54049584075991f\"\u003e\u003ccode\u003edae48b4\u003c/code\u003e\u003c/a\u003e build: bump github/codeql-action from 3.27.9 to 3.28.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/7d6fbc2c2a05eb6327b298b816bc0c4f854820a6\"\u003e\u003ccode\u003e7d6fbc2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1220\"\u003e#1220\u003c/a\u003e from BeChris/accept_uppercase_hexa_in_pktline_length\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/62a77b7d343dc1ed08d1d691efa13d81788cbc29\"\u003e\u003ccode\u003e62a77b7\u003c/code\u003e\u003c/a\u003e plumbing: Fix invalid reference name error while cloning branches containing ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/5e11196652708f339737b31bf9639373610dd7d1\"\u003e\u003ccode\u003e5e11196\u003c/code\u003e\u003c/a\u003e plumbing: format/pktline, accept upercase hexadecimal value as pktline length...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/65f5e1ade083cfabacc2de4aaa68f7880e22b642\"\u003e\u003ccode\u003e65f5e1a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1256\"\u003e#1256\u003c/a\u003e from go-git/dependabot/go_modules/golang-org-232a611e2d\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-git/go-git/compare/v5.4.2...v5.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/buildkit` from 0.10.2 to 0.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/buildkit/releases\"\u003egithub.com/moby/buildkit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.20.0\u003c/h2\u003e\n\u003cp\u003eWelcome to the v0.20.0 release of buildkit!\u003c/p\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/moby/buildkit/issues\"\u003ehttps://github.com/moby/buildkit/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eTõnis Tiigi\u003c/li\u003e\n\u003cli\u003eSebastiaan van Stijn\u003c/li\u003e\n\u003cli\u003eJonathan A. Sternberg\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAnthony Nandaa\u003c/li\u003e\n\u003cli\u003eShaun Thompson\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eBertrand Paquet\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003ePranav Pandit\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNotable Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuiltin Dockerfile frontend has been updated to \u003ca href=\"https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.14.0\"\u003ev1.14.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGithub Actions cache backend has been updated to support v2 API. Github is expected to stop supporting V1 API from March 1st 2025. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5720\"\u003e#5720\u003c/a\u003e \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5750\"\u003e#5750\u003c/a\u003e \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5754\"\u003e#5754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport for CDI (Container Device Interface) devices has been added allowing builds to use GPUs and other defined devices. Build steps can now request devices to be injected into the container, if they are permitted to do so. In Dockerfile, devices are currently available in the \u003ccode\u003elabs\u003c/code\u003e channel. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/4056\"\u003e#4056\u003c/a\u003e \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5722\"\u003e#5722\u003c/a\u003e \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5726\"\u003e#5726\u003c/a\u003e \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5729\"\u003e#5729\u003c/a\u003e \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5742\"\u003e#5742\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHistory record APIs now support server-side filters and limiting amount of records returned. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5705\"\u003e#5705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Runc to v1.2.5. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5741\"\u003e#5741\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmbedded binfmt emulators in the release image have been updated to QEMU v9.2.0 \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5695\"\u003e#5695\u003c/a\u003e \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5736\"\u003e#5736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix possible errors from credentials expiration for long builds. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5684\"\u003e#5684\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix possible crash from S3 remote cache backend. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5597\"\u003e#5597\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix possible record leak in Bolt database. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5692\"\u003e#5692\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid warning messages when running subrequests (e.g. check, outline) for a specific platform. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5730\"\u003e#5730\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/Azure/azure-sdk-for-go/sdk/azcore\u003c/strong\u003e                v1.11.1 -\u0026gt; v1.16.0\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/Azure/azure-sdk-for-go/sdk/azidentity\u003c/strong\u003e            v1.6.0 -\u0026gt; v1.8.0\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/Azure/azure-sdk-for-go/sdk/internal\u003c/strong\u003e              v1.8.0 -\u0026gt; v1.10.0\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/Azure/azure-sdk-for-go/sdk/storage/azblob\u003c/strong\u003e        v0.4.1 -\u0026gt; v1.5.0\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/AzureAD/microsoft-authentication-library-for-go\u003c/strong\u003e  v1.2.2 -\u0026gt; v1.3.2\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/containerd/cgroups/v3\u003c/strong\u003e                            v3.0.3 -\u0026gt; v3.0.5\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/containerd/fuse-overlayfs-snapshotter/v2\u003c/strong\u003e         v2.1.0 -\u0026gt; v2.1.1\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/containerd/go-cni\u003c/strong\u003e                                v1.1.11 -\u0026gt; v1.1.12\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/docker/cli\u003c/strong\u003e                                       v27.5.0 -\u0026gt; v27.5.1\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/docker/docker\u003c/strong\u003e                                    v27.5.0 -\u0026gt; v27.5.1\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/moby/term\u003c/strong\u003e                                        v0.5.0 -\u0026gt; v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/package-url/packageurl-go\u003c/strong\u003e                        89078438f170 -\u0026gt; v0.1.1\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/petermattis/goid\u003c/strong\u003e                                 4fcff4a6cae7 \u003cstrong\u003e\u003cem\u003enew\u003c/em\u003e\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/121ecd5b9083b8eef32183cd404dd13e15b4a3df\"\u003e\u003ccode\u003e121ecd5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5761\"\u003e#5761\u003c/a\u003e from jsternberg/v0.20.0-picks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/c7153d1eb5912e5ae42571559bd334374f325802\"\u003e\u003ccode\u003ec7153d1\u003c/code\u003e\u003c/a\u003e cache(gha): fix missing user-agent for importer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/c016cdacba9ae85c7f4303e3fb5b5c29ab204f62\"\u003e\u003ccode\u003ec016cda\u003c/code\u003e\u003c/a\u003e cache(gha): set user-agent for github cache service requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/6cad2f9c52af1cb78a0f590a68fe37e968efdba9\"\u003e\u003ccode\u003e6cad2f9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5755\"\u003e#5755\u003c/a\u003e from crazy-max/0.20_backport_rc3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/b0f75aa807a79cee73d0500864144ab5fdf66cea\"\u003e\u003ccode\u003eb0f75aa\u003c/code\u003e\u003c/a\u003e test: handle gha cache v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/5ae6c31b11eaa914efc79bd3cdbe6e03852c3b8a\"\u003e\u003ccode\u003e5ae6c31\u003c/code\u003e\u003c/a\u003e buildctl: set fallback url for gha cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/61f13c08632830f8026d94676fc03607245874a1\"\u003e\u003ccode\u003e61f13c0\u003c/code\u003e\u003c/a\u003e dockerfile: update runc to 1.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/281e8c9d0ef85ff42f3c921673c36aeb0b28508c\"\u003e\u003ccode\u003e281e8c9\u003c/code\u003e\u003c/a\u003e client: test cdi entitlement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/f901bcc6a8376c21e726f180039495883ffa7f21\"\u003e\u003ccode\u003ef901bcc\u003c/code\u003e\u003c/a\u003e cdi: test find devices\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/e500309fc00b24825856d4035d7a432198a433fb\"\u003e\u003ccode\u003ee500309\u003c/code\u003e\u003c/a\u003e cdi: keep auto refresh\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/buildkit/compare/v0.10.2...v0.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.46.0 to 1.69.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.69.4\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003erbac: fix support for :path header matchers, which would previously never successfully match (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7965\"\u003e#7965\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eDocumentation\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexamples/features/csm_observability: update example client and server to use the helloworld service instead of echo service (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7945\"\u003e#7945\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eRelease 1.69.3 was accidentally tagged on the master branch and will be deleted. Please update to 1.69.4 instead.\u003c/p\u003e\n\u003ch2\u003eRelease 1.69.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats/experimental: add type aliases for symbols (\u003ccode\u003eMetrics\u003c/code\u003e/etc) that were moved to the stats package (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7929\"\u003e#7929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eclient: set user-agent string to the correct version.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.69.0\u003c/h2\u003e\n\u003ch1\u003eKnown Issues\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eThe recently added \u003ccode\u003egrpc.NewClient\u003c/code\u003e function is incompatible with forward proxies, because it resolves the target hostname on the client instead of passing the hostname to the proxy. A fix is expected to be a part of grpc-go v1.70. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7556\"\u003e#7556\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats/opentelemetry: Introduce new APIs to enable OpenTelemetry instrumentation for metrics on servers and clients (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7874\"\u003e#7874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exdsclient: add support to fallback to lower priority servers when higher priority ones are down (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7701\"\u003e#7701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edns: Add support for link local IPv6 addresses (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7889\"\u003e#7889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe new experimental \u003ccode\u003epickfirst\u003c/code\u003e LB policy (disabled by default) supports Happy Eyeballs, interleaving IPv4 and IPv6 address as described in \u003ca href=\"https://www.rfc-editor.org/rfc/rfc8305#section-4\"\u003eRFC-8305 section 4\u003c/a\u003e, to attempt connections to multiple backends concurrently. The experimental \u003ccode\u003epickfirst\u003c/code\u003e policy can be enabled by setting the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST\u003c/code\u003e to \u003ccode\u003etrue\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7725\"\u003e#7725\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7742\"\u003e#7742\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/pickfirst: Emit metrics from the \u003ccode\u003epick_first\u003c/code\u003e load balancing policy (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7839\"\u003e#7839\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003egrpc: export \u003ccode\u003eMethodHandler\u003c/code\u003e, which is the type of an already-exported field in \u003ccode\u003eMethodDesc\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7796\"\u003e#7796\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/mohdjishin\"\u003e\u003ccode\u003e@​mohdjishin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/google: set scope for application default credentials (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7887\"\u003e#7887\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/halvards\"\u003e\u003ccode\u003e@​halvards\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: fix edge-case issues where some clients or servers would not initialize correctly or would not receive errors when resources are invalid or unavailable if another channel or server with the same target was already in use . (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7851\"\u003e#7851\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7853\"\u003e#7853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eexamples: fix the debugging example, which was broken by a recent change (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: update retry attempt backoff to apply jitter per updates to \u003ca href=\"https://github.com/grpc/proposal/blob/master/A6-client-retries.md\"\u003egRFC A6\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7869\"\u003e#7869\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/isgj\"\u003e\u003ccode\u003e@​isgj\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ebalancer/weightedroundrobin: use the \u003ccode\u003epick_first\u003c/code\u003e LB policy to manage connections (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7826\"\u003e#7826\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer: An internal method is added to the \u003ccode\u003ebalancer.SubConn\u003c/code\u003e interface to force implementors to embed a delegate implementation. This requirement is present in the interface documentation, but wasn't enforced earlier. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7840\"\u003e#7840\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: implement a \u003ccode\u003eReadAll()\u003c/code\u003e method for more efficient \u003ccode\u003eio.Reader\u003c/code\u003e consumption (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7653\"\u003e#7653\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/ash2k\"\u003e\u003ccode\u003e@​ash2k\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/4103cfc52a951673d441f8b2c02eee96e31f1897\"\u003e\u003ccode\u003e4103cfc\u003c/code\u003e\u003c/a\u003e Change version to 1.69.4 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8005\"\u003e#8005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/cf6ddaa06db9da8bcdc23e682b72dcf831abfda8\"\u003e\u003ccode\u003ecf6ddaa\u003c/code\u003e\u003c/a\u003e Change version to 1.69.4-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8001\"\u003e#8001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/94a0c2cbfc5fa21cdc3f2a3eecad7f5ae5e23e99\"\u003e\u003ccode\u003e94a0c2c\u003c/code\u003e\u003c/a\u003e Change version to 1.69.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8000\"\u003e#8000\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/ec415604a2f817c7c44fbadfa3f7983c9f6ab8d5\"\u003e\u003ccode\u003eec41560\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7965\"\u003e#7965\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7945\"\u003e#7945\u003c/a\u003e to v1.69.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7996\"\u003e#7996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/3b328ba4d21148e7d4526e938b0b2cde611b388f\"\u003e\u003ccode\u003e3b328ba\u003c/code\u003e\u003c/a\u003e Change version to 1.69.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7948\"\u003e#7948\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/b615b35c4feb932a0ac658fb86b7127f10ef664e\"\u003e\u003ccode\u003eb615b35\u003c/code\u003e\u003c/a\u003e Change version to 1.69.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7947\"\u003e#7947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6b36a3e60ae03bc1aebf3f3e6bce58a2bc496ded\"\u003e\u003ccode\u003e6b36a3e\u003c/code\u003e\u003c/a\u003e experimental/stats: re-add type aliases for migration (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7929\"\u003e#7929\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7941\"\u003e#7941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/4535c6d2699749b5cd423e07caa7459fa42a76a7\"\u003e\u003ccode\u003e4535c6d\u003c/code\u003e\u003c/a\u003e Change version to 1.69.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7928\"\u003e#7928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/b6e7c72ece4bc35a2fd79952cee6305a7ce5aaef\"\u003e\u003ccode\u003eb6e7c72\u003c/code\u003e\u003c/a\u003e examples/features/csm_observability: Make CSM Observability example server li...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9355fbcc19aca55a3b6803626cb9f26f2ac7874e\"\u003e\u003ccode\u003e9355fbc\u003c/code\u003e\u003c/a\u003e Change version to 1.69.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7927\"\u003e#7927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.46.0...v1.69.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gopkg.in/yaml.v3` from 3.0.0-20210107192922-496545a6307b to 3.0.1\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/cpuguy83/dagger/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/cpuguy83/dagger/pull/91","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cpuguy83%2Fdagger/issues/91","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/91/packages"},{"uuid":"2781922639","node_id":"PR_kwDOJG5hFs6l0MVP","number":32,"state":"open","title":"Bump the go_modules group with 10 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-28T14:10:18.000Z","updated_at":"2025-08-28T14:10:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":10,"packages":[{"name":"github.com/jaegertracing/jaeger","old_version":"1.38.2-0.20221007043206-b4c88ddf6cdd","new_version":"1.47.0","repository_url":"https://github.com/jaegertracing/jaeger"},{"name":"github.com/ClickHouse/ch-go","old_version":"0.47.3","new_version":"0.65.0","repository_url":"https://github.com/ClickHouse/ch-go"},{"name":"github.com/containerd/containerd","old_version":"1.5.0-beta.4","new_version":"1.6.38","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/docker/docker","old_version":"20.10.7+incompatible","new_version":"28.0.0+incompatible","repository_url":"https://github.com/docker/docker"},{"name":"github.com/opencontainers/image-spec","old_version":"1.0.1","new_version":"1.1.0","repository_url":"https://github.com/opencontainers/image-spec"},{"name":"golang.org/x/net","old_version":"0.0.0-20221002022538-bcab6841153b","new_version":"0.26.0","repository_url":"https://github.com/golang/net"},{"name":"golang.org/x/text","old_version":"0.3.7","new_version":"0.16.0","repository_url":"https://github.com/golang/text"},{"name":"google.golang.org/grpc","old_version":"1.50.0","new_version":"1.59.0","repository_url":"https://github.com/grpc/grpc-go"},{"name":"google.golang.org/protobuf","old_version":"1.28.1","new_version":"1.33.0"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 10 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/jaegertracing/jaeger](https://github.com/jaegertracing/jaeger) | `1.38.2-0.20221007043206-b4c88ddf6cdd` | `1.47.0` |\n| [github.com/ClickHouse/ch-go](https://github.com/ClickHouse/ch-go) | `0.47.3` | `0.65.0` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.5.0-beta.4` | `1.6.38` |\n| [github.com/docker/distribution](https://github.com/docker/distribution) | `2.7.1+incompatible` | `2.8.2+incompatible` |\n| [github.com/docker/docker](https://github.com/docker/docker) | `20.10.7+incompatible` | `28.0.0+incompatible` |\n| [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec) | `1.0.1` | `1.1.0` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.0.0-20221002022538-bcab6841153b` | `0.26.0` |\n| [golang.org/x/text](https://github.com/golang/text) | `0.3.7` | `0.16.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.50.0` | `1.59.0` |\n| google.golang.org/protobuf | `1.28.1` | `1.33.0` |\n\nUpdates `github.com/jaegertracing/jaeger` from 1.38.2-0.20221007043206-b4c88ddf6cdd to 1.47.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jaegertracing/jaeger/releases\"\u003egithub.com/jaegertracing/jaeger's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.47.0\u003c/h2\u003e\n\u003ch2\u003e1.47.0 (2023-07-05)\u003c/h2\u003e\n\u003ch3\u003eBackend Changes\u003c/h3\u003e\n\u003ch4\u003e⛔ Breaking Changes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e[SPM] Due to a breaking change in OpenTelemetry's prometheus exporter (\u003ca href=\"https://github.com/open-telemetry/opentelemetry-collector-contrib/releases/tag/v0.80.0\"\u003edetails\u003c/a\u003e)\nmetric names will no longer be normalized by default, meaning that the expected metric names would be \u003ccode\u003ecalls\u003c/code\u003e and\n\u003ccode\u003eduration_[buckets|count|sum]\u003c/code\u003e. Backwards compatibility with older OpenTelemetry Collector versions can be achieved through the following flags:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eprometheus.query.normalize-calls\u003c/code\u003e: If true, normalizes the \u0026quot;calls\u0026quot; metric name. e.g. \u0026quot;calls_total\u0026quot;.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eprometheus.query.normalize-duration\u003c/code\u003e: If true, normalizes the \u0026quot;duration\u0026quot; metric name to include the duration units. e.g. \u0026quot;duration_milliseconds_bucket\u0026quot;.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eNew Features\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e[Cassandra] Add Configuration.Close() to ensure TLS cert watcher is closed (\u003ca href=\"https://github.com/kennyaz\"\u003e\u003ccode\u003e@​kennyaz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4515\"\u003e#4515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd *.kerberos.disable-fast-negotiation option to Kafka consumer (\u003ca href=\"https://github.com/pmuls99\"\u003e\u003ccode\u003e@​pmuls99\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4520\"\u003e#4520\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Prometheus normalization for specific metrics related to OpenTelemetry compatibility (\u003ca href=\"https://github.com/albertteoh\"\u003e\u003ccode\u003e@​albertteoh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4555\"\u003e#4555\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBug fixes, Minor Improvements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd readme for memstore plugin (\u003ca href=\"https://github.com/yurishkuro\"\u003e\u003ccode\u003e@​yurishkuro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/jaegertracing/jaeger/commit/283bdd93cbb4a467842625d8eb320722fcb83494\"\u003e283bdd9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePass a wrapper instead of \u003ccode\u003eopentracing.Tracer\u003c/code\u003e to ease migration to OTEL in the future [part 1] (\u003ca href=\"https://github.com/afzalbin64\"\u003e\u003ccode\u003e@​afzalbin64\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4529\"\u003e#4529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotROD] Add OTEL instrumentation to customer svc (\u003ca href=\"https://github.com/afzal442\"\u003e\u003ccode\u003e@​afzal442\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4559\"\u003e#4559\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotROD] Replace gRPC instrumentation with OTEL (\u003ca href=\"https://github.com/afzal442\"\u003e\u003ccode\u003e@​afzal442\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4558\"\u003e#4558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotROD]: Upgrade \u003ccode\u003eredis\u003c/code\u003e service to use native OTEL instrumentation (\u003ca href=\"https://github.com/afzal442\"\u003e\u003ccode\u003e@​afzal442\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4533\"\u003e#4533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotROD] Fix OTEL logging in HotRod example (\u003ca href=\"https://github.com/albertteoh\"\u003e\u003ccode\u003e@​albertteoh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4556\"\u003e#4556\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotrod] Reduce span exporter's batch timeout to let the spans be exported sooner (\u003ca href=\"https://github.com/GLVSKiriti\"\u003e\u003ccode\u003e@​GLVSKiriti\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4518\"\u003e#4518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[tracegen] Add options to generate more spans and attributes for additional use cases (\u003ca href=\"https://github.com/yurishkuro\"\u003e\u003ccode\u003e@​yurishkuro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4535\"\u003e#4535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBuild improvement to rebuild jaeger-ui if the tree does not match any tag (\u003ca href=\"https://github.com/bobrik\"\u003e\u003ccode\u003e@​bobrik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4553\"\u003e#4553\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Test] Fixed a race condition causing unit test failure by changing the logging  (\u003ca href=\"https://github.com/yurishkuro\"\u003e\u003ccode\u003e@​yurishkuro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4546\"\u003e#4546\u003c/a\u003e) resolves \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/issues/4497\"\u003e#4497\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eUI Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUI pinned to version \u003ca href=\"https://github.com/jaegertracing/jaeger-ui/blob/main/CHANGELOG.md#v1310-2023-07-05\"\u003e1.31.0\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.46.0\u003c/h2\u003e\n\u003ch3\u003eBackend Changes\u003c/h3\u003e\n\u003ch4\u003e⛔ Breaking Changes\u003c/h4\u003e\n\u003cp\u003eOTLP receiver is now enabled by default (\u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4494\"\u003e#4494\u003c/a\u003e). This change follows the Jaeger's strategic direction of aligning closely with the OpenTelemetry project. This may cause port conflicts if  \u003ccode\u003ejaeger-collector\u003c/code\u003e is depoyed in host network namespace. The original \u003ccode\u003e--collector.otlp.enabled\u003c/code\u003e option is still available and MUST be set to \u003ccode\u003efalse\u003c/code\u003e if OTLP receiver is not desired.\u003c/p\u003e\n\u003ch4\u003eNew Features\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eMake OTLP receiver enabled by default (\u003ca href=\"https://github.com/yurishkuro\"\u003e\u003ccode\u003e@​yurishkuro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4494\"\u003e#4494\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[SPM] Add support for OpenTelemetry SpanMetrics Connector (\u003ca href=\"https://github.com/albertteoh\"\u003e\u003ccode\u003e@​albertteoh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4452\"\u003e#4452\u003c/a\u003e). See \u003ca href=\"https://github.com/jaegertracing/jaeger/blob/main/docker-compose/monitor/README.md#migrating\"\u003eMigration README\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBug fixes, Minor Improvements\u003c/h4\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jaegertracing/jaeger/blob/main/CHANGELOG.md\"\u003egithub.com/jaegertracing/jaeger's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.47.0 (2023-07-05)\u003c/h2\u003e\n\u003ch3\u003eBackend Changes\u003c/h3\u003e\n\u003ch4\u003e⛔ Breaking Changes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e[SPM] Due to a breaking change in OpenTelemetry's prometheus exporter (\u003ca href=\"https://github.com/open-telemetry/opentelemetry-collector-contrib/releases/tag/v0.80.0\"\u003edetails\u003c/a\u003e)\nmetric names will no longer be normalized by default, meaning that the expected metric names would be \u003ccode\u003ecalls\u003c/code\u003e and\n\u003ccode\u003eduration_*\u003c/code\u003e. Backwards compatibility with older OpenTelemetry Collector versions can be achieved through the following flags:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eprometheus.query.normalize-calls\u003c/code\u003e: If true, normalizes the \u0026quot;calls\u0026quot; metric name. e.g. \u0026quot;calls_total\u0026quot;.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eprometheus.query.normalize-duration\u003c/code\u003e: If true, normalizes the \u0026quot;duration\u0026quot; metric name to include the duration units. e.g. \u0026quot;duration_milliseconds_bucket\u0026quot;.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eNew Features\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e[Cassandra] Add Configuration.Close() to ensure TLS cert watcher is closed (\u003ca href=\"https://github.com/kennyaz\"\u003e\u003ccode\u003e@​kennyaz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4515\"\u003e#4515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd *.kerberos.disable-fast-negotiation option to Kafka consumer (\u003ca href=\"https://github.com/pmuls99\"\u003e\u003ccode\u003e@​pmuls99\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4520\"\u003e#4520\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Prometheus normalization for specific metrics related to OpenTelemetry compatibility (\u003ca href=\"https://github.com/albertteoh\"\u003e\u003ccode\u003e@​albertteoh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4555\"\u003e#4555\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBug fixes, Minor Improvements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd readme for memstore plugin (\u003ca href=\"https://github.com/yurishkuro\"\u003e\u003ccode\u003e@​yurishkuro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/jaegertracing/jaeger/commit/283bdd93cbb4a467842625d8eb320722fcb83494\"\u003e283bdd9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePass a wrapper instead of \u003ccode\u003eopentracing.Tracer\u003c/code\u003e to ease migration to OTEL in the future [part 1] (\u003ca href=\"https://github.com/afzalbin64\"\u003e\u003ccode\u003e@​afzalbin64\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4529\"\u003e#4529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotROD] Add OTEL instrumentation to customer svc (\u003ca href=\"https://github.com/afzal442\"\u003e\u003ccode\u003e@​afzal442\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4559\"\u003e#4559\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotROD] Replace gRPC instrumentation with OTEL (\u003ca href=\"https://github.com/afzal442\"\u003e\u003ccode\u003e@​afzal442\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4558\"\u003e#4558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotROD]: Upgrade \u003ccode\u003eredis\u003c/code\u003e service to use native OTEL instrumentation (\u003ca href=\"https://github.com/afzal442\"\u003e\u003ccode\u003e@​afzal442\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4533\"\u003e#4533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotROD] Fix OTEL logging in HotRod example (\u003ca href=\"https://github.com/albertteoh\"\u003e\u003ccode\u003e@​albertteoh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4556\"\u003e#4556\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotrod] Reduce span exporter's batch timeout to let the spans be exported sooner (\u003ca href=\"https://github.com/GLVSKiriti\"\u003e\u003ccode\u003e@​GLVSKiriti\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4518\"\u003e#4518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[tracegen] Add options to generate more spans and attributes for additional use cases (\u003ca href=\"https://github.com/yurishkuro\"\u003e\u003ccode\u003e@​yurishkuro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4535\"\u003e#4535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBuild improvement to rebuild jaeger-ui if the tree does not match any tag (\u003ca href=\"https://github.com/bobrik\"\u003e\u003ccode\u003e@​bobrik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4553\"\u003e#4553\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Test] Fixed a race condition causing unit test failure by changing the logging  (\u003ca href=\"https://github.com/yurishkuro\"\u003e\u003ccode\u003e@​yurishkuro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4546\"\u003e#4546\u003c/a\u003e) resolves \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/issues/4497\"\u003e#4497\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eUI Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUI pinned to version \u003ca href=\"https://github.com/jaegertracing/jaeger-ui/blob/main/CHANGELOG.md#v1310-2023-07-05\"\u003e1.31.0\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.46.0 (2023-06-05)\u003c/h2\u003e\n\u003ch3\u003eBackend Changes\u003c/h3\u003e\n\u003ch4\u003e⛔ Breaking Changes\u003c/h4\u003e\n\u003cp\u003eOTLP receiver is now enabled by default (\u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4494\"\u003e#4494\u003c/a\u003e). This change follows the Jaeger's strategic direction of aligning closely with the OpenTelemetry project. This may cause port conflicts if  \u003ccode\u003ejaeger-collector\u003c/code\u003e is depoyed in host network namespace. The original \u003ccode\u003e--collector.otlp.enabled\u003c/code\u003e option is still available and MUST be set to \u003ccode\u003efalse\u003c/code\u003e if OTLP receiver is not desired.\u003c/p\u003e\n\u003ch4\u003eNew Features\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eMake OTLP receiver enabled by default (\u003ca href=\"https://github.com/yurishkuro\"\u003e\u003ccode\u003e@​yurishkuro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4494\"\u003e#4494\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[SPM] Add support for OpenTelemetry SpanMetrics Connector (\u003ca href=\"https://github.com/albertteoh\"\u003e\u003ccode\u003e@​albertteoh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4452\"\u003e#4452\u003c/a\u003e). See \u003ca href=\"https://github.com/jaegertracing/jaeger/blob/main/docker-compose/monitor/README.md#migrating\"\u003eMigration README\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBug fixes, Minor Improvements\u003c/h4\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jaegertracing/jaeger/commits/v1.47.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/ClickHouse/ch-go` from 0.47.3 to 0.65.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ClickHouse/ch-go/releases\"\u003egithub.com/ClickHouse/ch-go's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.65.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eperf(compress.writer): allow creating a compress.writer with custom supported methods by \u003ca href=\"https://github.com/pablomatiasgomez\"\u003e\u003ccode\u003e@​pablomatiasgomez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1039\"\u003eClickHouse/ch-go#1039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eperf(compressor): reduce memory by using new compression code by \u003ca href=\"https://github.com/SpencerTorres\"\u003e\u003ccode\u003e@​SpencerTorres\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1040\"\u003eClickHouse/ch-go#1040\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(compressor): fixing an overflow that could potentially smuggle query in from data by \u003ca href=\"https://github.com/santrancisco\"\u003e\u003ccode\u003e@​santrancisco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1041\"\u003eClickHouse/ch-go#1041\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBreaking change if you were manually using the \u003ccode\u003eWriter\u003c/code\u003e from the \u003ccode\u003ecompress\u003c/code\u003e package.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pablomatiasgomez\"\u003e\u003ccode\u003e@​pablomatiasgomez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1039\"\u003eClickHouse/ch-go#1039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/santrancisco\"\u003e\u003ccode\u003e@​santrancisco\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1041\"\u003eClickHouse/ch-go#1041\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ClickHouse/ch-go/compare/v0.64.1...v0.65.0\"\u003ehttps://github.com/ClickHouse/ch-go/compare/v0.64.1...v0.65.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.64.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: add LowCardinality(String) example by \u003ca href=\"https://github.com/ernado\"\u003e\u003ccode\u003e@​ernado\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1036\"\u003eClickHouse/ch-go#1036\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expose underlying string column for json by \u003ca href=\"https://github.com/SpencerTorres\"\u003e\u003ccode\u003e@​SpencerTorres\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1037\"\u003eClickHouse/ch-go#1037\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ClickHouse/ch-go/compare/v0.64.0...v0.64.1\"\u003ehttps://github.com/ClickHouse/ch-go/compare/v0.64.0...v0.64.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.64.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: upd version list by \u003ca href=\"https://github.com/ernado\"\u003e\u003ccode\u003e@​ernado\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/938\"\u003eClickHouse/ch-go#938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: col_datetime add appendraw method by \u003ca href=\"https://github.com/lzf575\"\u003e\u003ccode\u003e@​lzf575\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/957\"\u003eClickHouse/ch-go#957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update version list by \u003ca href=\"https://github.com/ernado\"\u003e\u003ccode\u003e@​ernado\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1035\"\u003eClickHouse/ch-go#1035\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: json string column by \u003ca href=\"https://github.com/SpencerTorres\"\u003e\u003ccode\u003e@​SpencerTorres\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1034\"\u003eClickHouse/ch-go#1034\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lzf575\"\u003e\u003ccode\u003e@​lzf575\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/957\"\u003eClickHouse/ch-go#957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SpencerTorres\"\u003e\u003ccode\u003e@​SpencerTorres\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1034\"\u003eClickHouse/ch-go#1034\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ClickHouse/ch-go/compare/v0.63.1...v0.64.0\"\u003ehttps://github.com/ClickHouse/ch-go/compare/v0.63.1...v0.64.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.63.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(proto): properly handle \u003ccode\u003eEnum8\u003c/code\u003e and \u003ccode\u003eEnum8(...)\u003c/code\u003e in conflicts checker by \u003ca href=\"https://github.com/tdakkota\"\u003e\u003ccode\u003e@​tdakkota\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/438\"\u003eClickHouse/ch-go#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ClickHouse/ch-go/compare/v0.63.0...v0.63.1\"\u003ehttps://github.com/ClickHouse/ch-go/compare/v0.63.0...v0.63.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/0e835663df32b09b828528c07a5507686e6d975e\"\u003e\u003ccode\u003e0e83566\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/issues/1041\"\u003e#1041\u003c/a\u003e from ClickHouse/fix_potential_overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/b64209fc5e8ddc3220b78e352c21d667a8e633f0\"\u003e\u003ccode\u003eb64209f\u003c/code\u003e\u003c/a\u003e refactor: simplify overflow check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/05fba0ab7c1a07a029128507a82c114410bacfbe\"\u003e\u003ccode\u003e05fba0a\u003c/code\u003e\u003c/a\u003e fix(security): overflow that could smuggle query\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/aadb7ee466420d129b25a23755dfdc0527edbb47\"\u003e\u003ccode\u003eaadb7ee\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/issues/1040\"\u003e#1040\u003c/a\u003e from ClickHouse/compressor_etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/65a3012cbddbe31df00270c3ef32b4a81b908654\"\u003e\u003ccode\u003e65a3012\u003c/code\u003e\u003c/a\u003e perf(compressor): use new compression code, refactor/optimize\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/4cdb83a7871f7b52527a32012e17422a9a4d1955\"\u003e\u003ccode\u003e4cdb83a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/issues/1039\"\u003e#1039\u003c/a\u003e from pablomatiasgomez/allow-creating-compressor-with...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/b9258c079e6ff8f83420a2377ad55e493ef72d78\"\u003e\u003ccode\u003eb9258c0\u003c/code\u003e\u003c/a\u003e perf(compress.writer): revert back to ifs in NewWriterWithMethods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/743c9d73a26ee42d7602e33637b635b4bd107058\"\u003e\u003ccode\u003e743c9d7\u003c/code\u003e\u003c/a\u003e perf(compress.writer): use %s instead of %v\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/b26ebf40672f968c7cd2035675d995e7a1399ada\"\u003e\u003ccode\u003eb26ebf4\u003c/code\u003e\u003c/a\u003e perf(compress.writer): revert nil check and use fixed length array\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/1d4ba4793a008d5daca14a199351902018a4c80a\"\u003e\u003ccode\u003e1d4ba47\u003c/code\u003e\u003c/a\u003e perf(compress.writer): remove methods map and instaed do nil check\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ClickHouse/ch-go/compare/v0.47.3...v0.65.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.5.0-beta.4 to 1.6.38\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.6.38\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.6.38 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirty-eighth patch release for containerd 1.6 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix integer overflow in User ID handling (\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg\"\u003eGHSA-265r-hfxg-fhmg\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix fatal map concurrency error in httpstream (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11319\"\u003e#11319\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eAkhil Mohan\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eCraig Ingram\u003c/li\u003e\n\u003cli\u003eKohei Tokunaga\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eningmingxiao\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a\"\u003e\u003ccode\u003ecf158e884\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f\"\u003e\u003ccode\u003e9639b9625\u003c/code\u003e\u003c/a\u003e validate uid/gid\u003c/li\u003e\n\u003cli\u003ePrepare release notes for v1.6.38 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11539\"\u003e#11539\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/eee34bac2c401b3e4381594e99f6220bf8258c9c\"\u003e\u003ccode\u003eeee34bac2\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.6.38\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate build to go1.23.7, test go1.24.1 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11421\"\u003e#11421\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/b67a35baf0a97c87033f1a6c9bdf97630fe4e9e8\"\u003e\u003ccode\u003eb67a35baf\u003c/code\u003e\u003c/a\u003e move exclude-dirs to issues.exclude-dirs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2104a41efece4a12a34e03f00d780e905b95b5a5\"\u003e\u003ccode\u003e2104a41ef\u003c/code\u003e\u003c/a\u003e update golangci-lint to 1.60.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/820e81adccbf3819d282a6597db98bd4df49c12c\"\u003e\u003ccode\u003e820e81adc\u003c/code\u003e\u003c/a\u003e update build to go1.23.7, test go1.24.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove hashicorp/go-multierror dependency and fix CI (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11500\"\u003e#11500\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7cc3b3dcec509f1ce2e5d52887520baa48201c54\"\u003e\u003ccode\u003e7cc3b3dce\u003c/code\u003e\u003c/a\u003e e2e: use the shim bundled with containerd artifact\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0733895f3de3df51fe4e14563ee94a98df1be8dd\"\u003e\u003ccode\u003e0733895f3\u003c/code\u003e\u003c/a\u003e Remove unnecessary joinError unwrap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/054c4cc79c929eecfb9724fd1c3e9f13a4cd5701\"\u003e\u003ccode\u003e054c4cc79\u003c/code\u003e\u003c/a\u003e Remove hashicorp/go-multierror\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ff21be0ee8b274c05a542a096c1042ef63857f09\"\u003e\u003ccode\u003eff21be0ee\u003c/code\u003e\u003c/a\u003e Update go to 1.20 to use its multi error support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/f63b5fd3f9b4b809d94d4a3053c4d76a7753072c\"\u003e\u003ccode\u003ef63b5fd3f\u003c/code\u003e\u003c/a\u003e update containerd/project-checks to 1.2.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix fatal map concurrency error in httpstream (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11319\"\u003e#11319\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/abd1692cf27bcff4590207bdd8a827b06657c446\"\u003e\u003ccode\u003eabd1692cf\u003c/code\u003e\u003c/a\u003e fix fatal error: concurrent map iteration and map write\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a\"\u003e\u003ccode\u003ecf158e8\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e0c4dd99038f01a6dbc4befbfb1fd6aae428a07e\"\u003e\u003ccode\u003ee0c4dd9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/11539\"\u003e#11539\u003c/a\u003e from dmcgowan/prepare-1.6.38\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/eee34bac2c401b3e4381594e99f6220bf8258c9c\"\u003e\u003ccode\u003eeee34ba\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.6.38\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f\"\u003e\u003ccode\u003e9639b96\u003c/code\u003e\u003c/a\u003e validate uid/gid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7b54421bc71c5d3787ba56d7617fcc13a3f213a7\"\u003e\u003ccode\u003e7b54421\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/11421\"\u003e#11421\u003c/a\u003e from akhilerm/1.6-update-go1.24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/b67a35baf0a97c87033f1a6c9bdf97630fe4e9e8\"\u003e\u003ccode\u003eb67a35b\u003c/code\u003e\u003c/a\u003e move exclude-dirs to issues.exclude-dirs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2104a41efece4a12a34e03f00d780e905b95b5a5\"\u003e\u003ccode\u003e2104a41\u003c/code\u003e\u003c/a\u003e update golangci-lint to 1.60.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/820e81adccbf3819d282a6597db98bd4df49c12c\"\u003e\u003ccode\u003e820e81a\u003c/code\u003e\u003c/a\u003e update build to go1.23.7, test go1.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/176129f846a6ac4c238a752699d2cfbcf72dcdff\"\u003e\u003ccode\u003e176129f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/11500\"\u003e#11500\u003c/a\u003e from djdongjin/1-6-remove-hashi-multierror\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7cc3b3dcec509f1ce2e5d52887520baa48201c54\"\u003e\u003ccode\u003e7cc3b3d\u003c/code\u003e\u003c/a\u003e e2e: use the shim bundled with containerd artifact\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.5.0-beta.4...v1.6.38\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker` from 20.10.7+incompatible to 28.0.0+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/docker/releases\"\u003egithub.com/docker/docker's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev28.0.0\u003c/h2\u003e\n\u003ch1\u003e28.0.0\u003c/h1\u003e\n\u003cp\u003eFor a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.0.0\"\u003edocker/cli, 28.0.0 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.0.0\"\u003emoby/moby, 28.0.0 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecated and removed features, see \u003ca href=\"https://github.com/docker/cli/blob/v28.0.0/docs/deprecated.md\"\u003eDeprecated Features\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eChanges to the Engine API, see \u003ca href=\"https://github.com/moby/moby/blob/v28.0.0/docs/api/version-history.md\"\u003eAPI version history\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ability to mount an image inside a container via \u003ccode\u003e--mount type=image\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48798\"\u003emoby/moby#48798\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eYou can also specify \u003ccode\u003e--mount type=image,image-subpath=[subpath],...\u003c/code\u003e option to mount a specific path from the image. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5755\"\u003edocker/cli#5755\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker images --tree\u003c/code\u003e now shows metadata badges. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5744\"\u003edocker/cli#5744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker load\u003c/code\u003e, \u003ccode\u003edocker save\u003c/code\u003e, and \u003ccode\u003edocker history\u003c/code\u003e now support a \u003ccode\u003e--platform\u003c/code\u003e flag allowing you to choose a specific platform for single-platform operations on multi-platform images. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5331\"\u003edocker/cli#5331\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eOOMScoreAdj\u003c/code\u003e to \u003ccode\u003edocker service create\u003c/code\u003e and \u003ccode\u003edocker stack\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5145\"\u003edocker/cli#5145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker buildx prune\u003c/code\u003e now supports \u003ccode\u003ereserved-space\u003c/code\u003e, \u003ccode\u003emax-used-space\u003c/code\u003e, \u003ccode\u003emin-free-space\u003c/code\u003e and \u003ccode\u003ekeep-bytes\u003c/code\u003e filters. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48720\"\u003emoby/moby#48720\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWindows: Add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47955\"\u003emoby/moby#47955\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNetworking\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edocker-proxy\u003c/code\u003e binary has been updated, older versions will not work with the updated \u003ccode\u003edockerd\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48132\"\u003emoby/moby#48132\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eClose a window in which the userland proxy (\u003ccode\u003edocker-proxy\u003c/code\u003e) could accept TCP connections, that would then fail after \u003ccode\u003eiptables\u003c/code\u003e NAT rules were set up.\u003c/li\u003e\n\u003cli\u003eThe executable \u003ccode\u003erootlesskit-docker-proxy\u003c/code\u003e is no longer used, it has been removed from the build and distribution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDNS nameservers read from the host's \u003ccode\u003e/etc/resolv.conf\u003c/code\u003e are now always accessed from the host's network namespace. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48290\"\u003emoby/moby#48290\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eWhen the host's \u003ccode\u003e/etc/resolv.conf\u003c/code\u003e contains no nameservers and there are no \u003ccode\u003e--dns\u003c/code\u003e overrides, Google's DNS servers are no longer used, apart from by the default bridge network and in build containers.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eContainer interfaces in bridge and macvlan networks now use randomly generated MAC addresses. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48808\"\u003emoby/moby#48808\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eGratuitous ARP / Neighbour Advertisement messages will be sent when the interfaces are started so that, when IP addresses are reused, they're associated with the newly generated MAC address.\u003c/li\u003e\n\u003cli\u003eIPv6 addresses in the default bridge network are now IPAM-assigned, rather than being derived from the MAC address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eThe deprecated OCI \u003ccode\u003eprestart\u003c/code\u003e hook is now only used by build containers. For other containers, network interfaces are added to the network namespace after task creation is complete, before the container task is started. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47406\"\u003emoby/moby#47406\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a new \u003ccode\u003egw-priority\u003c/code\u003e option to \u003ccode\u003edocker run\u003c/code\u003e, \u003ccode\u003edocker container create\u003c/code\u003e, and \u003ccode\u003edocker network connect\u003c/code\u003e. This option will be used by the Engine to determine which network provides the default gateway for a container. On \u003ccode\u003edocker run\u003c/code\u003e, this option is only available through the extended \u003ccode\u003e--network\u003c/code\u003e syntax. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5664\"\u003edocker/cli#5664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a new netlabel \u003ccode\u003ecom.docker.network.endpoint.ifname\u003c/code\u003e to customize the interface name used when connecting a container to a network. It's supported by all built-in network drivers on Linux. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49155\"\u003emoby/moby#49155\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eWhen a container is created with multiple networks specified, there's no guarantee on the order networks will be connected to the container. So, if a custom interface name uses the same prefix as the auto-generated names, for example \u003ccode\u003eeth\u003c/code\u003e, the container might fail to start.\u003c/li\u003e\n\u003cli\u003eThe recommended practice is to use a different prefix, for example \u003ccode\u003een0\u003c/code\u003e, or a numerical suffix high enough to never collide, for example \u003ccode\u003eeth100\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThis label can be specified on \u003ccode\u003edocker network connect\u003c/code\u003e via the \u003ccode\u003e--driver-opt\u003c/code\u003e flag, for example \u003ccode\u003edocker network connect --driver-opt=com.docker.network.endpoint.ifname=foobar …\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eOr via the long-form \u003ccode\u003e--network\u003c/code\u003e flag on \u003ccode\u003edocker run\u003c/code\u003e, for example \u003ccode\u003edocker run --network=name=bridge,driver-opt=com.docker.network.endpoint.ifname=foobar …\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eIf a custom network driver reports capability \u003ccode\u003eGwAllocChecker\u003c/code\u003e then, before a network is created, it will get a \u003ccode\u003eGwAllocCheckerRequest\u003c/code\u003e with the network's options. The custom driver may then reply that no gateway IP address should be allocated. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49372\"\u003emoby/moby#49372\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePort publishing in bridge networks\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003edockerd\u003c/code\u003e now requires \u003ccode\u003eipset\u003c/code\u003e support in the Linux kernel. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48596\"\u003emoby/moby#48596\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eiptables\u003c/code\u003e and \u003ccode\u003eip6tables\u003c/code\u003e rules used to implement port publishing and network isolation have been extensively modified. This enables some of the following functional changes, and is a first step in refactoring to enable native \u003ccode\u003enftables\u003c/code\u003e support in a future release. \u003ca href=\"https://redirect.github.com/moby/moby/issues/48815\"\u003emoby/moby#48815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf it becomes necessary to downgrade to an earlier version of the daemon, some manual cleanup of the new rules will be necessary. The simplest and surest approach is to reboot the host, or use \u003ccode\u003eiptables -F\u003c/code\u003e and \u003ccode\u003eip6tables -F\u003c/code\u003e to flush all existing \u003ccode\u003eiptables\u003c/code\u003e rules from the \u003ccode\u003efilter\u003c/code\u003e table before starting the older version of the daemon. When that is not possible, run the following commands as root:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eiptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eiptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -j DOCKER; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -j DOCKER\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eIf you were previously running with the iptables filter-FORWARD policy set to \u003ccode\u003eACCEPT\u003c/code\u003e and need to restore access to unpublished ports, also delete per-bridge-network rules from the \u003ccode\u003eDOCKER\u003c/code\u003e chains. For example, \u003ccode\u003eiptables -D DOCKER ! -i docker0 -o docker0 -j DROP\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix a security issue that was allowing remote hosts to connect directly to a container on its published ports. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49325\"\u003emoby/moby#49325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a security issue that was allowing neighbor hosts to connect to ports mapped on a loopback address. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49325\"\u003emoby/moby#49325\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/af898abe44662d9554fb15ee4d4a7307f1b8e315\"\u003e\u003ccode\u003eaf898ab\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49495\"\u003e#49495\u003c/a\u003e from vvoland/update-buildkit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/d67f035d31bab71be3ae7dcaacba41f5a98aad11\"\u003e\u003ccode\u003ed67f035\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/buildkit v0.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/00ab386b5a2ebcf85b6a03b800f593c3a140c6a8\"\u003e\u003ccode\u003e00ab386\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49491\"\u003e#49491\u003c/a\u003e from vvoland/update-buildkit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/1fde8c46159cb41f584c01551f83cc21ecf924d9\"\u003e\u003ccode\u003e1fde8c4\u003c/code\u003e\u003c/a\u003e builder-next: fix cdi manager\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/cde9f0752e9c9f63b459e0247ff7df0b35488af3\"\u003e\u003ccode\u003ecde9f07\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/buildkit v0.20.0-rc3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/89e1429b65f194b25fe2e31088a4c4e69a651a47\"\u003e\u003ccode\u003e89e1429\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49490\"\u003e#49490\u003c/a\u003e from thaJeztah/dockerfile_linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/b2b55903d0bb54e11bfe22204c1e0b73627943eb\"\u003e\u003ccode\u003eb2b5590\u003c/code\u003e\u003c/a\u003e Dockerfile: fix linting warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/62bc5979908f152a8929ce44927cbdd929bf53ea\"\u003e\u003ccode\u003e62bc597\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49480\"\u003e#49480\u003c/a\u003e from thaJeztah/docs_api_1.48\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/670cd81423932b3e9103f0893c5d5e63a079ae58\"\u003e\u003ccode\u003e670cd81\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49485\"\u003e#49485\u003c/a\u003e from vvoland/c8d-list-panic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/a3628f3f8e806ede250e2c95f6757070c9fb56e4\"\u003e\u003ccode\u003ea3628f3\u003c/code\u003e\u003c/a\u003e docs/api: add documentation for API v1.48\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker/compare/v20.10.7...v28.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/image-spec` from 1.0.1 to 1.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/image-spec/releases\"\u003egithub.com/opencontainers/image-spec's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003cp\u003eVote Passed  \u003ccode\u003e[+7-0]\u003c/code\u003e  - \u003ca href=\"https://groups.google.com/a/opencontainers.org/g/dev/c/Cnk6H9C4aag\"\u003ehttps://groups.google.com/a/opencontainers.org/g/dev/c/Cnk6H9C4aag\u003c/a\u003e\n\u003cstrong\u003eRelease PR\u003c/strong\u003e : \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/pull/1161\"\u003eopencontainers/image-spec#1161\u003c/a\u003e\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/image-spec/compare/v1.0.2...v1.1.0\"\u003ehttps://github.com/opencontainers/image-spec/compare/v1.0.2...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAssociated Distribution Specification Release - \u003ca href=\"https://github.com/opencontainers/distribution-spec/releases/tag/v1.1.0\"\u003ehttps://github.com/opencontainers/distribution-spec/releases/tag/v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0-rc6\u003c/h2\u003e\n\u003cp\u003eVote passed [+6 -0] - \u003ca href=\"https://groups.google.com/a/opencontainers.org/g/dev/c/HOxZlfhr9-o\"\u003ehttps://groups.google.com/a/opencontainers.org/g/dev/c/HOxZlfhr9-o\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eFor changeset and diff please see - \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/pull/1157\"\u003eopencontainers/image-spec#1157\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0-rc5\u003c/h2\u003e\n\u003cp\u003eFor changeset and diff please see - \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/pull/1109\"\u003eopencontainers/image-spec#1109\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eVote - \u003ca href=\"https://groups.google.com/a/opencontainers.org/g/dev/c/KIwyzExcjZ8\"\u003ehttps://groups.google.com/a/opencontainers.org/g/dev/c/KIwyzExcjZ8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0-rc4\u003c/h2\u003e\n\u003cp\u003eVote passed [+6 -0]: \u003ca href=\"https://groups.google.com/a/opencontainers.org/g/dev/c/gPgzESGb7xs\"\u003ehttps://groups.google.com/a/opencontainers.org/g/dev/c/gPgzESGb7xs\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eFor changeset and diff please see  - \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/pull/1080\"\u003eopencontainers/image-spec#1080\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0-rc3\u003c/h2\u003e\n\u003cp\u003eVote passed [+6 -0]: \u003ca href=\"https://groups.google.com/a/opencontainers.org/g/dev/c/ZUza21145X0\"\u003ehttps://groups.google.com/a/opencontainers.org/g/dev/c/ZUza21145X0\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/opencontainers/image-spec/pull/1049\"\u003eopencontainers/image-spec#1049\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eNote: This is a duplicate of v1.1.0-rc.3 because of semver ordering (rc.3 \u0026lt; rc1 \u0026lt; rc2).\u003c/p\u003e\n\u003ch2\u003ev1.1.0-rc2\u003c/h2\u003e\n\u003cp\u003eVote PASSED [+5 -0 \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/2\"\u003e#2\u003c/a\u003e]: \u003ca href=\"https://groups.google.com/a/opencontainers.org/g/dev/c/0CIPCfr4TCk\"\u003ehttps://groups.google.com/a/opencontainers.org/g/dev/c/0CIPCfr4TCk\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eFull Changeset since v1.1.0-rc2: \u003ca href=\"https://github.com/opencontainers/image-spec/compare/v1.1.0-rc1...19a74bcb54ba211005a68d85c6b359c2947721ce\"\u003e\u003ccode\u003ev1.1.0-rc1...19a74bcb\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003ePRs included since \u003ccode\u003ev1.1.0-rc1\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/956\"\u003e#956\u003c/a\u003e docs: Update release process docs with checklist\n\u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/953\"\u003e#953\u003c/a\u003e Release 1.1.0 rc1\n\u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/950\"\u003e#950\u003c/a\u003e Rename refers field to subject\n\u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/945\"\u003e#945\u003c/a\u003e Fix whitespace consistency in config.md\u003c/p\u003e\n\u003ch2\u003ev1.1.0-rc1\u003c/h2\u003e\n\u003cp\u003eVote PASSED [+5 -0 \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/2\"\u003e#2\u003c/a\u003e]: \u003ca href=\"https://groups.google.com/a/opencontainers.org/g/dev/c/O5L0lkhblkc\"\u003ehttps://groups.google.com/a/opencontainers.org/g/dev/c/O5L0lkhblkc\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eFull Changeset since v1.0.2: \u003ca href=\"https://github.com/opencontainers/image-spec/compare/67d2d56..4728b6e\"\u003e\u003ccode\u003e67d2d56..4728b6e\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/e7f7c0ca69b21688c3cea7c87a04e4503e6099e2\"\u003e\u003ccode\u003ee7f7c0c\u003c/code\u003e\u003c/a\u003e version: release v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/365fa41472a19107b0b4cbc17e141a9b97f9b66e\"\u003e\u003ccode\u003e365fa41\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/1160\"\u003e#1160\u003c/a\u003e from sudo-bmitch/pr-subject-dag-association\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/d0f90e68158b19ec241969d87200a1ec268c4df6\"\u003e\u003ccode\u003ed0f90e6\u003c/code\u003e\u003c/a\u003e Clarify that subject references a separate DAG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/970322241ad9c8868d15e6859c9b446ad06b944d\"\u003e\u003ccode\u003e9703222\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/1157\"\u003e#1157\u003c/a\u003e from sudo-bmitch/pr-v1.1.0-rc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/8b1e95119ad3e65671a5a83fdd655d39d20ee258\"\u003e\u003ccode\u003e8b1e951\u003c/code\u003e\u003c/a\u003e version: bump back to +dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/6c2b5fafa0731a97aad0c2a68bac238d6c98c690\"\u003e\u003ccode\u003e6c2b5fa\u003c/code\u003e\u003c/a\u003e version: release v1.1.0-rc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/56fb7838abe52ee259e37ece4b314c08bd45997f\"\u003e\u003ccode\u003e56fb783\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/1107\"\u003e#1107\u003c/a\u003e from sudo-bmitch/pr-release-notice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/a6d741a9fbd300ab2bce113d410e0352f3cccae5\"\u003e\u003ccode\u003ea6d741a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/1148\"\u003e#1148\u003c/a\u003e from dejanu/update_oci_implementations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/53d9855e2a6ab3259cecee5c65fc89299eaaf8f1\"\u003e\u003ccode\u003e53d9855\u003c/code\u003e\u003c/a\u003e new section for projects no longer maintained\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/ceeb2eba078e8b630f5ee62df2e92323fb521f0e\"\u003e\u003ccode\u003eceeb2eb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/1114\"\u003e#1114\u003c/a\u003e from sudo-bmitch/pr-go-1.21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/image-spec/compare/v1.0.1...v1.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.0.0-20221002022538-bcab6841153b to 0.26.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/commits/v0.26.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.3.7 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/9c2f3a21352d1ff4e47776534e3f334b39ec0183\"\u003e\u003ccode\u003e9c2f3a2\u003c/code\u003e\u003c/a\u003e cmd/gotext: fix segfault in extract \u0026amp; rewrite commands\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/59e1219a5f3786e7011dc4816d0dbb09fee91bc8\"\u003e\u003ccode\u003e59e1219\u003c/code\u003e\u003c/a\u003e message: optimize lookupAndFormat function for better performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/a20a3e249605cda389f7039e0fccaabf709c47b3\"\u003e\u003ccode\u003ea20a3e2\u003c/code\u003e\u003c/a\u003e x/text: update x/tools for go/ssa range-over-func fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/8d533a0c40adec778a7d09ac6c8aa640d3c883f4\"\u003e\u003ccode\u003e8d533a0\u003c/code\u003e\u003c/a\u003e encoding/charmap: update UCM spec file URL prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/6c97a165dd661335ff7bce6104a008558123c353\"\u003e\u003ccode\u003e6c97a16\u003c/code\u003e\u003c/a\u003e all: update go directive to 1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f488e191e67ed95a5b9b7b39024e5a5f5f1ffd02\"\u003e\u003ccode\u003ef488e19\u003c/code\u003e\u003c/a\u003e unicode/norm: fix function name on comment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/fb697c0580b4b6ab0a21ca17e64788b981fb6018\"\u003e\u003ccode\u003efb697c0\u003c/code\u003e\u003c/a\u003e cmd/gotext: actually use -dir flag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f3e69ed4a8ab60c16ae76f4ddb08f2726b0a9428\"\u003e\u003ccode\u003ef3e69ed\u003c/code\u003e\u003c/a\u003e cmd/gotext: fix misbehaviors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/ab07ad1b65bc4cdc738e747f7569a3795d2e60ec\"\u003e\u003ccode\u003eab07ad1\u003c/code\u003e\u003c/a\u003e all: remove repetitive words\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e50348080f29449bcd6808c11400b3d45f08b09d\"\u003e\u003ccode\u003ee503480\u003c/code\u003e\u003c/a\u003e encoding/japanese, language: shorten very long sub-test names\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/text/compare/v0.3.7...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.50.0 to 1.59.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.59.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer: grpc will switch to case-sensitive balancer names soon; log a warning if a capital letter is encountered in an LB policy name (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6647\"\u003e#6647\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eserver: allow applications to send arbitrary data in the \u003ccode\u003egrpc-status-details-bin\u003c/code\u003e trailer (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6662\"\u003e#6662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: validate \u003ccode\u003egrpc-status-details-bin\u003c/code\u003e trailer and pass through the trailer to the application directly (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6662\"\u003e#6662\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003etap (experimental): Add Header metadata to tap handler (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6652\"\u003e#6652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/pstibrany\"\u003e\u003ccode\u003e@​pstibrany\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003egrpc: channel idleness enabled by default with an \u003ccode\u003eidle_timeout\u003c/code\u003e of \u003ccode\u003e30m\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6585\"\u003e#6585\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eDocumentation\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexamples: add an example of flow control behavior (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6648\"\u003e#6648\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: fix hash policy header to skip \u0026quot;-bin\u0026quot; headers and read content-type header as expected (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6609\"\u003e#6609\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.58.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eserver: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)\u003c/p\u003e\n\u003cp\u003eIn addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.58.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ebalancer/weighted_round_robin: fix ticker leak on update\u003c/p\u003e\n\u003cp\u003eA new ticker is created every time there is an update of addresses or configuration, but was not properly stopped.  This change stops the ticker when it is no longer needed.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.58.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: fix a bug that was decrementing active RPC count too early for streaming RPCs; leading to channel moving to IDLE even though it had open streams\u003c/li\u003e\n\u003cli\u003egrpc: fix a bug where transports were not being closed upon channel entering IDLE\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.58.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cp\u003eSee \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6472\"\u003e#6472\u003c/a\u003e for details about these changes.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer: add \u003ccode\u003eStateListener\u003c/code\u003e to \u003ccode\u003eNewSubConnOptions\u003c/code\u003e for \u003ccode\u003eSubConn\u003c/code\u003e state updates and deprecate \u003ccode\u003eBalancer.UpdateSubConnState\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6481\"\u003e#6481\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eUpdateSubConnState\u003c/code\u003e will be deleted in the future.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ebalancer: add \u003ccode\u003eSubConn.Shutdown\u003c/code\u003e and deprecate \u003ccode\u003eBalancer.RemoveSubConn\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6493\"\u003e#6493\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eRemoveSubConn\u003c/code\u003e will be deleted in the future.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/7765221f4bf6104973db7946d56936cf838cad46\"\u003e\u003ccode\u003e7765221\u003c/code\u003e\u003c/a\u003e Change version to 1.59.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e88f12e0517d465cb892ef58e1debf10b4e5607f\"\u003e\u003ccode\u003ee88f12e\u003c/code\u003e\u003c/a\u003e server: prohibit more than MaxConcurrentStreams handlers from running at once...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/be7919c3dc3c26f54489c778af7bbfea608ad9bc\"\u003e\u003ccode\u003ebe7919c\u003c/code\u003e\u003c/a\u003e transport: Pass Header metadata to tap handle. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6652\"\u003e#6652\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e3f1514cdb8fcbcacc30b53473042dbb40a54791\"\u003e\u003ccode\u003ee3f1514\u003c/code\u003e\u003c/a\u003e Reapply \u0026quot;status: fix/improve status handling (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6662\"\u003e#6662\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6673\"\u003e#6673\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/696faa982cdc0914929a64848a8ff3bf7a924166\"\u003e\u003ccode\u003e696faa9\u003c/code\u003e\u003c/a\u003e client: add a test for NewSubConn / StateListener / cc.Close racing (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6678\"\u003e#6678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/318c717a659ec55a2f92e1c84313153dd278bf55\"\u003e\u003ccode\u003e318c717\u003c/code\u003e\u003c/a\u003e readme: fix badges (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6687\"\u003e#6687\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/39972fdd744873a2b829ab98962ab0e85800d591\"\u003e\u003ccode\u003e39972fd\u003c/code\u003e\u003c/a\u003e github: add code coverage with codecov.io (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6676\"\u003e#6676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/93dbc059f561340a14aeb96ea2925b9a669c5673\"\u003e\u003ccode\u003e93dbc05\u003c/code\u003e\u003c/a\u003e xds: move virtual host matcher test to the xdsresource package (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6680\"\u003e#6680\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/2c00469782f1dd8c7456dcc7238a957781246e84\"\u003e\u003ccode\u003e2c00469\u003c/code\u003e\u003c/a\u003e github: update actions/setup-go and actions/checkout (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6675\"\u003e#6675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/1f73ed5fcf75b3e464c83ab17fc73144e2161620\"\u003e\u003ccode\u003e1f73ed5\u003c/code\u003e\u003c/a\u003e Replace the gRFC pull request with the permanent link. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6674\"\u003e#6674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.50.0...v1.59.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/protobuf` from 1.28.1 to 1.33.0\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/DarkWanderer/jaeger-clickhouse/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/DarkWanderer/jaeger-clickhouse/pull/32","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/DarkWanderer%2Fjaeger-clickhouse/issues/32","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/32/packages"},{"uuid":"2781917214","node_id":"PR_kwDONAkL-c6l0LAe","number":1,"state":"open","title":"Bump the go_modules group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-28T14:08:57.000Z","updated_at":"2025-08-28T14:08:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":3,"packages":[{"name":"github.com/docker/distribution","old_version":"2.6.0-rc.1.0.20170726174610-edc3ab29cdff+incompatible","new_version":"2.8.2-beta.1+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/prometheus/client_golang","old_version":"1.10.0","new_version":"1.11.1","repository_url":"https://github.com/prometheus/client_golang"},{"name":"google.golang.org/grpc","old_version":"1.38.0","new_version":"1.56.3","repository_url":"https://github.com/grpc/grpc-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 3 updates in the / directory: [github.com/docker/distribution](https://github.com/docker/distribution), [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\n\nUpdates `github.com/docker/distribution` from 2.6.0-rc.1.0.20170726174610-edc3ab29cdff+incompatible to 2.8.2-beta.1+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003cp\u003eThere have been no changes made in the released binaries other than the bump of the Go runtime.\u003c/p\u003e\n\u003cp\u003eSee the changelog below for a full list of changes.\u003c/p\u003e\n\u003ch3\u003eCI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eci: use proper git ref for versioning \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3595\"\u003e#3595\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGo: make Go version explicit and pin it to the latest 1.16 release \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3604\"\u003e#3604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eMilos Gajdos\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/96cc1fdb3cab99df352d6cea3d87e104f0ad8520\"\u003e\u003ccode\u003e96cc1fdb\u003c/code\u003e\u003c/a\u003e FIx typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e744906f090d3fd828984253a3dda07db307e7ca\"\u003e\u003ccode\u003ee744906f\u003c/code\u003e\u003c/a\u003e Update 2.8.1. release notes\u003c/li\u003e\n\u003cli\u003ePrepare for v2.8.1 release (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3596\"\u003e#3596\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/6736d1881aefeea97d0ed7330721821c7cae37a8\"\u003e\u003ccode\u003e6736d188\u003c/code\u003e\u003c/a\u003e Prepare for v2.8.1 release\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e[2.8 backport] ci: use proper git ref for versioning (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3595\"\u003e#3595\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/80acbdf0a2e282750c608e452ce4ceb5dfe0b5b6\"\u003e\u003ccode\u003e80acbdf0\u003c/code\u003e\u003c/a\u003e ci: use proper git ref for versioning\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003cp\u003eThe previous release can be found at \u003ca href=\"https://github.com/distribution/distribution/releases/tag/v2.8.0\"\u003ev2.8.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/docker/distribution/commits/v2.8.2-beta.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/prometheus/client_golang` from 1.10.0 to 1.11.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/releases\"\u003egithub.com/prometheus/client_golang's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.11.1 / 2022-02-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[SECURITY FIX] promhttp: Check validity of method and code label values \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/987\"\u003eprometheus/client_golang#987\u003c/a\u003e (Addressed \u003ca href=\"https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p\"\u003e\u003ccode\u003eCVE-2022-21698\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epromhttp: Check validity of method and code label values by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/kakkoyun\"\u003e\u003ccode\u003e@​kakkoyun\u003c/code\u003e\u003c/a\u003e in  \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/987\"\u003eprometheus/client_golang#987\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1\"\u003ehttps://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.11.0 / 2021-06-07\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Add new collectors package. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/862\"\u003e#862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] \u003ccode\u003eprometheus.NewExpvarCollector\u003c/code\u003e is deprecated, use \u003ccode\u003ecollectors.NewExpvarCollector\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/862\"\u003e#862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] \u003ccode\u003eprometheus.NewGoCollector\u003c/code\u003e is deprecated, use \u003ccode\u003ecollectors.NewGoCollector\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/862\"\u003e#862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] \u003ccode\u003eprometheus.NewBuildInfoCollector\u003c/code\u003e is deprecated, use \u003ccode\u003ecollectors.NewBuildInfoCollector\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/862\"\u003e#862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add new collector for database/sql#DBStats. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/866\"\u003e#866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] API client: Add exemplars API support. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/861\"\u003e#861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] API client: Add newer fields to Rules API. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/855\"\u003e#855\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] API client: Add missing fields to Targets API. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/856\"\u003e#856\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSynchronize common files from prometheus/prometheus by \u003ca href=\"https://github.com/prombot\"\u003e\u003ccode\u003e@​prombot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/846\"\u003eprometheus/client_golang#846\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSynchronize common files from prometheus/prometheus by \u003ca href=\"https://github.com/prombot\"\u003e\u003ccode\u003e@​prombot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/849\"\u003eprometheus/client_golang#849\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSynchronize common files from prometheus/prometheus by \u003ca href=\"https://github.com/prombot\"\u003e\u003ccode\u003e@​prombot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/853\"\u003eprometheus/client_golang#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd newer fields to Rules API by \u003ca href=\"https://github.com/gouthamve\"\u003e\u003ccode\u003e@​gouthamve\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/855\"\u003eprometheus/client_golang#855\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing fields to targets API by \u003ca href=\"https://github.com/yeya24\"\u003e\u003ccode\u003e@​yeya24\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/856\"\u003eprometheus/client_golang#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSynchronize common files from prometheus/prometheus by \u003ca href=\"https://github.com/prombot\"\u003e\u003ccode\u003e@​prombot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/857\"\u003eprometheus/client_golang#857\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd exemplars API support by \u003ca href=\"https://github.com/yeya24\"\u003e\u003ccode\u003e@​yeya24\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/861\"\u003eprometheus/client_golang#861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove description of MaxAge in summary docs by \u003ca href=\"https://github.com/Dean-Coakley\"\u003e\u003ccode\u003e@​Dean-Coakley\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/864\"\u003eprometheus/client_golang#864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd new collectors package by \u003ca href=\"https://github.com/johejo\"\u003e\u003ccode\u003e@​johejo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/862\"\u003eprometheus/client_golang#862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd collector for database/sql#DBStats by \u003ca href=\"https://github.com/johejo\"\u003e\u003ccode\u003e@​johejo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/866\"\u003eprometheus/client_golang#866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake dbStatsCollector more DRY by \u003ca href=\"https://github.com/beorn7\"\u003e\u003ccode\u003e@​beorn7\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/867\"\u003eprometheus/client_golang#867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange maintainers from \u003ca href=\"https://github.com/beorn7\"\u003e\u003ccode\u003e@​beorn7\u003c/code\u003e\u003c/a\u003e to @bwplotka/\u003ca href=\"https://github.com/kakkoyun\"\u003e\u003ccode\u003e@​kakkoyun\u003c/code\u003e\u003c/a\u003e by \u003ca href=\"https://github.com/beorn7\"\u003e\u003ccode\u003e@​beorn7\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/873\"\u003eprometheus/client_golang#873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument implications of negative observations by \u003ca href=\"https://github.com/beorn7\"\u003e\u003ccode\u003e@​beorn7\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/871\"\u003eprometheus/client_golang#871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Go modules by \u003ca href=\"https://github.com/SuperQ\"\u003e\u003ccode\u003e@​SuperQ\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/875\"\u003eprometheus/client_golang#875\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouthamve\"\u003e\u003ccode\u003e@​gouthamve\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/855\"\u003eprometheus/client_golang#855\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.10.0...v1.11.0\"\u003ehttps://github.com/prometheus/client_golang/compare/v1.10.0...v1.11.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md\"\u003egithub.com/prometheus/client_golang's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch2\u003e1.23.0 / 2025-07-30\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1812\"\u003e#1812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1766\"\u003e#1766\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add exemplars for native histograms \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1686\"\u003e#1686\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] exp/api: Bubble up status code from writeResponse \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1823\"\u003e#1823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1833\"\u003e#1833\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] exp/api: client prompt return on context cancellation \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1729\"\u003e#1729\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.22.0 / 2025-04-07\u003c/h2\u003e\n\u003cp\u003e:warning: This release contains potential breaking change if you use experimental \u003ccode\u003ezstd\u003c/code\u003e support introduce in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1496\"\u003e#1496\u003c/a\u003e :warning:\u003c/p\u003e\n\u003cp\u003eExperimental support for \u003ccode\u003ezstd\u003c/code\u003e on scrape was added, controlled by the request \u003ccode\u003eAccept-Encoding\u003c/code\u003e header.\nIt was enabled by default since version 1.20, but now you need to add a blank import to enable it.\nThe decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon,\n\u003ca href=\"https://redirect.github.com/golang/go/issues/62513\"\u003egolang/go#62513\u003c/a\u003e however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.\u003c/p\u003e\n\u003cp\u003ee.g.:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003eimport (\n  _ \u0026quot;github.com/prometheus/client_golang/prometheus/promhttp/zstd\u0026quot;\n)\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003e[FEATURE] prometheus: Add new CollectorFunc utility \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1724\"\u003e#1724\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1738\"\u003e#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] api: \u003ccode\u003eWithLookbackDelta\u003c/code\u003e and \u003ccode\u003eWithStats\u003c/code\u003e options have been added to API client. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1743\"\u003e#1743\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] :warning: promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1765\"\u003e#1765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.1 / 2025-03-04\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] prometheus: Revert of \u003ccode\u003eInc\u003c/code\u003e, \u003ccode\u003eAdd\u003c/code\u003e and \u003ccode\u003eObserve\u003c/code\u003e cumulative metric CAS optimizations (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1661\"\u003e#1661\u003c/a\u003e), causing regressions on low contention cases.\u003c/li\u003e\n\u003cli\u003e[BUGFIX] prometheus: Fix GOOS=ios build, broken due to process_collector_* wrong build tags.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.0 / 2025-02-17\u003c/h2\u003e\n\u003cp\u003e:warning: This release contains potential breaking change if you upgrade \u003ccode\u003egithub.com/prometheus/common\u003c/code\u003e to 0.62+ together with client_golang. :warning:\u003c/p\u003e\n\u003cp\u003eNew common version \u003ca href=\"https://redirect.github.com/prometheus/common/pull/724\"\u003echanges \u003ccode\u003emodel.NameValidationScheme\u003c/code\u003e global variable\u003c/a\u003e, which relaxes the validation of label names and metric name, allowing all UTF-8 characters. Typically, this should not break any user, unless your test or usage expects strict certain names to panic/fail on client_golang metric registration, gathering or scrape. In case of problems change \u003ccode\u003emodel.NameValidationScheme\u003c/code\u003e to old \u003ccode\u003emodel.LegacyValidation\u003c/code\u003e value in your project \u003ccode\u003einit\u003c/code\u003e function.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] gocollector: Fix help message for runtime/metric metrics. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1583\"\u003e#1583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] prometheus: Fix \u003ccode\u003eDesc.String()\u003c/code\u003e method for no labels case. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1687\"\u003e#1687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] prometheus: Optimize popular \u003ccode\u003eprometheus.BuildFQName\u003c/code\u003e function; now up to 30% faster. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1665\"\u003e#1665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] prometheus: Optimize \u003ccode\u003eInc\u003c/code\u003e, \u003ccode\u003eAdd\u003c/code\u003e and \u003ccode\u003eObserve\u003c/code\u003e cumulative metrics; now up to 50% faster under high concurrent contention. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Upgrade prometheus/common to 0.62.0 which changes \u003ccode\u003emodel.NameValidationScheme\u003c/code\u003e global variable. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1712\"\u003e#1712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Add support for Go 1.23. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1602\"\u003e#1602\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/989baa30fe956631907493ccee1f8e7708660d96\"\u003e\u003ccode\u003e989baa3\u003c/code\u003e\u003c/a\u003e promhttp: Check validity of method and code label values (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/962\"\u003e#962\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/987\"\u003e#987\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/8184d76b3b0bd3b01ed903690431ccb6826bf3e0\"\u003e\u003ccode\u003e8184d76\u003c/code\u003e\u003c/a\u003e Cut v1.11.0 (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/877\"\u003e#877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/253906201bda760621fa671fa1541a4ac3df29bd\"\u003e\u003ccode\u003e2539062\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/875\"\u003e#875\u003c/a\u003e from prometheus/superq/update_mods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/68cd1e9262e2fe03a79c9a8bab6737f04995e8a5\"\u003e\u003ccode\u003e68cd1e9\u003c/code\u003e\u003c/a\u003e Update Go modules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/f22935db759faadc48285fee37718436d5b9cb67\"\u003e\u003ccode\u003ef22935d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/871\"\u003e#871\u003c/a\u003e from prometheus/beorn7/doc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/11aba26a91c3ea0581eef96f8ec9fc5cdce204f9\"\u003e\u003ccode\u003e11aba26\u003c/code\u003e\u003c/a\u003e Change maintainers from \u003ca href=\"https://github.com/beorn7\"\u003e\u003ccode\u003e@​beorn7\u003c/code\u003e\u003c/a\u003e to @bwplotka/\u003ca href=\"https://github.com/kakkoyun\"\u003e\u003ccode\u003e@​kakkoyun\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/873\"\u003e#873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/f34145a85eaff9d42ff629a2975e8118ab41773c\"\u003e\u003ccode\u003ef34145a\u003c/code\u003e\u003c/a\u003e Document implications of negative observations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/a7515ca7c9c6388a5ab84ea336faef795bbf866f\"\u003e\u003ccode\u003ea7515ca\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/867\"\u003e#867\u003c/a\u003e from prometheus/beorn7/collectors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/81a9556c8b4ffac3dd75f7aedf720b3ae73e1276\"\u003e\u003ccode\u003e81a9556\u003c/code\u003e\u003c/a\u003e Make dbStatsCollector more DRY\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/a66da1df4a7e12cb9f84cf5ae3c7adec4539ed27\"\u003e\u003ccode\u003ea66da1d\u003c/code\u003e\u003c/a\u003e Add collector for database/sql#DBStats (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/866\"\u003e#866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.10.0...v1.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.38.0 to 1.56.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.56.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eserver: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)\u003c/p\u003e\n\u003cp\u003eIn addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.56.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003estatus: To fix a panic, \u003ccode\u003estatus.FromError\u003c/code\u003e now returns an error with \u003ccode\u003ecodes.Unknown\u003c/code\u003e when the error implements the \u003ccode\u003eGRPCStatus()\u003c/code\u003e method, and calling \u003ccode\u003eGRPCStatus()\u003c/code\u003e returns \u003ccode\u003enil\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6374\"\u003e#6374\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.56.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eclient: handle empty address lists correctly in addrConn.updateAddrs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.56.0\u003c/h2\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: support channel idleness using \u003ccode\u003eWithIdleTimeout\u003c/code\u003e dial option (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6263\"\u003e#6263\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis feature is currently disabled by default, but will be enabled with a 30 minute default in the future.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eclient: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A62-pick-first.md\"\u003egRFC A62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6306\"\u003e#6306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support for Custom LB Policies (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A52-xds-custom-lb-policies.md\"\u003egRFC A52\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6224\"\u003e#6224\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: support pick_first Custom LB policy (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A62-pick-first.md\"\u003egRFC A62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6314\"\u003e#6314\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6317\"\u003e#6317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: add support for pickfirst address shuffling (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A62-pick-first.md\"\u003egRFC A62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6311\"\u003e#6311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support for String Matcher Header Matcher in RDS (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6313\"\u003e#6313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds/outlierdetection: Add Channelz Logger to Outlier Detection LB (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6145\"\u003e#6145\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/s-matyukevich\"\u003e\u003ccode\u003e@​s-matyukevich\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: enable RLS in xDS by default (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6343\"\u003e#6343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eorca: add support for application_utilization field and missing range checks on several metrics setters\u003c/li\u003e\n\u003cli\u003ebalancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A58-client-side-weighted-round-robin-lb-policy.md\"\u003egRFC A58\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6241\"\u003e#6241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eauthz: add conversion of json to RBAC Audit Logging config (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6192\"\u003e#6192\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eauthz: add support for stdout logger (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6230\"\u003e#6230\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6298\"\u003e#6298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eauthz: support customizable audit functionality for authorization policy (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6192\"\u003e#6192\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6230\"\u003e#6230\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6298\"\u003e#6298\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6158\"\u003e#6158\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6304\"\u003e#6304\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6225\"\u003e#6225\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eorca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6245\"\u003e#6245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6361\"\u003e#6361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6361\"\u003e#6361\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eorca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6223\"\u003e#6223\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.55.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003estatus: To fix a panic, \u003ccode\u003estatus.FromError\u003c/code\u003e now returns an error with \u003ccode\u003ecodes.Unknown\u003c/code\u003e when the error implements the \u003ccode\u003eGRPCStatus()\u003c/code\u003e method, and calling \u003ccode\u003eGRPCStatus()\u003c/code\u003e returns \u003ccode\u003enil\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6374\"\u003e#6374\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.55.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: enable federation support by default (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6151\"\u003e#6151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estatus: \u003ccode\u003estatus.Code\u003c/code\u003e and \u003ccode\u003estatus.FromError\u003c/code\u003e handle wrapped errors (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6031\"\u003e#6031\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6150\"\u003e#6150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/1055b481ed2204a29d233286b9b50c42b63f8825\"\u003e\u003ccode\u003e1055b48\u003c/code\u003e\u003c/a\u003e Update version.go to 1.56.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6713\"\u003e#6713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/5efd7bd73e11fea58d1c7f1c110902e78a286299\"\u003e\u003ccode\u003e5efd7bd\u003c/code\u003e\u003c/a\u003e server: prohibit more than MaxConcurrentStreams handlers from running at once...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/bd1f038e7234580c2694e433bec5cd97e7b7f662\"\u003e\u003ccode\u003ebd1f038\u003c/code\u003e\u003c/a\u003e Upgrade version.go to 1.56.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6434\"\u003e#6434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/faab8736bf73291f92b867d5dae31c927d53d508\"\u003e\u003ccode\u003efaab873\u003c/code\u003e\u003c/a\u003e Update version.go to v1.56.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6432\"\u003e#6432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6b0b291d79831b1c8caafceec268b82c92253f96\"\u003e\u003ccode\u003e6b0b291\u003c/code\u003e\u003c/a\u003e status: fix panic when servers return a wrapped error with status OK (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6374\"\u003e#6374\u003c/a\u003e) ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/ed56401aa514462d5371713b8ec5c889da33953c\"\u003e\u003ccode\u003eed56401\u003c/code\u003e\u003c/a\u003e [PSM interop] Don't fail target if sub-target already failed (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6390\"\u003e#6390\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6405\"\u003e#6405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/cd6a794f0bdcf9a216e8f4d3c5717faf96d9fd78\"\u003e\u003ccode\u003ecd6a794\u003c/code\u003e\u003c/a\u003e Update version.go to v1.56.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6387\"\u003e#6387\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/5b67e5ea449ef0686a0c0b6de48cd4cb63e3db2a\"\u003e\u003ccode\u003e5b67e5e\u003c/code\u003e\u003c/a\u003e Update version.go to v1.56.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6386\"\u003e#6386\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d0f5150384a87f9fcac488a9c18727a55b7354c1\"\u003e\u003ccode\u003ed0f5150\u003c/code\u003e\u003c/a\u003e client: handle empty address lists correctly in addrConn.updateAddrs (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6354\"\u003e#6354\u003c/a\u003e) ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/997c1ea101cc5d496d2b148388f1df49632a9171\"\u003e\u003ccode\u003e997c1ea\u003c/code\u003e\u003c/a\u003e Change version to 1.56.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6345\"\u003e#6345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.38.0...v1.56.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jevans3/cron-hpa/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/jevans3/cron-hpa/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jevans3%2Fcron-hpa/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"2763300614","node_id":"PR_kwDOPGiqKc6ktJ8G","number":13,"state":"open","title":"Bump the go_modules group across 2 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-21T14:57:20.000Z","updated_at":"2025-08-21T14:57:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":6,"packages":[{"name":"golang.org/x/crypto","old_version":"0.32.0","new_version":"0.35.0","repository_url":"https://github.com/golang/crypto"},{"name":"golang.org/x/net","old_version":"0.34.0","new_version":"0.38.0","repository_url":"https://github.com/golang/net"},{"name":"golang.org/x/sys","old_version":"0.29.0","new_version":"0.31.0","repository_url":"https://github.com/golang/sys"},{"name":"github.com/go-viper/mapstructure/v2","old_version":"2.2.1","new_version":"2.4.0","repository_url":"https://github.com/go-viper/mapstructure"},{"name":"golang.org/x/sys","old_version":"0.0.0-20190507160741-ecd444e8653b","new_version":"0.1.0","repository_url":"https://github.com/golang/sys"},{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/opencontainers/image-spec","old_version":"1.0.1","new_version":"1.0.2","repository_url":"https://github.com/opencontainers/image-spec"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 3 updates in the /go directory: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/net](https://github.com/golang/net) and [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure).\nBumps the go_modules group with 3 updates in the /packaging/linux/tuxbot/bot directory: [golang.org/x/sys](https://github.com/golang/sys), [github.com/docker/distribution](https://github.com/docker/distribution) and [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec).\n\nUpdates `golang.org/x/crypto` from 0.32.0 to 0.35.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22\"\u003e\u003ccode\u003e7292932\u003c/code\u003e\u003c/a\u003e ssh: limit the size of the internal packet queue while waiting for KEX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f66f74b0a406b5f6909183531ace593857f1646c\"\u003e\u003ccode\u003ef66f74b\u003c/code\u003e\u003c/a\u003e acme/autocert: check host policy before probing the cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b0784b7bfbe0b2c9a59afc1248ed3cb4b6652e85\"\u003e\u003ccode\u003eb0784b7\u003c/code\u003e\u003c/a\u003e x509roots/fallback: drop obsolete build constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/911360c8a4f464342b9fe7c23632be57fca87b20\"\u003e\u003ccode\u003e911360c\u003c/code\u003e\u003c/a\u003e all: bump golang.org/x/crypto dependencies of asm generators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/89ff08d67c4d79f9ac619aaf1f7388888798651f\"\u003e\u003ccode\u003e89ff08d\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.23.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e47973b1c1089f6c67ab89261f7aa067b3d611d2\"\u003e\u003ccode\u003ee47973b\u003c/code\u003e\u003c/a\u003e all: update certs for go1.24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9290511cd23ab9813a307b7f2615325e3ca98902\"\u003e\u003ccode\u003e9290511\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/fa5273e461966728f91f33da62c0cf511a404c2a\"\u003e\u003ccode\u003efa5273e\u003c/code\u003e\u003c/a\u003e x509roots/fallback: update bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a8ea4be81f0769fd5857e087083cbb6d3cb9f196\"\u003e\u003ccode\u003ea8ea4be\u003c/code\u003e\u003c/a\u003e ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/71d3a4cfdb0360795ce5f2d7041e01823fd22eb6\"\u003e\u003ccode\u003e71d3a4c\u003c/code\u003e\u003c/a\u003e acme: support challenges that require the ACME client to send a non-empty JSO...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/compare/v0.32.0...v0.35.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.34.0 to 0.38.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9\"\u003e\u003ccode\u003ee1fcd82\u003c/code\u003e\u003c/a\u003e html: properly handle trailing solidus in unquoted attribute value in foreign...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ebed060e8f30f20235f74808c22125fd86b15edd\"\u003e\u003ccode\u003eebed060\u003c/code\u003e\u003c/a\u003e internal/http3: fix build of tests with GOEXPERIMENT=nosynctest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/1f1fa29e0a46fffe18c43a9da8daa5a0b180dfa9\"\u003e\u003ccode\u003e1f1fa29\u003c/code\u003e\u003c/a\u003e publicsuffix: regenerate table\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/12150816f701c912a32a376754ab28dd3878833a\"\u003e\u003ccode\u003e1215081\u003c/code\u003e\u003c/a\u003e http2: improve error when server sends HTTP/1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/312450e473eae9f9e6173ad895c80bc5ea2f79ad\"\u003e\u003ccode\u003e312450e\u003c/code\u003e\u003c/a\u003e html: ensure \u0026lt;search\u0026gt; tag closes \u0026lt;p\u0026gt; and update tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/09731f9bf919b00b344c763894cd1920b3d96d90\"\u003e\u003ccode\u003e09731f9\u003c/code\u003e\u003c/a\u003e http2: improve handling of lost PING in Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/55989e24b972a90ab99308fdc7ea1fb58a96fef1\"\u003e\u003ccode\u003e55989e2\u003c/code\u003e\u003c/a\u003e http2/h2c: use ResponseController for hijacking connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/2914f46773171f4fa13e276df1135bafef677801\"\u003e\u003ccode\u003e2914f46\u003c/code\u003e\u003c/a\u003e websocket: re-recommend gorilla/websocket\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/99b3ae0643f9a2f9d820fcbba5f9e4c83b23bd48\"\u003e\u003ccode\u003e99b3ae0\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/85d1d54551b68719346cb9fec24b911da4e452a1\"\u003e\u003ccode\u003e85d1d54\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.34.0...v0.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.29.0 to 0.31.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sys/commits/v0.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-viper/mapstructure/v2` from 2.2.1 to 2.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-viper/mapstructure/releases\"\u003egithub.com/go-viper/mapstructure/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erefactor: replace interface{} with any by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/115\"\u003ego-viper/mapstructure#115\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/114\"\u003ego-viper/mapstructure#114\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGeneric tests by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/118\"\u003ego-viper/mapstructure#118\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix godoc reference link in README.md by \u003ca href=\"https://github.com/peczenyj\"\u003e\u003ccode\u003e@​peczenyj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/107\"\u003ego-viper/mapstructure#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add StringToTimeLocationHookFunc to convert strings to *time.Location by \u003ca href=\"https://github.com/ErfanMomeniii\"\u003e\u003ccode\u003e@​ErfanMomeniii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/117\"\u003ego-viper/mapstructure#117\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add back previous StringToSlice as a weak function by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/119\"\u003ego-viper/mapstructure#119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ErfanMomeniii\"\u003e\u003ccode\u003e@​ErfanMomeniii\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/117\"\u003ego-viper/mapstructure#117\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0\"\u003ehttps://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.1.7 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/46\"\u003ego-viper/mapstructure#46\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/47\"\u003ego-viper/mapstructure#47\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[enhancement] Add check for \u003ccode\u003ereflect.Value\u003c/code\u003e in \u003ccode\u003eComposeDecodeHookFunc\u003c/code\u003e by \u003ca href=\"https://github.com/mahadzaryab1\"\u003e\u003ccode\u003e@​mahadzaryab1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/52\"\u003ego-viper/mapstructure#52\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/51\"\u003ego-viper/mapstructure#51\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.0 to 4.2.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/50\"\u003ego-viper/mapstructure#50\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/55\"\u003ego-viper/mapstructure#55\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/58\"\u003ego-viper/mapstructure#58\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add Go 1.24 to the test matrix by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/74\"\u003ego-viper/mapstructure#74\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/72\"\u003ego-viper/mapstructure#72\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/76\"\u003ego-viper/mapstructure#76\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/78\"\u003ego-viper/mapstructure#78\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add decode hook for netip.Prefix by \u003ca href=\"https://github.com/tklauser\"\u003e\u003ccode\u003e@​tklauser\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/85\"\u003ego-viper/mapstructure#85\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/86\"\u003ego-viper/mapstructure#86\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 2.13.4 to 3.28.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/87\"\u003ego-viper/mapstructure#87\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/93\"\u003ego-viper/mapstructure#93\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.15 to 3.28.17 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/92\"\u003ego-viper/mapstructure#92\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.17 to 3.28.19 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/97\"\u003ego-viper/mapstructure#97\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/96\"\u003ego-viper/mapstructure#96\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/peczenyj\"\u003e\u003ccode\u003e@​peczenyj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/90\"\u003ego-viper/mapstructure#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd omitzero tag. by \u003ca href=\"https://github.com/Crystalix007\"\u003e\u003ccode\u003e@​Crystalix007\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/98\"\u003ego-viper/mapstructure#98\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse error structs instead of duplicated strings by \u003ca href=\"https://github.com/m1k1o\"\u003e\u003ccode\u003e@​m1k1o\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/102\"\u003ego-viper/mapstructure#102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/101\"\u003ego-viper/mapstructure#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add common error interface by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/105\"\u003ego-viper/mapstructure#105\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate linter by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/106\"\u003ego-viper/mapstructure#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFeature allow unset pointer by \u003ca href=\"https://github.com/rostislaved\"\u003e\u003ccode\u003e@​rostislaved\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/80\"\u003ego-viper/mapstructure#80\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tklauser\"\u003e\u003ccode\u003e@​tklauser\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/85\"\u003ego-viper/mapstructure#85\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peczenyj\"\u003e\u003ccode\u003e@​peczenyj\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/90\"\u003ego-viper/mapstructure#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Crystalix007\"\u003e\u003ccode\u003e@​Crystalix007\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/98\"\u003ego-viper/mapstructure#98\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rostislaved\"\u003e\u003ccode\u003e@​rostislaved\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/80\"\u003ego-viper/mapstructure#80\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0\"\u003ehttps://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/b9794a5f0e73d425210d6614ed833067029155f5\"\u003e\u003ccode\u003eb9794a5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/119\"\u003e#119\u003c/a\u003e from go-viper/string-to-weak-slice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/17cdcb0741054e2a33938adf6bd1f2a5c0aa8f30\"\u003e\u003ccode\u003e17cdcb0\u003c/code\u003e\u003c/a\u003e feat: add back previous StringToSlice as a weak function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/3caca3614c3ab2c5b5d359c44fdcd72058887b19\"\u003e\u003ccode\u003e3caca36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/117\"\u003e#117\u003c/a\u003e from ErfanMomeniii/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/9a861bc115f2b54ed4e494662f29c172d9ef046a\"\u003e\u003ccode\u003e9a861bc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/107\"\u003e#107\u003c/a\u003e from peczenyj/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/86ed5b59da0615fb8c3a413f401cdf0231f1234c\"\u003e\u003ccode\u003e86ed5b5\u003c/code\u003e\u003c/a\u003e refactor: update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/ace5b4e8b3dec99468ffa9498e42fb09d177b0a6\"\u003e\u003ccode\u003eace5b4e\u003c/code\u003e\u003c/a\u003e chore: add interface any linter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/1a4f1aef38bfa8549762aaf42c7c18a5d268e76e\"\u003e\u003ccode\u003e1a4f1ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/118\"\u003e#118\u003c/a\u003e from go-viper/generic-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/a2689090ed4348033c36724d866faf1f911a9f63\"\u003e\u003ccode\u003ea268909\u003c/code\u003e\u003c/a\u003e fix: lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/17f1fd44eb7606b109c9bb017c0a1c6d3e93b5cd\"\u003e\u003ccode\u003e17f1fd4\u003c/code\u003e\u003c/a\u003e test: add more comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/b48c8566836bf291bfee2b217d51fc36e8e61f6f\"\u003e\u003ccode\u003eb48c856\u003c/code\u003e\u003c/a\u003e test: expand tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.0.0-20190507160741-ecd444e8653b to 0.1.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sys/commits/v0.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/image-spec` from 1.0.1 to 1.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/image-spec/releases\"\u003egithub.com/opencontainers/image-spec's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.2\u003c/h2\u003e\n\u003cp\u003eThis release was voted on by the maintainers and PASSED (+5 -0 \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/2\"\u003e#2\u003c/a\u003e), to mitigate the CVE-2021-41190 advisory.\u003c/p\u003e\n\u003cp\u003eThis release is rebased directly on the prior tagged release (not including the commits that have occurred on main). Corresponding commits have been added to main, such that main is ready for a future next release.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://user-images.githubusercontent.com/67049/142260429-9da17e3d-c6dd-4721-89bb-0ef72ef69c22.gif\" alt=\"R\" /\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/67d2d5658fe0476ab9bf414cec164077ebff3920\"\u003e\u003ccode\u003e67d2d56\u003c/code\u003e\u003c/a\u003e version: release 1.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/dcdcb7f2cf08641d03189e5b09be32de5dcfe459\"\u003e\u003ccode\u003edcdcb7f\u003c/code\u003e\u003c/a\u003e specs-go: adding \u003ccode\u003emediaType\u003c/code\u003e to the index and manifest structures\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/5f3148525b82017cb470ff5f54b37aae4003eb07\"\u003e\u003ccode\u003e5f31485\u003c/code\u003e\u003c/a\u003e *.md: bring mediaType out of reserved status\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/opencontainers/image-spec/compare/v1.0.1...v1.0.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/NACHAPHON-PHONTREE/client/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/NACHAPHON-PHONTREE/client/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NACHAPHON-PHONTREE%2Fclient/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"},{"uuid":"2746833832","node_id":"PR_kwDOHscbzc6juVuo","number":33,"state":"closed","title":"Bump the go_modules group across 1 directory with 12 updates","user":"dependabot[bot]","labels":["wontfix","dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-09-05T05:05:13.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-08-14T17:19:06.000Z","updated_at":"2025-09-05T05:05:13.000Z","time_to_close":1856767,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":12,"packages":[{"name":"filippo.io/age","old_version":"1.0.0-beta7","new_version":"1.2.1","repository_url":"https://github.com/FiloSottile/age"},{"name":"github.com/golang-jwt/jwt/v4","old_version":"4.0.0","new_version":"4.5.2","repository_url":"https://github.com/golang-jwt/jwt"},{"name":"github.com/hashicorp/go-slug","old_version":"0.8.1","new_version":"0.16.3","repository_url":"https://github.com/hashicorp/go-slug"},{"name":"golang.org/x/oauth2","old_version":"0.0.0-20211104180415-d3ed0bb246c8","new_version":"0.27.0","repository_url":"https://github.com/golang/oauth2"},{"name":"google.golang.org/protobuf","old_version":"1.27.1","new_version":"1.33.0"},{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/docker/docker","old_version":"20.10.12+incompatible","new_version":"28.0.0+incompatible","repository_url":"https://github.com/docker/docker"},{"name":"github.com/hashicorp/go-retryablehttp","old_version":"0.7.1","new_version":"0.7.7","repository_url":"https://github.com/hashicorp/go-retryablehttp"},{"name":"github.com/prometheus/client_golang","old_version":"1.11.0","new_version":"1.11.1","repository_url":"https://github.com/prometheus/client_golang"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [filippo.io/age](https://github.com/FiloSottile/age) | `1.0.0-beta7` | `1.2.1` |\n| [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) | `4.0.0` | `4.5.2` |\n| [github.com/hashicorp/go-slug](https://github.com/hashicorp/go-slug) | `0.8.1` | `0.16.3` |\n| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.0.0-20211104180415-d3ed0bb246c8` | `0.27.0` |\n| google.golang.org/protobuf | `1.27.1` | `1.33.0` |\n| [github.com/docker/distribution](https://github.com/docker/distribution) | `2.7.1+incompatible` | `2.8.2+incompatible` |\n| [github.com/docker/docker](https://github.com/docker/docker) | `20.10.12+incompatible` | `28.0.0+incompatible` |\n| [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) | `0.7.1` | `0.7.7` |\n| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.11.0` | `1.11.1` |\n\n\nUpdates `filippo.io/age` from 1.0.0-beta7 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/FiloSottile/age/releases\"\u003efilippo.io/age's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eage v1.2.1: security fix\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability that could allow an attacker to execute an arbitrary binary under certain conditions.\u003c/p\u003e\n\u003cp\u003eSee GHSA-32gq-x56h-299c.\u003c/p\u003e\n\u003cp\u003ePlugin names may now only contain alphanumeric characters or the four special characters \u003ccode\u003e+-._\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThanks to ⬡-49016 for reporting this issue.\u003c/p\u003e\n\u003ch2\u003eage v1.2.0\u003c/h2\u003e\n\u003cp\u003eA small release to build the release binaries with a more recent Go toolchain, and to fix a couple CLI edge cases (\u003ca href=\"https://redirect.github.com/FiloSottile/age/issues/491\"\u003eFiloSottile/age#491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/FiloSottile/age/issues/555\"\u003eFiloSottile/age#555\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eThe Go module now exposes a plugin package that provides an age plugin client. That is, Recipient and Identity implementations that invoke a plugin binary, allowing the use of age plugins in Go programs.\u003c/p\u003e\n\u003cp\u003eFinally, Recipients can now return a set of \u0026quot;labels\u0026quot; by implementing RecipientWithLabels. This allows replicating the special behavior of the scrypt Recipient in third-party Recipients, or applying policy useful for authenticated or post-quantum Recipients.\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e// RecipientWithLabels can be optionally implemented by a Recipient, in which\n// case Encrypt will use WrapWithLabels instead of Wrap.\n//\n// Encrypt will succeed only if the labels returned by all the recipients\n// (assuming the empty set for those that don't implement RecipientWithLabels)\n// are the same.\n//\n// This can be used to ensure a recipient is only used with other recipients\n// with equivalent properties (for example by setting a \u0026quot;postquantum\u0026quot; label) or\n// to ensure a recipient is always used alone (by returning a random label, for\n// example to preserve its authentication properties).\ntype RecipientWithLabels interface {\n\tWrapWithLabels(fileKey []byte) (s []*Stanza, labels []string, err error)\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eage v1.1.1 is a patch release to fix \u003ccode\u003ego install filippo.io/age/...@latest\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/FiloSottile/age/releases/tag/v1.1.0\"\u003ethe release notes for v1.1.0 for changes since v1.0.0\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eage v1.1.0: plugin and YubiKeys support\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eage is a simple, modern and secure file encryption tool, format, and Go library. It features small explicit keys, no config options, and UNIX-style composability. Learn more by reading the \u003ca href=\"https://github.com/FiloSottile/age/blob/main/README.md\"\u003eREADME\u003c/a\u003e, the \u003ca href=\"https://filippo.io/age/age.1\"\u003eage(1) man page\u003c/a\u003e, the \u003ca href=\"https://pkg.go.dev/filippo.io/age\"\u003eGo API reference\u003c/a\u003e, the \u003ca href=\"https://age-encryption.org/v1\"\u003eformat specification\u003c/a\u003e, or the \u003ca href=\"https://github.com/FiloSottile/age/compare/v1.0.0...v1.1.0\"\u003efull release changelog\u003c/a\u003e. Watch the repository or \u003ca href=\"https://abyssdomain.expert/@filippo\"\u003e\u003ccode\u003efollow @​filippo@abyssdomain.expert\u003c/code\u003e\u003c/a\u003e to be notified of new releases.\u003c/p\u003e\n\u003cp\u003e🛠️ FYI, age now has an extensive \u003ca href=\"https://c2sp.org/CCTV/age\"\u003etest suite\u003c/a\u003e which all age implementations are encouraged to adopt.\u003c/p\u003e\n\u003ch2\u003ePlugin support\u003c/h2\u003e\n\u003cp\u003eThe age CLI now supports plugins, such as \u003ca href=\"https://github.com/str4d/age-plugin-yubikey\"\u003eage-plugin-yubikey\u003c/a\u003e by \u003ca href=\"https://github.com/str4d\"\u003e\u003ccode\u003e@​str4d\u003c/code\u003e\u003c/a\u003e. To try it on macOS with Homebrew:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e$ brew upgrade age\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/482cf6fc9babd3ab06f6606762aac10447222201\"\u003e\u003ccode\u003e482cf6f\u003c/code\u003e\u003c/a\u003e plugin: restrict characters in plugin names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/cda3988cc76a139426281a1d812914b71435bd18\"\u003e\u003ccode\u003ecda3988\u003c/code\u003e\u003c/a\u003e all: fix staticcheck warnings (\u003ca href=\"https://redirect.github.com/FiloSottile/age/issues/589\"\u003e#589\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/176e245b3cb3ada322c21eef0bce166dc5a5e4c7\"\u003e\u003ccode\u003e176e245\u003c/code\u003e\u003c/a\u003e README: rotate Sigsum keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/faefdc3c81efa89fd41998b77c62234ca56be10b\"\u003e\u003ccode\u003efaefdc3\u003c/code\u003e\u003c/a\u003e README: document Sigsum proofs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/bbe6ce5eeb1bb70cfc705d0961c943f0dd637ffd\"\u003e\u003ccode\u003ebbe6ce5\u003c/code\u003e\u003c/a\u003e .github/workflows: update artifacts Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/1e1badabf74064ee800d19817a725f4803fa4e94\"\u003e\u003ccode\u003e1e1bada\u003c/code\u003e\u003c/a\u003e .github/workflows: go-version stable, not latest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/2293a9afef6984915cb28d2a7264b145604d61e9\"\u003e\u003ccode\u003e2293a9a\u003c/code\u003e\u003c/a\u003e .github/workflows: use latest Go for bootstrap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/01fe9cd84aa5380cd09b8761af919e5d0a1386ad\"\u003e\u003ccode\u003e01fe9cd\u003c/code\u003e\u003c/a\u003e README: add pkgx installation instructions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/bd0511b415355bf84a3861c77d47d9337ab367b1\"\u003e\u003ccode\u003ebd0511b\u003c/code\u003e\u003c/a\u003e cmd/age: detect output/input file reuse when possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/febaaded8756511fd12b7aea122e44be80c35862\"\u003e\u003ccode\u003efebaade\u003c/code\u003e\u003c/a\u003e cmd/age: create file for empty decryptions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FiloSottile/age/compare/v1.0.0-beta7...v1.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/golang-jwt/jwt/v4` from 4.0.0 to 4.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/golang-jwt/jwt/releases\"\u003egithub.com/golang-jwt/jwt/v4's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.5.2\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.5.1\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cp\u003eUnclear documentation of the error behavior in \u003ccode\u003eParseWithClaims\u003c/code\u003e in \u0026lt;= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by \u003ccode\u003eParseWithClaims\u003c/code\u003e return both error codes. If users only check for the \u003ccode\u003ejwt.ErrTokenExpired \u003c/code\u003e using \u003ccode\u003eerror.Is\u003c/code\u003e, they will ignore the embedded \u003ccode\u003ejwt.ErrTokenSignatureInvalid\u003c/code\u003e and thus potentially accept invalid tokens.\u003c/p\u003e\n\u003cp\u003eThis issue was documented in \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\u003c/a\u003e and fixed in this release.\u003c/p\u003e\n\u003cp\u003eNote: \u003ccode\u003ev5\u003c/code\u003e was not affected by this issue. So upgrading to this release version is also recommended.\u003c/p\u003e\n\u003ch1\u003eWhat's Changed\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBack-ported error-handling logic in \u003ccode\u003eParseWithClaims\u003c/code\u003e from \u003ccode\u003ev5\u003c/code\u003e branch. This fixes \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow strict base64 decoding by \u003ca href=\"https://github.com/AlexanderYastrebov\"\u003e\u003ccode\u003e@​AlexanderYastrebov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/259\"\u003egolang-jwt/jwt#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.4.3...v4.5.0\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.4.3...v4.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.4.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: link update for README.md for v4 by \u003ca href=\"https://github.com/krokite\"\u003e\u003ccode\u003e@​krokite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/217\"\u003egolang-jwt/jwt#217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement a BearerExtractor by \u003ca href=\"https://github.com/WhyNotHugo\"\u003e\u003ccode\u003e@​WhyNotHugo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/226\"\u003egolang-jwt/jwt#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump matrix to support latest go version (go1.19) by \u003ca href=\"https://github.com/mfridman\"\u003e\u003ccode\u003e@​mfridman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/231\"\u003egolang-jwt/jwt#231\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude \u003ca href=\"https://github.com/golang-jwt/jwe\"\u003ehttps://github.com/golang-jwt/jwe\u003c/a\u003e in README by \u003ca href=\"https://github.com/oxisto\"\u003e\u003ccode\u003e@​oxisto\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/229\"\u003egolang-jwt/jwt#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd doc comment to ParseWithClaims by \u003ca href=\"https://github.com/jkopczyn\"\u003e\u003ccode\u003e@​jkopczyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/232\"\u003egolang-jwt/jwt#232\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor: removed the unneeded if statement by \u003ca href=\"https://github.com/Krout0n\"\u003e\u003ccode\u003e@​Krout0n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/241\"\u003egolang-jwt/jwt#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNo pointer embedding in the example by \u003ca href=\"https://github.com/oxisto\"\u003e\u003ccode\u003e@​oxisto\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/255\"\u003egolang-jwt/jwt#255\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/krokite\"\u003e\u003ccode\u003e@​krokite\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/217\"\u003egolang-jwt/jwt#217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WhyNotHugo\"\u003e\u003ccode\u003e@​WhyNotHugo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/226\"\u003egolang-jwt/jwt#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jkopczyn\"\u003e\u003ccode\u003e@​jkopczyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/232\"\u003egolang-jwt/jwt#232\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krout0n\"\u003e\u003ccode\u003e@​Krout0n\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/241\"\u003egolang-jwt/jwt#241\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.4.2...v4.4.3\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.4.2...v4.4.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.4.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded MicahParks/keyfunc to extensions by \u003ca href=\"https://github.com/oxisto\"\u003e\u003ccode\u003e@​oxisto\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/194\"\u003egolang-jwt/jwt#194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link to v4 on pkg.go.dev page by \u003ca href=\"https://github.com/polRk\"\u003e\u003ccode\u003e@​polRk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/195\"\u003egolang-jwt/jwt#195\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md\"\u003egithub.com/golang-jwt/jwt/v4's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ccode\u003ejwt-go\u003c/code\u003e Version History\u003c/h1\u003e\n\u003cp\u003eThe following version history is kept for historic purposes. To retrieve the current changes of each version, please refer to the change-log of the specific release versions on \u003ca href=\"https://github.com/golang-jwt/jwt/releases\"\u003ehttps://github.com/golang-jwt/jwt/releases\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/2f0e9add62078527821828c76865661aa7718a84\"\u003e\u003ccode\u003e2f0e9ad\u003c/code\u003e\u003c/a\u003e Backporting 0951d18 to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c\"\u003e\u003ccode\u003e7b1c1c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/9358574a7a1a2c8d644f22b6e8de627ba85c58d0\"\u003e\u003ccode\u003e9358574\u003c/code\u003e\u003c/a\u003e Allow strict base64 decoding (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/2f0984a28be854685a0b59b71d597f10f2c49cff\"\u003e\u003ccode\u003e2f0984a\u003c/code\u003e\u003c/a\u003e Using \u003ccode\u003etparse\u003c/code\u003e for nicer CI test display (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/251\"\u003e#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/2101c1f4bc589dcef71b5f750191a8db07c82431\"\u003e\u003ccode\u003e2101c1f\u003c/code\u003e\u003c/a\u003e No pointer embedding in the example (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/35053d4e202c7cffd7ecc96ce2b247e2117f838e\"\u003e\u003ccode\u003e35053d4\u003c/code\u003e\u003c/a\u003e Removed unneeded if statement (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/241\"\u003e#241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/0c4e3879854669acd15ea435f2c8aada6c73810a\"\u003e\u003ccode\u003e0c4e387\u003c/code\u003e\u003c/a\u003e Add doc comment to ParseWithClaims (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/bfea432b1a9da383509086a2141c06dc103e82f9\"\u003e\u003ccode\u003ebfea432\u003c/code\u003e\u003c/a\u003e Include \u003ca href=\"https://github.com/golang-jwt/jwe\"\u003ehttps://github.com/golang-jwt/jwe\u003c/a\u003e in README (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/229\"\u003e#229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/d81acbf7f30f11e5ef65030008b876e46a3ca7d0\"\u003e\u003ccode\u003ed81acbf\u003c/code\u003e\u003c/a\u003e Bump matrix to support latest go version (go1.19) (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/231\"\u003e#231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/fdaf0eb0e0c1f33ca4bc05ce761d931fc236007f\"\u003e\u003ccode\u003efdaf0eb\u003c/code\u003e\u003c/a\u003e Implement a BearerExtractor (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.0.0...v4.5.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/hashicorp/go-slug` from 0.8.1 to 0.16.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hashicorp/go-slug/releases\"\u003egithub.com/hashicorp/go-slug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.16.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdjust destination path check by \u003ca href=\"https://github.com/NodyHub\"\u003e\u003ccode\u003e@​NodyHub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/76\"\u003ehashicorp/go-slug#76\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: This release may have issues when unpacking a tarball, we recommend using 0.16.4 or later.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hashicorp/go-slug/compare/v0.16.2...v0.16.3\"\u003ehttps://github.com/hashicorp/go-slug/compare/v0.16.2...v0.16.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.16.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CODEOWNERS file in .github/CODEOWNERS by \u003ca href=\"https://github.com/mukeshjc\"\u003e\u003ccode\u003e@​mukeshjc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/72\"\u003ehashicorp/go-slug#72\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate unused pack/unpack option \u003ccode\u003eAllowSymlinkTarget\u003c/code\u003e by \u003ca href=\"https://github.com/NodyHub\"\u003e\u003ccode\u003e@​NodyHub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/74\"\u003ehashicorp/go-slug#74\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mukeshjc\"\u003e\u003ccode\u003e@​mukeshjc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/72\"\u003ehashicorp/go-slug#72\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NodyHub\"\u003e\u003ccode\u003e@​NodyHub\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/74\"\u003ehashicorp/go-slug#74\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hashicorp/go-slug/compare/v0.16.1...v0.16.2\"\u003ehttps://github.com/hashicorp/go-slug/compare/v0.16.1...v0.16.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.16.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/68\"\u003e#68\u003c/a\u003e: Fix panic in \u003ccode\u003esourcebundle\u003c/code\u003e package when RegistryMeta and Packages aren't the same size.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hashicorp/go-slug/compare/v0.16.0...v0.16.1\"\u003ehttps://github.com/hashicorp/go-slug/compare/v0.16.0...v0.16.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.16.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/64\"\u003e#64\u003c/a\u003e: Remove the \u003ccode\u003e.Append(...)\u003c/code\u003e function from the \u003ccode\u003esourcebundle\u003c/code\u003e diagnostics API. Consumers should instead use the built-in golang \u003ccode\u003eappend()\u003c/code\u003e function. This ensures type-safety as you can't attempt to insert an invalid object into the diagnostics using the built-in function.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: this is technically a breaking change for consumers of the \u003ccode\u003esourcebundle\u003c/code\u003e package since it removes a method, but we had previously marked it as experimental in the v0.12.0 release and warned that its API is subject to change. The package continues to be experimental and may change further before stabilizing.\u003c/p\u003e\n\u003ch2\u003ev0.15.2\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003esourcebundle\u003c/code\u003e: Fixed a bug in the PackageMeta receiver method \u003ccode\u003eGetCommitMessage() string\u003c/code\u003e that caused it to return an empty string instead of the git commit message.  (\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/61\"\u003e#61\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003ev0.15.1\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/59\"\u003e#59\u003c/a\u003e: expose registry module version deprecation data in \u003ccode\u003esourcebundle\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003ev0.15.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/56/files\"\u003e#56\u003c/a\u003e: collect commit messages in package meta struct.\u003c/p\u003e\n\u003cp\u003eNote: this is technically a breaking change for consumers of the sourcebundle package since it removes a method, but we had previously marked it as experimental in the v0.12.0 release and warned that its API is subject to change. The package continues to be experimental and may change further before stabilizing.\u003c/p\u003e\n\u003ch2\u003ev0.14.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/55\"\u003e#55\u003c/a\u003e: revise the experimental \u003ccode\u003esourcebundle\u003c/code\u003e package fetcher and registry client interfaces to improve future extensibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: this is technically a breaking change for consumers of the \u003ccode\u003esourcebundle\u003c/code\u003e package, but we had previously marked it as experimental in the v0.12.0 release and warned that its API is subject to change. The package continues to be experimental and may change further before stabilizing.\u003c/p\u003e\n\u003ch2\u003ev0.13.4\u003c/h2\u003e\n\u003cp\u003eFixed a bug with default exclusion rules for .terraformignore which caused the \u003ccode\u003e.terraform/modules\u003c/code\u003e directory to be excluded\u003c/p\u003e\n\u003ch2\u003ev0.13.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/9a9315589124e21b01ffe8a7816f4f2bea7da8b4\"\u003e\u003ccode\u003e9a93155\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/76\"\u003e#76\u003c/a\u003e from hashicorp/nodyhub/adjust-path-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/fbb041690f076f8e983a0f5f0d7406545a41359a\"\u003e\u003ccode\u003efbb0416\u003c/code\u003e\u003c/a\u003e improve sanitization checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/53c172a3e00fc1ac280365255b56af57846abdb4\"\u003e\u003ccode\u003e53c172a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/74\"\u003e#74\u003c/a\u003e from hashicorp/nodyhub/depricate-option-allow-symlink-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/a6204cf5b83cac1430fb575f48423e3bd2e8a3ac\"\u003e\u003ccode\u003ea6204cf\u003c/code\u003e\u003c/a\u003e depricate unused pack/unpack option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/82d53eadfab53add56dd3fc6a2141d65579c20b6\"\u003e\u003ccode\u003e82d53ea\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/72\"\u003e#72\u003c/a\u003e from hashicorp/add-codeowners\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/1030616226cb2437f1780d11cebbdacb5c8f2ae0\"\u003e\u003ccode\u003e1030616\u003c/code\u003e\u003c/a\u003e Add CODEOWNERS file in .github/CODEOWNERS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/6004eb1bc5144a120f3e780aeb63e1582b9b72d7\"\u003e\u003ccode\u003e6004eb1\u003c/code\u003e\u003c/a\u003e Pin action refs to latest trusted by TSCCR (\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/69\"\u003e#69\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/82b71b9ba81f90d84bb8bff8a2f6b6cda5bd46ad\"\u003e\u003ccode\u003e82b71b9\u003c/code\u003e\u003c/a\u003e sourcebundle: Fix panic when RegistryMeta and Packages aren't the same size (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/bb15d99c98c0941f30301a31ca39673a1f5bada0\"\u003e\u003ccode\u003ebb15d99\u003c/code\u003e\u003c/a\u003e Pin action refs to latest trusted by TSCCR (\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/66\"\u003e#66\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/18b3ddeef74292c53b2cc237a16a243ca2fc544d\"\u003e\u003ccode\u003e18b3dde\u003c/code\u003e\u003c/a\u003e sourcebundle: remove the option to append anything into a diagnostic that wil...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hashicorp/go-slug/compare/v0.8.1...v0.16.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.0.0-20220127200216-cd36cc0744dd to 0.21.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/commits/v0.21.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.0.0-20211104180415-d3ed0bb246c8 to 0.27.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/oauth2/commits/v0.27.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.3.7 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/9c2f3a21352d1ff4e47776534e3f334b39ec0183\"\u003e\u003ccode\u003e9c2f3a2\u003c/code\u003e\u003c/a\u003e cmd/gotext: fix segfault in extract \u0026amp; rewrite commands\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/59e1219a5f3786e7011dc4816d0dbb09fee91bc8\"\u003e\u003ccode\u003e59e1219\u003c/code\u003e\u003c/a\u003e message: optimize lookupAndFormat function for better performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/a20a3e249605cda389f7039e0fccaabf709c47b3\"\u003e\u003ccode\u003ea20a3e2\u003c/code\u003e\u003c/a\u003e x/text: update x/tools for go/ssa range-over-func fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/8d533a0c40adec778a7d09ac6c8aa640d3c883f4\"\u003e\u003ccode\u003e8d533a0\u003c/code\u003e\u003c/a\u003e encoding/charmap: update UCM spec file URL prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/6c97a165dd661335ff7bce6104a008558123c353\"\u003e\u003ccode\u003e6c97a16\u003c/code\u003e\u003c/a\u003e all: update go directive to 1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f488e191e67ed95a5b9b7b39024e5a5f5f1ffd02\"\u003e\u003ccode\u003ef488e19\u003c/code\u003e\u003c/a\u003e unicode/norm: fix function name on comment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/fb697c0580b4b6ab0a21ca17e64788b981fb6018\"\u003e\u003ccode\u003efb697c0\u003c/code\u003e\u003c/a\u003e cmd/gotext: actually use -dir flag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f3e69ed4a8ab60c16ae76f4ddb08f2726b0a9428\"\u003e\u003ccode\u003ef3e69ed\u003c/code\u003e\u003c/a\u003e cmd/gotext: fix misbehaviors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/ab07ad1b65bc4cdc738e747f7569a3795d2e60ec\"\u003e\u003ccode\u003eab07ad1\u003c/code\u003e\u003c/a\u003e all: remove repetitive words\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e50348080f29449bcd6808c11400b3d45f08b09d\"\u003e\u003ccode\u003ee503480\u003c/code\u003e\u003c/a\u003e encoding/japanese, language: shorten very long sub-test names\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/text/compare/v0.3.7...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/protobuf` from 1.27.1 to 1.33.0\n\nUpdates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker` from 20.10.12+incompatible to 28.0.0+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/docker/releases\"\u003egithub.com/docker/docker's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev28.0.0\u003c/h2\u003e\n\u003ch1\u003e28.0.0\u003c/h1\u003e\n\u003cp\u003eFor a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.0.0\"\u003edocker/cli, 28.0.0 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.0.0\"\u003emoby/moby, 28.0.0 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecated and removed features, see \u003ca href=\"https://github.com/docker/cli/blob/v28.0.0/docs/deprecated.md\"\u003eDeprecated Features\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eChanges to the Engine API, see \u003ca href=\"https://github.com/moby/moby/blob/v28.0.0/docs/api/version-history.md\"\u003eAPI version history\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ability to mount an image inside a container via \u003ccode\u003e--mount type=image\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48798\"\u003emoby/moby#48798\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eYou can also specify \u003ccode\u003e--mount type=image,image-subpath=[subpath],...\u003c/code\u003e option to mount a specific path from the image. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5755\"\u003edocker/cli#5755\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker images --tree\u003c/code\u003e now shows metadata badges. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5744\"\u003edocker/cli#5744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker load\u003c/code\u003e, \u003ccode\u003edocker save\u003c/code\u003e, and \u003ccode\u003edocker history\u003c/code\u003e now support a \u003ccode\u003e--platform\u003c/code\u003e flag allowing you to choose a specific platform for single-platform operations on multi-platform images. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5331\"\u003edocker/cli#5331\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eOOMScoreAdj\u003c/code\u003e to \u003ccode\u003edocker service create\u003c/code\u003e and \u003ccode\u003edocker stack\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5145\"\u003edocker/cli#5145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker buildx prune\u003c/code\u003e now supports \u003ccode\u003ereserved-space\u003c/code\u003e, \u003ccode\u003emax-used-space\u003c/code\u003e, \u003ccode\u003emin-free-space\u003c/code\u003e and \u003ccode\u003ekeep-bytes\u003c/code\u003e filters. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48720\"\u003emoby/moby#48720\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWindows: Add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47955\"\u003emoby/moby#47955\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNetworking\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edocker-proxy\u003c/code\u003e binary has been updated, older versions will not work with the updated \u003ccode\u003edockerd\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48132\"\u003emoby/moby#48132\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eClose a window in which the userland proxy (\u003ccode\u003edocker-proxy\u003c/code\u003e) could accept TCP connections, that would then fail after \u003ccode\u003eiptables\u003c/code\u003e NAT rules were set up.\u003c/li\u003e\n\u003cli\u003eThe executable \u003ccode\u003erootlesskit-docker-proxy\u003c/code\u003e is no longer used, it has been removed from the build and distribution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDNS nameservers read from the host's \u003ccode\u003e/etc/resolv.conf\u003c/code\u003e are now always accessed from the host's network namespace. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48290\"\u003emoby/moby#48290\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eWhen the host's \u003ccode\u003e/etc/resolv.conf\u003c/code\u003e contains no nameservers and there are no \u003ccode\u003e--dns\u003c/code\u003e overrides, Google's DNS servers are no longer used, apart from by the default bridge network and in build containers.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eContainer interfaces in bridge and macvlan networks now use randomly generated MAC addresses. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48808\"\u003emoby/moby#48808\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eGratuitous ARP / Neighbour Advertisement messages will be sent when the interfaces are started so that, when IP addresses are reused, they're associated with the newly generated MAC address.\u003c/li\u003e\n\u003cli\u003eIPv6 addresses in the default bridge network are now IPAM-assigned, rather than being derived from the MAC address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eThe deprecated OCI \u003ccode\u003eprestart\u003c/code\u003e hook is now only used by build containers. For other containers, network interfaces are added to the network namespace after task creation is complete, before the container task is started. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47406\"\u003emoby/moby#47406\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a new \u003ccode\u003egw-priority\u003c/code\u003e option to \u003ccode\u003edocker run\u003c/code\u003e, \u003ccode\u003edocker container create\u003c/code\u003e, and \u003ccode\u003edocker network connect\u003c/code\u003e. This option will be used by the Engine to determine which network provides the default gateway for a container. On \u003ccode\u003edocker run\u003c/code\u003e, this option is only available through the extended \u003ccode\u003e--network\u003c/code\u003e syntax. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5664\"\u003edocker/cli#5664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a new netlabel \u003ccode\u003ecom.docker.network.endpoint.ifname\u003c/code\u003e to customize the interface name used when connecting a container to a network. It's supported by all built-in network drivers on Linux. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49155\"\u003emoby/moby#49155\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eWhen a container is created with multiple networks specified, there's no guarantee on the order networks will be connected to the container. So, if a custom interface name uses the same prefix as the auto-generated names, for example \u003ccode\u003eeth\u003c/code\u003e, the container might fail to start.\u003c/li\u003e\n\u003cli\u003eThe recommended practice is to use a different prefix, for example \u003ccode\u003een0\u003c/code\u003e, or a numerical suffix high enough to never collide, for example \u003ccode\u003eeth100\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThis label can be specified on \u003ccode\u003edocker network connect\u003c/code\u003e via the \u003ccode\u003e--driver-opt\u003c/code\u003e flag, for example \u003ccode\u003edocker network connect --driver-opt=com.docker.network.endpoint.ifname=foobar …\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eOr via the long-form \u003ccode\u003e--network\u003c/code\u003e flag on \u003ccode\u003edocker run\u003c/code\u003e, for example \u003ccode\u003edocker run --network=name=bridge,driver-opt=com.docker.network.endpoint.ifname=foobar …\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eIf a custom network driver reports capability \u003ccode\u003eGwAllocChecker\u003c/code\u003e then, before a network is created, it will get a \u003ccode\u003eGwAllocCheckerRequest\u003c/code\u003e with the network's options. The custom driver may then reply that no gateway IP address should be allocated. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49372\"\u003emoby/moby#49372\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePort publishing in bridge networks\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003edockerd\u003c/code\u003e now requires \u003ccode\u003eipset\u003c/code\u003e support in the Linux kernel. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48596\"\u003emoby/moby#48596\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eiptables\u003c/code\u003e and \u003ccode\u003eip6tables\u003c/code\u003e rules used to implement port publishing and network isolation have been extensively modified. This enables some of the following functional changes, and is a first step in refactoring to enable native \u003ccode\u003enftables\u003c/code\u003e support in a future release. \u003ca href=\"https://redirect.github.com/moby/moby/issues/48815\"\u003emoby/moby#48815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf it becomes necessary to downgrade to an earlier version of the daemon, some manual cleanup of the new rules will be necessary. The simplest and surest approach is to reboot the host, or use \u003ccode\u003eiptables -F\u003c/code\u003e and \u003ccode\u003eip6tables -F\u003c/code\u003e to flush all existing \u003ccode\u003eiptables\u003c/code\u003e rules from the \u003ccode\u003efilter\u003c/code\u003e table before starting the older version of the daemon. When that is not possible, run the following commands as root:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eiptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eiptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -j DOCKER; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -j DOCKER\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eIf you were previously running with the iptables filter-FORWARD policy set to \u003ccode\u003eACCEPT\u003c/code\u003e and need to restore access to unpublished ports, also delete per-bridge-network rules from the \u003ccode\u003eDOCKER\u003c/code\u003e chains. For example, \u003ccode\u003eiptables -D DOCKER ! -i docker0 -o docker0 -j DROP\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix a security issue that was allowing remote hosts to connect directly to a container on its published ports. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49325\"\u003emoby/moby#49325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a security issue that was allowing neighbor hosts to connect to ports mapped on a loopback address. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49325\"\u003emoby/moby#49325\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/af898abe44662d9554fb15ee4d4a7307f1b8e315\"\u003e\u003ccode\u003eaf898ab\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49495\"\u003e#49495\u003c/a\u003e from vvoland/update-buildkit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/d67f035d31bab71be3ae7dcaacba41f5a98aad11\"\u003e\u003ccode\u003ed67f035\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/buildkit v0.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/00ab386b5a2ebcf85b6a03b800f593c3a140c6a8\"\u003e\u003ccode\u003e00ab386\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49491\"\u003e#49491\u003c/a\u003e from vvoland/update-buildkit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/1fde8c46159cb41f584c01551f83cc21ecf924d9\"\u003e\u003ccode\u003e1fde8c4\u003c/code\u003e\u003c/a\u003e builder-next: fix cdi manager\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/cde9f0752e9c9f63b459e0247ff7df0b35488af3\"\u003e\u003ccode\u003ecde9f07\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/buildkit v0.20.0-rc3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/89e1429b65f194b25fe2e31088a4c4e69a651a47\"\u003e\u003ccode\u003e89e1429\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49490\"\u003e#49490\u003c/a\u003e from thaJeztah/dockerfile_linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/b2b55903d0bb54e11bfe22204c1e0b73627943eb\"\u003e\u003ccode\u003eb2b5590\u003c/code\u003e\u003c/a\u003e Dockerfile: fix linting warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/62bc5979908f152a8929ce44927cbdd929bf53ea\"\u003e\u003ccode\u003e62bc597\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49480\"\u003e#49480\u003c/a\u003e from thaJeztah/docs_api_1.48\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/670cd81423932b3e9103f0893c5d5e63a079ae58\"\u003e\u003ccode\u003e670cd81\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49485\"\u003e#49485\u003c/a\u003e from vvoland/c8d-list-panic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/a3628f3f8e806ede250e2c95f6757070c9fb56e4\"\u003e\u003ccode\u003ea3628f3\u003c/code\u003e\u003c/a\u003e docs/api: add documentation for API v1.48\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker/compare/v20.10.12...v28.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/hashicorp/go-retryablehttp` from 0.7.1 to 0.7.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md\"\u003egithub.com/hashicorp/go-retryablehttp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.7.7 (May 30, 2024)\u003c/h2\u003e\n\u003cp\u003eBUG FIXES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: avoid potentially leaking URL-embedded basic authentication credentials in logs (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.7.6 (May 9, 2024)\u003c/h2\u003e\n\u003cp\u003eENHANCEMENTS:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: support a \u003ccode\u003eRetryPrepare\u003c/code\u003e function for modifying the request before retrying (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: support HTTP-date values for \u003ccode\u003eRetry-After\u003c/code\u003e header value (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: avoid reading entire body when the body is a \u003ccode\u003e*bytes.Reader\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/197\"\u003e#197\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBUG FIXES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: fix a broken check for invalid server certificate in go 1.20+ (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/210\"\u003e#210\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.7.5 (Nov 8, 2023)\u003c/h2\u003e\n\u003cp\u003eBUG FIXES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: fixes an issue where the request body is not preserved on temporary redirects or re-established HTTP/2 connections (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/207\"\u003e#207\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.7.4 (Jun 6, 2023)\u003c/h2\u003e\n\u003cp\u003eBUG FIXES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: fixing an issue where the Content-Type header wouldn't be sent with an empty payload when using HTTP/2 (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/194\"\u003e#194\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.7.3 (May 15, 2023)\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/1542b31176d3973a6ecbc06c05a2d0df89b59afb\"\u003e\u003ccode\u003e1542b31\u003c/code\u003e\u003c/a\u003e v0.7.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/defb9f441dcf67a2a56fae733482836ea83349ac\"\u003e\u003ccode\u003edefb9f4\u003c/code\u003e\u003c/a\u003e v0.7.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a\"\u003e\u003ccode\u003ea99f07b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/158\"\u003e#158\u003c/a\u003e from dany74q/danny/redacted-url-in-logs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/8a28c574da4098c0612fe1c7135f1f6de113d411\"\u003e\u003ccode\u003e8a28c57\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into danny/redacted-url-in-logs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/86e852df43aa0d94150c4629d74e5116d1ff3348\"\u003e\u003ccode\u003e86e852d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/227\"\u003e#227\u003c/a\u003e from hashicorp/dependabot/github_actions/actions/chec...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/47fe99e6460cddc5f433aad2b54dcf32281f8a53\"\u003e\u003ccode\u003e47fe99e\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.5 to 4.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/490fc06be0931548d3523a4245d15e9dc5d9214d\"\u003e\u003ccode\u003e490fc06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/226\"\u003e#226\u003c/a\u003e from testwill/ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/f3e9417dbfcd0dc2b4a02a1dfdeb75f1e636b692\"\u003e\u003ccode\u003ef3e9417\u003c/code\u003e\u003c/a\u003e chore: remove refs to deprecated io/ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/d969eaa9c97860482749df718a35b4a269361055\"\u003e\u003ccode\u003ed969eaa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/225\"\u003e#225\u003c/a\u003e from hashicorp/manicminer-patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/2ad8ed4a1d9e632284f6937e91b2f9a1d30e8298\"\u003e\u003ccode\u003e2ad8ed4\u003c/code\u003e\u003c/a\u003e v0.7.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hashicorp/go-retryablehttp/compare/v0.7.1...v0.7.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/prometheus/client_golang` from 1.11.0 to 1.11.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/releases\"\u003egithub.com/prometheus/client_golang's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.11.1 / 2022-02-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[SECURITY FIX] promhttp: Check validity of method and code label values \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/987\"\u003eprometheus/client_golang#987\u003c/a\u003e (Addressed \u003ca href=\"https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p\"\u003e\u003ccode\u003eCVE-2022-21698\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epromhttp: Check validity of method and code label values by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/kakkoyun\"\u003e\u003ccode\u003e@​kakkoyun\u003c/code\u003e\u003c/a\u003e in  \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/987\"\u003eprometheus/client_golang#987\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1\"\u003ehttps://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md\"\u003egithub.com/prometheus/client_golang's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch2\u003e1.23.0 / 2025-07-30\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1812\"\u003e#1812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1766\"\u003e#1766\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add exemplars for native histograms \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1686\"\u003e#1686\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] exp/api: Bubble up status code from writeResponse \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1823\"\u003e#1823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1833\"\u003e#1833\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] exp/api: client prompt return on context cancellation \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1729\"\u003e#1729\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.22.0 / 2025-04-07\u003c/h2\u003e\n\u003cp\u003e:warning: This release contains potential breaking change if you use experimental \u003ccode\u003ezstd\u003c/code\u003e support introduce in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1496\"\u003e#1496\u003c/a\u003e :warning:\u003c/p\u003e\n\u003cp\u003eExperimental support for \u003ccode\u003ezstd\u003c/code\u003e on scrape was added, controlled by the request \u003ccode\u003eAccept-Encoding\u003c/code\u003e header.\nIt was enabled by default since version 1.20, but now you need to add a blank import to enable it.\nThe decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon,\n\u003ca href=\"https://redirect.github.com/golang/go/issues/62513\"\u003egolang/go#62513\u003c/a\u003e however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.\u003c/p\u003e\n\u003cp\u003ee.g.:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003eimport (\n  _ \u0026quot;github.com/prometheus/client_golang/prometheus/promhttp/zstd\u0026quot;\n)\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003e[FEATURE] prometheus: Add new CollectorFunc utility \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1724\"\u003e#1724\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1738\"\u003e#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] api: \u003ccode\u003eWithLookbackDelta\u003c/code\u003e and \u003ccode\u003eWithStats\u003c/code\u003e options have been added to API client. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1743\"\u003e#1743\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] :warning: promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1765\"\u003e#1765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.1 / 2025-03-04\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] prometheus: Revert of \u003ccode\u003eInc\u003c/code\u003e, \u003ccode\u003eAdd\u003c/code\u003e and \u003ccode\u003eObserve\u003c/code\u003e cumulative metric CAS optimizations (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1661\"\u003e#1661\u003c/a\u003e), causing regressions on low contention cases.\u003c/li\u003e\n\u003cli\u003e[BUGFIX] prometheus: Fix GOOS=ios build, broken due to process_collector_* wrong build tags.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.0 / 2025-02-17\u003c/h2\u003e\n\u003cp\u003e:warning: This release contains potential breaking change if you upgrade \u003ccode\u003egithub.com/prometheus/common\u003c/code\u003e to 0.62+ together with client_golang. :warning:\u003c/p\u003e\n\u003cp\u003eNew common version \u003ca href=\"https://redirect.github.com/prometheus/common/pull/724\"\u003echanges \u003ccode\u003emodel.NameValidationScheme\u003c/code\u003e global variable\u003c/a\u003e, which relaxes the validation of label names and metric name, allowing all UTF-8 characters. Typically, this should not break any user, unless your test or usage expects strict certain names to panic/fail on client_golang metric registration, gathering or scrape. In case of problems change \u003ccode\u003emodel.NameValidationScheme\u003c/code\u003e to old \u003ccode\u003emodel.LegacyValidation\u003c/code\u003e value in your project \u003ccode\u003einit\u003c/code\u003e function.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] gocollector: Fix help message for runtime/metric metrics. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1583\"\u003e#1583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] prometheus: Fix \u003ccode\u003eDesc.String()\u003c/code\u003e method for no labels case. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1687\"\u003e#1687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] prometheus: Optimize popular \u003ccode\u003eprometheus.BuildFQName\u003c/code\u003e function; now up to 30% faster. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1665\"\u003e#1665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] prometheus: Optimize \u003ccode\u003eInc\u003c/code\u003e, \u003ccode\u003eAdd\u003c/code\u003e and \u003ccode\u003eObserve\u003c/code\u003e cumulative metrics; now up to 50% faster under high concurrent contention. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Upgrade prometheus/common to 0.62.0 which changes \u003ccode\u003emodel.NameValidationScheme\u003c/code\u003e global variable. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1712\"\u003e#1712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Add support for Go 1.23. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1602\"\u003e#1602\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/989baa30fe956631907493ccee1f8e7708660d96\"\u003e\u003ccode\u003e989baa3\u003c/code\u003e\u003c/a\u003e promhttp: Check validity of method and code label values (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/962\"\u003e#962\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/987\"\u003e#987\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.0.0-20211117183948-ae814b36b871 to 0.24.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/commits/v0.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/spring-financial-group/helmfile/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/spring-financial-group/helmfile/pull/33","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/spring-financial-group%2Fhelmfile/issues/33","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/33/packages"},{"uuid":"2730838209","node_id":"PR_kwDOFO1xFM6ixUjB","number":229,"state":"closed","title":"Bump the go_modules group with 4 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-09-05T17:52:23.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-08-08T13:47:13.000Z","updated_at":"2025-09-05T17:52:23.000Z","time_to_close":2433910,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":4,"packages":[{"name":"golang.org/x/net","old_version":"0.34.0","new_version":"0.38.0","repository_url":"https://github.com/golang/net"},{"name":"github.com/cloudflare/circl","old_version":"1.3.7","new_version":"1.6.1","repository_url":"https://github.com/cloudflare/circl"},{"name":"github.com/docker/distribution","old_version":"2.8.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"golang.org/x/oauth2","old_version":"0.25.0","new_version":"0.27.0","repository_url":"https://github.com/golang/oauth2"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 4 updates: [golang.org/x/net](https://github.com/golang/net), [github.com/cloudflare/circl](https://github.com/cloudflare/circl), [github.com/docker/distribution](https://github.com/docker/distribution) and [golang.org/x/oauth2](https://github.com/golang/oauth2).\n\nUpdates `golang.org/x/net` from 0.34.0 to 0.38.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9\"\u003e\u003ccode\u003ee1fcd82\u003c/code\u003e\u003c/a\u003e html: properly handle trailing solidus in unquoted attribute value in foreign...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ebed060e8f30f20235f74808c22125fd86b15edd\"\u003e\u003ccode\u003eebed060\u003c/code\u003e\u003c/a\u003e internal/http3: fix build of tests with GOEXPERIMENT=nosynctest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/1f1fa29e0a46fffe18c43a9da8daa5a0b180dfa9\"\u003e\u003ccode\u003e1f1fa29\u003c/code\u003e\u003c/a\u003e publicsuffix: regenerate table\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/12150816f701c912a32a376754ab28dd3878833a\"\u003e\u003ccode\u003e1215081\u003c/code\u003e\u003c/a\u003e http2: improve error when server sends HTTP/1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/312450e473eae9f9e6173ad895c80bc5ea2f79ad\"\u003e\u003ccode\u003e312450e\u003c/code\u003e\u003c/a\u003e html: ensure \u0026lt;search\u0026gt; tag closes \u0026lt;p\u0026gt; and update tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/09731f9bf919b00b344c763894cd1920b3d96d90\"\u003e\u003ccode\u003e09731f9\u003c/code\u003e\u003c/a\u003e http2: improve handling of lost PING in Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/55989e24b972a90ab99308fdc7ea1fb58a96fef1\"\u003e\u003ccode\u003e55989e2\u003c/code\u003e\u003c/a\u003e http2/h2c: use ResponseController for hijacking connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/2914f46773171f4fa13e276df1135bafef677801\"\u003e\u003ccode\u003e2914f46\u003c/code\u003e\u003c/a\u003e websocket: re-recommend gorilla/websocket\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/99b3ae0643f9a2f9d820fcbba5f9e4c83b23bd48\"\u003e\u003ccode\u003e99b3ae0\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/85d1d54551b68719346cb9fec24b911da4e452a1\"\u003e\u003ccode\u003e85d1d54\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.34.0...v0.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cloudflare/circl` from 1.3.7 to 1.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cloudflare/circl/releases\"\u003egithub.com/cloudflare/circl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCIRCL v1.6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixes some point checks on the FourQ curve.\u003c/li\u003e\n\u003cli\u003eHybrid KEM fails on low-order points.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ekem/hybrid: ensure X25519 hybrids fails with low order points by \u003ca href=\"https://github.com/Lekensteyn\"\u003e\u003ccode\u003e@​Lekensteyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/541\"\u003ecloudflare/circl#541\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e.github: Use native ARM64 builders instead of QEMU by \u003ca href=\"https://github.com/Lekensteyn\"\u003e\u003ccode\u003e@​Lekensteyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/542\"\u003ecloudflare/circl#542\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes several errors on twisted Edwards curves. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/545\"\u003ecloudflare/circl#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease v1.6.1 by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/546\"\u003ecloudflare/circl#546\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\"\u003ehttps://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eCIRCL v1.6.0\u003c/h2\u003e\n\u003ch3\u003eNew!\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/blob/main/vdaf/prio3\"\u003ePrio3\u003c/a\u003e Verifiable Distributed Aggregation Function (\u003ca href=\"https://datatracker.ietf.org/doc/draft-irtf-cfrg-vdaf/\"\u003edraft-irtf-cfrg-vdaf\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/blob/main/kem/xwing\"\u003eX-Wing\u003c/a\u003e: general-purpose hybrid post-quantum KEM (\u003ca href=\"https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/\"\u003edraft-connolly-cfrg-xwing-kem\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd OIDs to ML-DSA by \u003ca href=\"https://github.com/bwesterb\"\u003e\u003ccode\u003e@​bwesterb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/519\"\u003ecloudflare/circl#519\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdds Prio3 a set of verifiable distributed aggregation functions. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/522\"\u003ecloudflare/circl#522\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRun semgrep cronjob only in upstream repository. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/526\"\u003ecloudflare/circl#526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eX-Wing PQ/T hybrid by \u003ca href=\"https://github.com/bwesterb\"\u003e\u003ccode\u003e@​bwesterb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/471\"\u003ecloudflare/circl#471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eckem: move crypto/elliptic to crypto/ecdh by \u003ca href=\"https://github.com/MingLLuo\"\u003e\u003ccode\u003e@​MingLLuo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/529\"\u003ecloudflare/circl#529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ehpke: Update HPKE code to use ecdh stdlib package. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/530\"\u003ecloudflare/circl#530\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprio3: Adds polynomial multiplication using NTT by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/532\"\u003ecloudflare/circl#532\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Prio3 in readme. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/527\"\u003ecloudflare/circl#527\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MingLLuo\"\u003e\u003ccode\u003e@​MingLLuo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/529\"\u003ecloudflare/circl#529\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.5.0...v1.6.0\"\u003ehttps://github.com/cloudflare/circl/compare/v1.5.0...v1.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch1\u003eCIRCL v1.5.0\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNew:\u003c/strong\u003e ML-DSA, Module-Lattice-based Digital Signature Algorithm.\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ekem: add X25519MLKEM768 TLS hybrid KEM by \u003ca href=\"https://github.com/bwesterb\"\u003e\u003ccode\u003e@​bwesterb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/510\"\u003ecloudflare/circl#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCreate semgrep.yml by \u003ca href=\"https://github.com/hrushikeshdeshpande\"\u003e\u003ccode\u003e@​hrushikeshdeshpande\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/514\"\u003ecloudflare/circl#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erepo: Some fixes reported by CodeQL by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/515\"\u003ecloudflare/circl#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd ML-DSA (FIPS204) by \u003ca href=\"https://github.com/bwesterb\"\u003e\u003ccode\u003e@​bwesterb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/480\"\u003ecloudflare/circl#480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esign/mldsa: Add test for ML-DSA signature verification. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/517\"\u003ecloudflare/circl#517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease v1.5.0 by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/518\"\u003ecloudflare/circl#518\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hrushikeshdeshpande\"\u003e\u003ccode\u003e@​hrushikeshdeshpande\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/514\"\u003ecloudflare/circl#514\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.4.0...v1.5.0\"\u003ehttps://github.com/cloudflare/circl/compare/v1.4.0...v1.5.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/c6d33e35234ebf5c4319d12ae7d77d7d17053e56\"\u003e\u003ccode\u003ec6d33e3\u003c/code\u003e\u003c/a\u003e Release v1.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/0c3868ef6fc8ce864bc4104863186afdd2947f14\"\u003e\u003ccode\u003e0c3868e\u003c/code\u003e\u003c/a\u003e curve4q: Shared must fail with low order points.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/9fd570dd508eef941d3f42fb94413a899b96d52e\"\u003e\u003ccode\u003e9fd570d\u003c/code\u003e\u003c/a\u003e curve4q: Test showing DH does not fails on identity point.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/c988ceba827fe09896e770c152646dded447903d\"\u003e\u003ccode\u003ec988ceb\u003c/code\u003e\u003c/a\u003e fourq: Correctly unmarshalling point.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/ef2611dcde7f6d25e31082412bbb30f2a870d133\"\u003e\u003ccode\u003eef2611d\u003c/code\u003e\u003c/a\u003e fourq: Test showing point unmarshal fails.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/05eba44d1a35f979c5f3ac914bcc50c1122e8ced\"\u003e\u003ccode\u003e05eba44\u003c/code\u003e\u003c/a\u003e fourq: Handle the case of Z=0 for IsOnCurve and IsEqual.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/eef08780cc3cb9befa20014e65f731391103be6b\"\u003e\u003ccode\u003eeef0878\u003c/code\u003e\u003c/a\u003e fourq: Test showing isEqual and IsOnCurve fail.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/2298474ef688938e4a81ca14990b9a11a8677e2a\"\u003e\u003ccode\u003e2298474\u003c/code\u003e\u003c/a\u003e goldilocks; Handling points with z=0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/5a940a111507232035d0b753fbf3068c52d6b8ac\"\u003e\u003ccode\u003e5a940a1\u003c/code\u003e\u003c/a\u003e goldilocks: Test for IsEqual must fail with Z=0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/48c3b6a2746a18db4d8b675ab296980514359340\"\u003e\u003ccode\u003e48c3b6a\u003c/code\u003e\u003c/a\u003e ed25519: Fix isEqual to handle points with Z=0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.3.7...v1.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/distribution` from 2.8.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.25.0 to 0.27.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/681b4d8edca1bcfea5bce685d77ea7b82ed3e7b3\"\u003e\u003ccode\u003e681b4d8\u003c/code\u003e\u003c/a\u003e jws: split token into fixed number of parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/3f78298beea38fb76a3fbca33e3056f4b7eb5502\"\u003e\u003ccode\u003e3f78298\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.23.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/109dabf9017129171d1807e485ca5633ecd095ac\"\u003e\u003ccode\u003e109dabf\u003c/code\u003e\u003c/a\u003e endpoints: add links/provider for Discord\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/ac571fa341c2a2b979d2b2c8341fd24767ef5d47\"\u003e\u003ccode\u003eac571fa\u003c/code\u003e\u003c/a\u003e oauth2: fix docs for Config.DeviceAuth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/314ee5b92bf23c4973aa8e61eba3ff458e80eef2\"\u003e\u003ccode\u003e314ee5b\u003c/code\u003e\u003c/a\u003e endpoints: add patreon endpoint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/b9c813be7d0ec3262d46deb8677ba5cda93d95ec\"\u003e\u003ccode\u003eb9c813b\u003c/code\u003e\u003c/a\u003e google: add warning about externally-provided credentials\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/oauth2/compare/v0.25.0...v0.27.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nullstone-io/nullstone/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/nullstone-io/nullstone/pull/229","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/nullstone-io%2Fnullstone/issues/229","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/229/packages"},{"uuid":"2730593256","node_id":"PR_kwDOHp13GM6iwYvo","number":56,"state":"open","title":"Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible in the go_modules group","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-08T12:17:05.000Z","updated_at":"2025-08-08T12:17:06.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/docker/distribution","old_version":"2.8.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"}],"path":"the go_modules group","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update: [github.com/docker/distribution](https://github.com/docker/distribution).\n\nUpdates `github.com/docker/distribution` from 2.8.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution\u0026package-manager=go_modules\u0026previous-version=2.8.1+incompatible\u0026new-version=2.8.2+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nullstone-io/deployment-sdk/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/nullstone-io/deployment-sdk/pull/56","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/nullstone-io%2Fdeployment-sdk/issues/56","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/56/packages"},{"uuid":"2708253080","node_id":"PR_kwDOONfVbM6hbKmY","number":3,"state":"open","title":"Bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.2+incompatible","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-07-30T20:02:02.000Z","updated_at":"2025-07-30T20:02:02.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.7.1+incompatible to 2.8.2+incompatible.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution\u0026package-manager=go_modules\u0026previous-version=2.7.1+incompatible\u0026new-version=2.8.2+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AKJUS/loki/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/AKJUS/loki/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Floki/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"2705210615","node_id":"PR_kwDODlrT586hPjz3","number":2,"state":"open","title":"Bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.2+incompatible in /remediation-service","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-07-29T20:13:37.000Z","updated_at":"2025-07-29T20:13:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"}],"path":"/remediation-service","ecosystem":"go"},"body":"Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.7.1+incompatible to 2.8.2+incompatible.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution\u0026package-manager=go_modules\u0026previous-version=2.7.1+incompatible\u0026new-version=2.8.2+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/SVilgelm/keptn/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/SVilgelm/keptn/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SVilgelm%2Fkeptn/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"2705210247","node_id":"PR_kwDOH4HH986hPjuH","number":1,"state":"open","title":"build(deps): bump the go_modules group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-07-29T20:13:28.000Z","updated_at":"2025-07-29T20:13:29.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go_modules","update_count":6,"packages":[{"name":"github.com/vektah/gqlparser/v2","old_version":"2.4.6","new_version":"2.5.15","repository_url":"https://github.com/vektah/gqlparser"},{"name":"google.golang.org/grpc","old_version":"1.48.0","new_version":"1.56.3","repository_url":"https://github.com/grpc/grpc-go"},{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/docker/docker","old_version":"20.10.17+incompatible","new_version":"26.1.5+incompatible","repository_url":"https://github.com/docker/docker"},{"name":"golang.org/x/text","old_version":"0.3.7","new_version":"0.9.0"},{"name":"google.golang.org/protobuf","old_version":"1.28.1","new_version":"1.30.0"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 4 updates in the / directory: [github.com/vektah/gqlparser/v2](https://github.com/vektah/gqlparser), [google.golang.org/grpc](https://github.com/grpc/grpc-go), [github.com/docker/distribution](https://github.com/docker/distribution) and [github.com/docker/docker](https://github.com/docker/docker).\n\nUpdates `github.com/vektah/gqlparser/v2` from 2.4.6 to 2.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vektah/gqlparser/releases\"\u003egithub.com/vektah/gqlparser/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.5.15\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert ParseSchema default token limit of 1500, add ParseSchemaWithLimit, ParseSchemasWithLimit by \u003ca href=\"https://github.com/StevenACoffman\"\u003e\u003ccode\u003e@​StevenACoffman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/306\"\u003evektah/gqlparser#306\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/vektah/gqlparser/compare/v2.5.14...v2.5.15\"\u003ehttps://github.com/vektah/gqlparser/compare/v2.5.14...v2.5.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.5.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ParseQueryWithLimit by \u003ca href=\"https://github.com/StevenACoffman\"\u003e\u003ccode\u003e@​StevenACoffman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/304\"\u003evektah/gqlparser#304\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/vektah/gqlparser/compare/v2.5.13...v2.5.14\"\u003ehttps://github.com/vektah/gqlparser/compare/v2.5.13...v2.5.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.5.13\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the actions-deps group in /validator/imported with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/298\"\u003evektah/gqlparser#298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump prettier from 3.2.5 to 3.3.0 in /validator/imported in the actions-deps group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/299\"\u003evektah/gqlparser#299\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the actions-deps group in /validator/imported with 7 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/301\"\u003evektah/gqlparser#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in /validator/imported by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/302\"\u003evektah/gqlparser#302\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eToken limit fix CVE-2023-49559 by \u003ca href=\"https://github.com/uvzz\"\u003e\u003ccode\u003e@​uvzz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/291\"\u003evektah/gqlparser#291\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uvzz\"\u003e\u003ccode\u003e@​uvzz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/291\"\u003evektah/gqlparser#291\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/vektah/gqlparser/compare/v2.5.12...v2.5.13\"\u003ehttps://github.com/vektah/gqlparser/compare/v2.5.12...v2.5.13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.5.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow empty parens (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/292\"\u003e#292\u003c/a\u003e). by \u003ca href=\"https://github.com/yuchenshi\"\u003e\u003ccode\u003e@​yuchenshi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/293\"\u003evektah/gqlparser#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWithBuiltin FormatterOption added by \u003ca href=\"https://github.com/atzedus\"\u003e\u003ccode\u003e@​atzedus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/294\"\u003evektah/gqlparser#294\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRedo github actions by \u003ca href=\"https://github.com/StevenACoffman\"\u003e\u003ccode\u003e@​StevenACoffman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/295\"\u003evektah/gqlparser#295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/stretchr/testify from 1.4.0 to 1.9.0 in the actions-deps group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/296\"\u003evektah/gqlparser#296\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the actions-deps group in /validator/imported with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/297\"\u003evektah/gqlparser#297\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuchenshi\"\u003e\u003ccode\u003e@​yuchenshi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/293\"\u003evektah/gqlparser#293\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/vektah/gqlparser/compare/v2.5.11...v2.5.12\"\u003ehttps://github.com/vektah/gqlparser/compare/v2.5.11...v2.5.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.5.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump get-func-name from 2.0.0 to 2.0.2 in /validator/imported by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/284\"\u003evektah/gqlparser#284\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​babel/traverse\u003c/code\u003e from 7.22.6 to 7.23.2 in /validator/imported by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/285\"\u003evektah/gqlparser#285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix description formatting (possible \u0026quot; character) by \u003ca href=\"https://github.com/blmhemu\"\u003e\u003ccode\u003e@​blmhemu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/289\"\u003evektah/gqlparser#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egqlerror: implement List.Unwrap by \u003ca href=\"https://github.com/emersion\"\u003e\u003ccode\u003e@​emersion\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/290\"\u003evektah/gqlparser#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/blmhemu\"\u003e\u003ccode\u003e@​blmhemu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/289\"\u003evektah/gqlparser#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/emersion\"\u003e\u003ccode\u003e@​emersion\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/290\"\u003evektah/gqlparser#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/55a3c47d27e03c2a995f0a20e3e059e75d3858d2\"\u003e\u003ccode\u003e55a3c47\u003c/code\u003e\u003c/a\u003e Revert ParseSchema default token limit of 1500, add ParseSchemaWithLimit, Par...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/36a3658873bf5a107f42488dfc392949cdd02977\"\u003e\u003ccode\u003e36a3658\u003c/code\u003e\u003c/a\u003e Add ParseQueryWithLimit (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/304\"\u003e#304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/d457fc08189db3b7bee997060cfcb01717cdbbec\"\u003e\u003ccode\u003ed457fc0\u003c/code\u003e\u003c/a\u003e Token limit fix CVE-2023-49559 (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/6db1bd39a01415cc19e47ef078bf15c5a7d3cd5f\"\u003e\u003ccode\u003e6db1bd3\u003c/code\u003e\u003c/a\u003e Bump braces from 3.0.2 to 3.0.3 in /validator/imported (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/302\"\u003e#302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/39004142c4d3e4afee047257162835819d9c4789\"\u003e\u003ccode\u003e3900414\u003c/code\u003e\u003c/a\u003e Bump the actions-deps group in /validator/imported with 7 updates (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/301\"\u003e#301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/7c770f6a27ba16dafaf92e18161615de92c73363\"\u003e\u003ccode\u003e7c770f6\u003c/code\u003e\u003c/a\u003e Bump prettier in /validator/imported in the actions-deps group (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/0ed49739e85d437cbc1cb91fb640c030d1e65338\"\u003e\u003ccode\u003e0ed4973\u003c/code\u003e\u003c/a\u003e Bump the actions-deps group in /validator/imported with 6 updates (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/298\"\u003e#298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/00fd36f5cfc7bbb5fad59678e4026c980326bc3b\"\u003e\u003ccode\u003e00fd36f\u003c/code\u003e\u003c/a\u003e Bump the actions-deps group in /validator/imported with 8 updates (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/297\"\u003e#297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/9638a21e21cb32c1add5e2dc2a092575c0605e74\"\u003e\u003ccode\u003e9638a21\u003c/code\u003e\u003c/a\u003e Bump github.com/stretchr/testify in the actions-deps group (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/296\"\u003e#296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/55ebe371e7d4a2d7fcb1cbcf444b661a77f1c3bb\"\u003e\u003ccode\u003e55ebe37\u003c/code\u003e\u003c/a\u003e Add Dependabot.yml\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vektah/gqlparser/compare/v2.4.6...v2.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.48.0 to 1.56.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.56.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eserver: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)\u003c/p\u003e\n\u003cp\u003eIn addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.56.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003estatus: To fix a panic, \u003ccode\u003estatus.FromError\u003c/code\u003e now returns an error with \u003ccode\u003ecodes.Unknown\u003c/code\u003e when the error implements the \u003ccode\u003eGRPCStatus()\u003c/code\u003e method, and calling \u003ccode\u003eGRPCStatus()\u003c/code\u003e returns \u003ccode\u003enil\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6374\"\u003e#6374\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.56.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eclient: handle empty address lists correctly in addrConn.updateAddrs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.56.0\u003c/h2\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: support channel idleness using \u003ccode\u003eWithIdleTimeout\u003c/code\u003e dial option (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6263\"\u003e#6263\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis feature is currently disabled by default, but will be enabled with a 30 minute default in the future.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eclient: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A62-pick-first.md\"\u003egRFC A62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6306\"\u003e#6306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support for Custom LB Policies (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A52-xds-custom-lb-policies.md\"\u003egRFC A52\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6224\"\u003e#6224\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: support pick_first Custom LB policy (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A62-pick-first.md\"\u003egRFC A62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6314\"\u003e#6314\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6317\"\u003e#6317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: add support for pickfirst address shuffling (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A62-pick-first.md\"\u003egRFC A62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6311\"\u003e#6311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support for String Matcher Header Matcher in RDS (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6313\"\u003e#6313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds/outlierdetection: Add Channelz Logger to Outlier Detection LB (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6145\"\u003e#6145\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/s-matyukevich\"\u003e\u003ccode\u003e@​s-matyukevich\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: enable RLS in xDS by default (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6343\"\u003e#6343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eorca: add support for application_utilization field and missing range checks on several metrics setters\u003c/li\u003e\n\u003cli\u003ebalancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A58-client-side-weighted-round-robin-lb-policy.md\"\u003egRFC A58\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6241\"\u003e#6241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eauthz: add conversion of json to RBAC Audit Logging config (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6192\"\u003e#6192\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eauthz: add support for stdout logger (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6230\"\u003e#6230\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6298\"\u003e#6298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eauthz: support customizable audit functionality for authorization policy (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6192\"\u003e#6192\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6230\"\u003e#6230\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6298\"\u003e#6298\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6158\"\u003e#6158\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6304\"\u003e#6304\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6225\"\u003e#6225\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eorca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6245\"\u003e#6245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6361\"\u003e#6361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6361\"\u003e#6361\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eorca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6223\"\u003e#6223\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.55.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003estatus: To fix a panic, \u003ccode\u003estatus.FromError\u003c/code\u003e now returns an error with \u003ccode\u003ecodes.Unknown\u003c/code\u003e when the error implements the \u003ccode\u003eGRPCStatus()\u003c/code\u003e method, and calling \u003ccode\u003eGRPCStatus()\u003c/code\u003e returns \u003ccode\u003enil\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6374\"\u003e#6374\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.55.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: enable federation support by default (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6151\"\u003e#6151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estatus: \u003ccode\u003estatus.Code\u003c/code\u003e and \u003ccode\u003estatus.FromError\u003c/code\u003e handle wrapped errors (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6031\"\u003e#6031\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6150\"\u003e#6150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/1055b481ed2204a29d233286b9b50c42b63f8825\"\u003e\u003ccode\u003e1055b48\u003c/code\u003e\u003c/a\u003e Update version.go to 1.56.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6713\"\u003e#6713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/5efd7bd73e11fea58d1c7f1c110902e78a286299\"\u003e\u003ccode\u003e5efd7bd\u003c/code\u003e\u003c/a\u003e server: prohibit more than MaxConcurrentStreams handlers from running at once...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/bd1f038e7234580c2694e433bec5cd97e7b7f662\"\u003e\u003ccode\u003ebd1f038\u003c/code\u003e\u003c/a\u003e Upgrade version.go to 1.56.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6434\"\u003e#6434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/faab8736bf73291f92b867d5dae31c927d53d508\"\u003e\u003ccode\u003efaab873\u003c/code\u003e\u003c/a\u003e Update version.go to v1.56.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6432\"\u003e#6432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6b0b291d79831b1c8caafceec268b82c92253f96\"\u003e\u003ccode\u003e6b0b291\u003c/code\u003e\u003c/a\u003e status: fix panic when servers return a wrapped error with status OK (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6374\"\u003e#6374\u003c/a\u003e) ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/ed56401aa514462d5371713b8ec5c889da33953c\"\u003e\u003ccode\u003eed56401\u003c/code\u003e\u003c/a\u003e [PSM interop] Don't fail target if sub-target already failed (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6390\"\u003e#6390\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6405\"\u003e#6405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/cd6a794f0bdcf9a216e8f4d3c5717faf96d9fd78\"\u003e\u003ccode\u003ecd6a794\u003c/code\u003e\u003c/a\u003e Update version.go to v1.56.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6387\"\u003e#6387\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/5b67e5ea449ef0686a0c0b6de48cd4cb63e3db2a\"\u003e\u003ccode\u003e5b67e5e\u003c/code\u003e\u003c/a\u003e Update version.go to v1.56.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6386\"\u003e#6386\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d0f5150384a87f9fcac488a9c18727a55b7354c1\"\u003e\u003ccode\u003ed0f5150\u003c/code\u003e\u003c/a\u003e client: handle empty address lists correctly in addrConn.updateAddrs (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6354\"\u003e#6354\u003c/a\u003e) ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/997c1ea101cc5d496d2b148388f1df49632a9171\"\u003e\u003ccode\u003e997c1ea\u003c/code\u003e\u003c/a\u003e Change version to 1.56.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6345\"\u003e#6345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.48.0...v1.56.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker` from 20.10.17+incompatible to 26.1.5+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/docker/releases\"\u003egithub.com/docker/docker's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev26.1.5\u003c/h2\u003e\n\u003ch2\u003e26.1.5\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eThis release contains a fix for \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110\"\u003eCVE-2024-41110\u003c/a\u003e / \u003ca href=\"https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq\"\u003eGHSA-v23v-6jw2-98fq\u003c/a\u003e\nthat impacted setups using \u003ca href=\"https://docs.docker.com/engine/extend/plugins_authorization/\"\u003eauthorization plugins (AuthZ)\u003c/a\u003e\nfor access control. No other changes are included in this release, and this\nrelease is otherwise identical for users not using AuthZ plugins.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/moby/compare/v26.1.4...v26.1.5\"\u003ehttps://github.com/moby/moby/compare/v26.1.4...v26.1.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev26.1.4\u003c/h2\u003e\n\u003ch2\u003e26.1.4\u003c/h2\u003e\n\u003cp\u003eFor a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A26.1.4\"\u003edocker/cli, 26.1.4 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A26.1.4\"\u003emoby/moby, 26.1.4 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecated and removed features, see \u003ca href=\"https://github.com/docker/cli/blob/v26.1.4/docs/deprecated.md\"\u003eDeprecated Features\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eChanges to the Engine API, see \u003ca href=\"https://github.com/moby/moby/blob/v26.1.4/docs/api/version-history.md\"\u003eAPI version history\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eThis release updates the Go runtime to 1.21.11 which contains security fixes for:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/golang/go/issues/66869\"\u003eCVE-2024-24789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/golang/go/issues/67680\"\u003eCVE-2024-24790\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eA symlink time of check to time of use race condition during directory removal reported by Addison Crump (\u003ca href=\"https://github.com/addisoncrump\"\u003e\u003ccode\u003e@​addisoncrump\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes and enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where promoting a node immediately after another node was demoted could cause the promotion to fail. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47870\"\u003emoby/moby#47870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent the daemon log from being spammed with \u003ccode\u003esuperfluous response.WriteHeader call ...\u003c/code\u003e messages.. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47843\"\u003emoby/moby#47843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't show empty hints when plugins return an empty hook message. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5083\"\u003edocker/cli#5083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eContextType: \u0026quot;moby\u0026quot;\u003c/code\u003e to the context list/inspect output to address a compatibility issue with Visual Studio Container Tools. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5095\"\u003edocker/cli#5095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a compatibility issue with Visual Studio Container Tools. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5095\"\u003edocker/cli#5095\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate containerd (static binaries only) to \u003ca href=\"https://github.com/containerd/containerd/releases/tag/v1.7.17\"\u003ev1.7.17\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47841\"\u003emoby/moby#47841\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/golang/go/issues/66869\"\u003eCVE-2024-24789\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/golang/go/issues/67680\"\u003eCVE-2024-24790\u003c/a\u003e: Update Go runtime to 1.21.11. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47904\"\u003emoby/moby#47904\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Compose to \u003ca href=\"https://github.com/docker/compose/releases/tag/v2.27.1\"\u003ev2.27.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/docker/docker-ce-packaging/pull/1022\"\u003edocker/docker-ce-packages#1022\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Buildx to \u003ca href=\"https://github.com/docker/buildx/releases/tag/v0.14.1\"\u003ev0.14.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/docker/docker-ce-packaging/pull/1021\"\u003edocker/docker-ce-packages#1021\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev26.1.3\u003c/h2\u003e\n\u003ch2\u003e26.1.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191\"\u003e\u003ccode\u003e411e817\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/9cc85eaef15739234909e9c1d4b9915b37bac4ab\"\u003e\u003ccode\u003e9cc85ea\u003c/code\u003e\u003c/a\u003e If url includes scheme, urlPath will drop hostname, which would not match the...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/820cab90bc2cfc6fadf9bf9f0f460e1f6d07434a\"\u003e\u003ccode\u003e820cab9\u003c/code\u003e\u003c/a\u003e Authz plugin security fixes for 0-length content and path validation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/6bc49067a6c7647db245d77e0660778c8f61f314\"\u003e\u003ccode\u003e6bc4906\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/48123\"\u003e#48123\u003c/a\u003e from vvoland/v26.1-48120\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/6fbdce4b94456b6aad2b83a661bbbbed4dafa583\"\u003e\u003ccode\u003e6fbdce4\u003c/code\u003e\u003c/a\u003e update to go1.21.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/f5334644ecc787861fef75c7f6d08756ffe8bbd7\"\u003e\u003ccode\u003ef533464\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/47986\"\u003e#47986\u003c/a\u003e from vvoland/v26.1-47985\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/c1d4587d769bae94305de974fcb97d614fa7b4ef\"\u003e\u003ccode\u003ec1d4587\u003c/code\u003e\u003c/a\u003e builder/mobyexporter: Add missing nil check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/d6428049a53212ee798fedd90b1328a381492d28\"\u003e\u003ccode\u003ed642804\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/47940\"\u003e#47940\u003c/a\u003e from thaJeztah/26.1_backport_api_remove_container_c...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/daba2462f545b155011e1f183a85f00a18926181\"\u003e\u003ccode\u003edaba246\u003c/code\u003e\u003c/a\u003e docs: api: image inspect: remove Container and ContainerConfig\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/de5c9cf0b96e4e172b96db54abababa4a328462f\"\u003e\u003ccode\u003ede5c9cf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/47912\"\u003e#47912\u003c/a\u003e from thaJeztah/26.1_backport_vendor_containerd_1.7.18\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker/compare/v20.10.17...v26.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.3.7 to 0.9.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/48e4a4a957429d31328a685863b594ca9a06b552\"\u003e\u003ccode\u003e48e4a4a\u003c/code\u003e\u003c/a\u003e all: fix some comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/9db913aaf20ced01b7a130d9fb222d74a1339fa6\"\u003e\u003ccode\u003e9db913a\u003c/code\u003e\u003c/a\u003e go.mod: update to newer x/tools\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/30dadde3188b39150d373bac513a97df9d816a5b\"\u003e\u003ccode\u003e30dadde\u003c/code\u003e\u003c/a\u003e all: correct comment typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/71a9c9afc4cd710b9412f7f99f0d8e35b10e488a\"\u003e\u003ccode\u003e71a9c9a\u003c/code\u003e\u003c/a\u003e all: fix some comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/ec5565b1b747ce5ca569aeefc09e737b479a12ac\"\u003e\u003ccode\u003eec5565b\u003c/code\u003e\u003c/a\u003e README.md: update documentation of module versioning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/c8236a6712b1b530895a7182a8a9fc06f1c5cf4e\"\u003e\u003ccode\u003ec8236a6\u003c/code\u003e\u003c/a\u003e unicode/bidi: remove unused global\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/ada7473102ad456072fb2ef01a115cb0adb8d9a8\"\u003e\u003ccode\u003eada7473\u003c/code\u003e\u003c/a\u003e all: remove redundant type conversion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/1bdb400fb39a45cc788ffe7e5d7a2a9719afc7e9\"\u003e\u003ccode\u003e1bdb400\u003c/code\u003e\u003c/a\u003e language: remove compatibility with go \u0026lt; 1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/252bee03417df7609718dd0885f25d37818cb5c1\"\u003e\u003ccode\u003e252bee0\u003c/code\u003e\u003c/a\u003e go.mod: ignore cyclic dependency for tagging\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/ecab6e5ab6ec037a966bd330f3c04322d09cb79e\"\u003e\u003ccode\u003eecab6e5\u003c/code\u003e\u003c/a\u003e go.mod: ignore cyclic dependency for tagging\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/text/compare/v0.3.7...v0.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/protobuf` from 1.28.1 to 1.30.0\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/SVilgelm/opa/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/SVilgelm/opa/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SVilgelm%2Fopa/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}],"issue_packages":[{"old_version":"2.8.1+incompatible","new_version":"2.8.3+incompatible","update_type":"patch","path":null,"pr_created_at":"2026-05-20T13:25:59.000Z","version_change":"2.8.1+incompatible → 2.8.3+incompatible","issue":{"uuid":"4486835653","node_id":"PR_kwDOHKqUys7di43K","number":671,"state":"open","title":"build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.3+incompatible","user":"dependabot[bot]","labels":["stale"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-20T13:25:59.000Z","updated_at":"2026-06-04T02:17:16.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/docker/distribution","old_version":"2.8.1+incompatible","new_version":"2.8.3+incompatible","repository_url":"https://github.com/docker/distribution"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.3+incompatible.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass \u003ccode\u003eBUILDTAGS\u003c/code\u003e argument to \u003ccode\u003ego build\u003c/code\u003e by \u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable Go build tags by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4009\"\u003edistribution/distribution#4009\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ereference\u003c/code\u003e: replace deprecated function \u003ccode\u003eSplitHostname\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4032\"\u003edistribution/distribution#4032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDont parse errors as JSON unless Content-Type is set to JSON by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4054\"\u003edistribution/distribution#4054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go 1.20.8 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4056\"\u003edistribution/distribution#4056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003eContent-Type\u003c/code\u003e header in registry client \u003ccode\u003eReadFrom\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4053\"\u003edistribution/distribution#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeprecate reference package, migrate to github.com/distribution/reference by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4063\"\u003edistribution/distribution#4063\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edigestset\u003c/code\u003e: deprecate package in favor of \u003ccode\u003ego-digest/digestset\u003c/code\u003e  by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4064\"\u003edistribution/distribution#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not close HTTP request body in HTTP handler by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4068\"\u003edistribution/distribution#4068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd v2.8.3 release notes by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4088\"\u003edistribution/distribution#4088\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4772604ae973031ab32dd9805a4bccf61d94909f\"\u003e\u003ccode\u003e4772604\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4088\"\u003e#4088\u003c/a\u003e from distribution/2.8.3-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a4fa69927538d336b6c537712b03ebb8e4194535\"\u003e\u003ccode\u003ea4fa699\u003c/code\u003e\u003c/a\u003e Add v2.8.3 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/1eb2c30122f5e45360037a9e5191e861b0fb86e6\"\u003e\u003ccode\u003e1eb2c30\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4068\"\u003e#4068\u003c/a\u003e from milosgajdos/2_8-dont-close-request-body\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5e6b1b5c9823f5941f40f8dc2bbf93f86342a897\"\u003e\u003ccode\u003e5e6b1b5\u003c/code\u003e\u003c/a\u003e Do not close HTTP request body in HTTP handler\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b76378843a642c9f92dc0cc528219e103aa9bee\"\u003e\u003ccode\u003e2b76378\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4064\"\u003e#4064\u003c/a\u003e from thaJeztah/2.8_backport_nodigestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/29b00e8b28994a706bb9eb20574ed60416ddc55c\"\u003e\u003ccode\u003e29b00e8\u003c/code\u003e\u003c/a\u003e digestset: deprecate package in favor of go-digest/digestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/d1ab2430e6c6226cf54cb46d9a8c8f253f24f8ec\"\u003e\u003ccode\u003ed1ab243\u003c/code\u003e\u003c/a\u003e [release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/11eb4194f67598afebcc15bf474b488b3c5b09a0\"\u003e\u003ccode\u003e11eb419\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4063\"\u003e#4063\u003c/a\u003e from thaJeztah/2.8_backport_switch_reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/3dda0677474a076ec5746e960fc0fb96ff738fd1\"\u003e\u003ccode\u003e3dda067\u003c/code\u003e\u003c/a\u003e deprecate reference package, migrate to github.com/distribution/reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/da05539ad3168aaba3a0b22aebdbddb3deeba6a2\"\u003e\u003ccode\u003eda05539\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4053\"\u003e#4053\u003c/a\u003e from thaJeztah/2.8_backport_set-content-type-client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.1...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution\u0026package-manager=go_modules\u0026previous-version=2.8.1+incompatible\u0026new-version=2.8.3+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/RemakingEden/dagger/pull/671","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/RemakingEden%2Fdagger/issues/671","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/671/packages"}},{"old_version":"2.8.1+incompatible","new_version":"2.8.3+incompatible","update_type":"patch","path":null,"pr_created_at":"2026-05-11T03:04:24.000Z","version_change":"2.8.1+incompatible → 2.8.3+incompatible","issue":{"uuid":"4417786786","node_id":"PR_kwDOHmgjqM7aF9yP","number":800,"state":"open","title":"build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.3+incompatible","user":"dependabot[bot]","labels":["stale"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-11T03:04:24.000Z","updated_at":"2026-05-26T02:17:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/docker/distribution","old_version":"2.8.1+incompatible","new_version":"2.8.3+incompatible","repository_url":"https://github.com/docker/distribution"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.3+incompatible.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass \u003ccode\u003eBUILDTAGS\u003c/code\u003e argument to \u003ccode\u003ego build\u003c/code\u003e by \u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable Go build tags by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4009\"\u003edistribution/distribution#4009\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ereference\u003c/code\u003e: replace deprecated function \u003ccode\u003eSplitHostname\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4032\"\u003edistribution/distribution#4032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDont parse errors as JSON unless Content-Type is set to JSON by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4054\"\u003edistribution/distribution#4054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go 1.20.8 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4056\"\u003edistribution/distribution#4056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003eContent-Type\u003c/code\u003e header in registry client \u003ccode\u003eReadFrom\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4053\"\u003edistribution/distribution#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeprecate reference package, migrate to github.com/distribution/reference by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4063\"\u003edistribution/distribution#4063\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edigestset\u003c/code\u003e: deprecate package in favor of \u003ccode\u003ego-digest/digestset\u003c/code\u003e  by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4064\"\u003edistribution/distribution#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not close HTTP request body in HTTP handler by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4068\"\u003edistribution/distribution#4068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd v2.8.3 release notes by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4088\"\u003edistribution/distribution#4088\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4772604ae973031ab32dd9805a4bccf61d94909f\"\u003e\u003ccode\u003e4772604\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4088\"\u003e#4088\u003c/a\u003e from distribution/2.8.3-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a4fa69927538d336b6c537712b03ebb8e4194535\"\u003e\u003ccode\u003ea4fa699\u003c/code\u003e\u003c/a\u003e Add v2.8.3 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/1eb2c30122f5e45360037a9e5191e861b0fb86e6\"\u003e\u003ccode\u003e1eb2c30\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4068\"\u003e#4068\u003c/a\u003e from milosgajdos/2_8-dont-close-request-body\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5e6b1b5c9823f5941f40f8dc2bbf93f86342a897\"\u003e\u003ccode\u003e5e6b1b5\u003c/code\u003e\u003c/a\u003e Do not close HTTP request body in HTTP handler\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b76378843a642c9f92dc0cc528219e103aa9bee\"\u003e\u003ccode\u003e2b76378\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4064\"\u003e#4064\u003c/a\u003e from thaJeztah/2.8_backport_nodigestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/29b00e8b28994a706bb9eb20574ed60416ddc55c\"\u003e\u003ccode\u003e29b00e8\u003c/code\u003e\u003c/a\u003e digestset: deprecate package in favor of go-digest/digestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/d1ab2430e6c6226cf54cb46d9a8c8f253f24f8ec\"\u003e\u003ccode\u003ed1ab243\u003c/code\u003e\u003c/a\u003e [release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/11eb4194f67598afebcc15bf474b488b3c5b09a0\"\u003e\u003ccode\u003e11eb419\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4063\"\u003e#4063\u003c/a\u003e from thaJeztah/2.8_backport_switch_reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/3dda0677474a076ec5746e960fc0fb96ff738fd1\"\u003e\u003ccode\u003e3dda067\u003c/code\u003e\u003c/a\u003e deprecate reference package, migrate to github.com/distribution/reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/da05539ad3168aaba3a0b22aebdbddb3deeba6a2\"\u003e\u003ccode\u003eda05539\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4053\"\u003e#4053\u003c/a\u003e from thaJeztah/2.8_backport_set-content-type-client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.1...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution\u0026package-manager=go_modules\u0026previous-version=2.8.1+incompatible\u0026new-version=2.8.3+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/aria1991/dagger/pull/800","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/aria1991%2Fdagger/issues/800","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/800/packages"}},{"old_version":"2.8.1+incompatible","new_version":"2.8.3+incompatible","update_type":"patch","path":null,"pr_created_at":"2026-05-06T12:53:21.000Z","version_change":"2.8.1+incompatible → 2.8.3+incompatible","issue":{"uuid":"4391479348","node_id":"PR_kwDOHI0d1M7YxWky","number":831,"state":"closed","title":"Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.3+incompatible","user":"dependabot[bot]","labels":["dependencies","go","stale"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-28T05:45:42.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-06T12:53:21.000Z","updated_at":"2026-05-28T05:45:53.000Z","time_to_close":1875141,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/docker/distribution","old_version":"2.8.1+incompatible","new_version":"2.8.3+incompatible","repository_url":"https://github.com/docker/distribution"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.3+incompatible.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass \u003ccode\u003eBUILDTAGS\u003c/code\u003e argument to \u003ccode\u003ego build\u003c/code\u003e by \u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable Go build tags by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4009\"\u003edistribution/distribution#4009\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ereference\u003c/code\u003e: replace deprecated function \u003ccode\u003eSplitHostname\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4032\"\u003edistribution/distribution#4032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDont parse errors as JSON unless Content-Type is set to JSON by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4054\"\u003edistribution/distribution#4054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go 1.20.8 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4056\"\u003edistribution/distribution#4056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003eContent-Type\u003c/code\u003e header in registry client \u003ccode\u003eReadFrom\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4053\"\u003edistribution/distribution#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeprecate reference package, migrate to github.com/distribution/reference by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4063\"\u003edistribution/distribution#4063\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edigestset\u003c/code\u003e: deprecate package in favor of \u003ccode\u003ego-digest/digestset\u003c/code\u003e  by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4064\"\u003edistribution/distribution#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not close HTTP request body in HTTP handler by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4068\"\u003edistribution/distribution#4068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd v2.8.3 release notes by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4088\"\u003edistribution/distribution#4088\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4772604ae973031ab32dd9805a4bccf61d94909f\"\u003e\u003ccode\u003e4772604\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4088\"\u003e#4088\u003c/a\u003e from distribution/2.8.3-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a4fa69927538d336b6c537712b03ebb8e4194535\"\u003e\u003ccode\u003ea4fa699\u003c/code\u003e\u003c/a\u003e Add v2.8.3 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/1eb2c30122f5e45360037a9e5191e861b0fb86e6\"\u003e\u003ccode\u003e1eb2c30\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4068\"\u003e#4068\u003c/a\u003e from milosgajdos/2_8-dont-close-request-body\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5e6b1b5c9823f5941f40f8dc2bbf93f86342a897\"\u003e\u003ccode\u003e5e6b1b5\u003c/code\u003e\u003c/a\u003e Do not close HTTP request body in HTTP handler\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b76378843a642c9f92dc0cc528219e103aa9bee\"\u003e\u003ccode\u003e2b76378\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4064\"\u003e#4064\u003c/a\u003e from thaJeztah/2.8_backport_nodigestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/29b00e8b28994a706bb9eb20574ed60416ddc55c\"\u003e\u003ccode\u003e29b00e8\u003c/code\u003e\u003c/a\u003e digestset: deprecate package in favor of go-digest/digestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/d1ab2430e6c6226cf54cb46d9a8c8f253f24f8ec\"\u003e\u003ccode\u003ed1ab243\u003c/code\u003e\u003c/a\u003e [release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/11eb4194f67598afebcc15bf474b488b3c5b09a0\"\u003e\u003ccode\u003e11eb419\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4063\"\u003e#4063\u003c/a\u003e from thaJeztah/2.8_backport_switch_reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/3dda0677474a076ec5746e960fc0fb96ff738fd1\"\u003e\u003ccode\u003e3dda067\u003c/code\u003e\u003c/a\u003e deprecate reference package, migrate to github.com/distribution/reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/da05539ad3168aaba3a0b22aebdbddb3deeba6a2\"\u003e\u003ccode\u003eda05539\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4053\"\u003e#4053\u003c/a\u003e from thaJeztah/2.8_backport_set-content-type-client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.1...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution\u0026package-manager=go_modules\u0026previous-version=2.8.1+incompatible\u0026new-version=2.8.3+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/sultanabubaker/SAST-go-project/pull/831","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sultanabubaker%2FSAST-go-project/issues/831","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/831/packages"}},{"old_version":"2.8.2+incompatible","new_version":"2.8.3+incompatible","update_type":"patch","path":null,"pr_created_at":"2026-03-30T07:07:59.000Z","version_change":"2.8.2+incompatible → 2.8.3+incompatible","issue":{"uuid":"4168105144","node_id":"PR_kwDOHF4yI87Ogyy2","number":280,"state":"open","title":"build(deps): bump the engine group across 1 directory with 74 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-30T07:07:59.000Z","updated_at":"2026-03-30T07:08:00.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"engine","update_count":74,"packages":[{"name":"github.com/99designs/gqlgen","old_version":"0.17.44","new_version":"0.17.89","repository_url":"https://github.com/99designs/gqlgen"},{"name":"github.com/Khan/genqlient","old_version":"0.7.0","new_version":"0.8.1","repository_url":"https://github.com/Khan/genqlient"},{"name":"github.com/a-h/templ","old_version":"0.2.543","new_version":"0.3.1001","repository_url":"https://github.com/a-h/templ"},{"name":"github.com/adrg/xdg","old_version":"0.4.0","new_version":"0.5.3","repository_url":"https://github.com/adrg/xdg"},{"name":"github.com/charmbracelet/bubbletea","old_version":"0.25.0","new_version":"1.3.10","repository_url":"https://github.com/charmbracelet/bubbletea"},{"name":"github.com/containerd/console","old_version":"1.0.4","new_version":"1.0.5","repository_url":"https://github.com/containerd/console"},{"name":"github.com/containerd/containerd","old_version":"1.7.15","new_version":"1.7.30","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/containerd/stargz-snapshotter","old_version":"0.15.1","new_version":"0.18.2","repository_url":"https://github.com/containerd/stargz-snapshotter"},{"name":"github.com/creack/pty","old_version":"1.1.18","new_version":"1.1.24","repository_url":"https://github.com/creack/pty"},{"name":"github.com/dave/jennifer","old_version":"1.7.0","new_version":"1.7.1","repository_url":"https://github.com/dave/jennifer"},{"name":"github.com/docker/distribution","old_version":"2.8.2+incompatible","new_version":"2.8.3+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/docker/docker","old_version":"26.1.0+incompatible","new_version":"28.5.2+incompatible","repository_url":"https://github.com/docker/docker"},{"name":"github.com/dschmidt/go-layerfs","old_version":"0.1.0","new_version":"0.2.0","repository_url":"https://github.com/dschmidt/go-layerfs"},{"name":"github.com/go-git/go-git/v5","old_version":"5.12.0","new_version":"5.17.1","repository_url":"https://github.com/go-git/go-git"},{"name":"github.com/gofrs/flock","old_version":"0.8.1","new_version":"0.13.0","repository_url":"https://github.com/gofrs/flock"},{"name":"github.com/goproxy/goproxy","old_version":"0.16.9","new_version":"0.26.0","repository_url":"https://github.com/goproxy/goproxy"},{"name":"github.com/jackpal/gateway","old_version":"1.0.7","new_version":"1.1.1","repository_url":"https://github.com/jackpal/gateway"},{"name":"github.com/koron-go/prefixw","old_version":"1.0.0","new_version":"1.0.2","repository_url":"https://github.com/koron-go/prefixw"},{"name":"github.com/lmittmann/tint","old_version":"1.0.4","new_version":"1.1.3","repository_url":"https://github.com/lmittmann/tint"},{"name":"github.com/mackerelio/go-osstat","old_version":"0.2.4","new_version":"0.2.7","repository_url":"https://github.com/mackerelio/go-osstat"},{"name":"github.com/moby/patternmatcher","old_version":"0.6.0","new_version":"0.6.1","repository_url":"https://github.com/moby/patternmatcher"},{"name":"github.com/rs/zerolog","old_version":"1.32.0","new_version":"1.35.0","repository_url":"https://github.com/rs/zerolog"},{"name":"github.com/samber/slog-logrus/v2","old_version":"2.2.0","new_version":"2.5.4","repository_url":"https://github.com/samber/slog-logrus"},{"name":"github.com/tidwall/gjson","old_version":"1.17.0","new_version":"1.18.0","repository_url":"https://github.com/tidwall/gjson"},{"name":"github.com/vito/midterm","old_version":"0.1.5-0.20240307214207-d0271a7ca452","new_version":"0.2.4","repository_url":"https://github.com/vito/midterm"},{"name":"github.com/zeebo/xxh3","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/zeebo/xxh3"},{"name":"go.opentelemetry.io/otel/log","old_version":"0.0.1-alpha","new_version":"0.18.0","repository_url":"https://github.com/open-telemetry/opentelemetry-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the engine group with 27 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/99designs/gqlgen](https://github.com/99designs/gqlgen) | `0.17.44` | `0.17.89` |\n| [github.com/Khan/genqlient](https://github.com/Khan/genqlient) | `0.7.0` | `0.8.1` |\n| [github.com/a-h/templ](https://github.com/a-h/templ) | `0.2.543` | `0.3.1001` |\n| [github.com/adrg/xdg](https://github.com/adrg/xdg) | `0.4.0` | `0.5.3` |\n| [github.com/charmbracelet/bubbletea](https://github.com/charmbracelet/bubbletea) | `0.25.0` | `1.3.10` |\n| [github.com/containerd/console](https://github.com/containerd/console) | `1.0.4` | `1.0.5` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.15` | `1.7.30` |\n| [github.com/containerd/stargz-snapshotter](https://github.com/containerd/stargz-snapshotter) | `0.15.1` | `0.18.2` |\n| [github.com/creack/pty](https://github.com/creack/pty) | `1.1.18` | `1.1.24` |\n| [github.com/dave/jennifer](https://github.com/dave/jennifer) | `1.7.0` | `1.7.1` |\n| [github.com/docker/distribution](https://github.com/docker/distribution) | `2.8.2+incompatible` | `2.8.3+incompatible` |\n| [github.com/docker/docker](https://github.com/docker/docker) | `26.1.0+incompatible` | `28.5.2+incompatible` |\n| [github.com/dschmidt/go-layerfs](https://github.com/dschmidt/go-layerfs) | `0.1.0` | `0.2.0` |\n| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.12.0` | `5.17.1` |\n| [github.com/gofrs/flock](https://github.com/gofrs/flock) | `0.8.1` | `0.13.0` |\n| [github.com/goproxy/goproxy](https://github.com/goproxy/goproxy) | `0.16.9` | `0.26.0` |\n| [github.com/jackpal/gateway](https://github.com/jackpal/gateway) | `1.0.7` | `1.1.1` |\n| [github.com/koron-go/prefixw](https://github.com/koron-go/prefixw) | `1.0.0` | `1.0.2` |\n| [github.com/lmittmann/tint](https://github.com/lmittmann/tint) | `1.0.4` | `1.1.3` |\n| [github.com/mackerelio/go-osstat](https://github.com/mackerelio/go-osstat) | `0.2.4` | `0.2.7` |\n| [github.com/moby/patternmatcher](https://github.com/moby/patternmatcher) | `0.6.0` | `0.6.1` |\n| [github.com/rs/zerolog](https://github.com/rs/zerolog) | `1.32.0` | `1.35.0` |\n| [github.com/samber/slog-logrus/v2](https://github.com/samber/slog-logrus) | `2.2.0` | `2.5.4` |\n| [github.com/tidwall/gjson](https://github.com/tidwall/gjson) | `1.17.0` | `1.18.0` |\n| [github.com/vito/midterm](https://github.com/vito/midterm) | `0.1.5-0.20240307214207-d0271a7ca452` | `0.2.4` |\n| [github.com/zeebo/xxh3](https://github.com/zeebo/xxh3) | `1.0.2` | `1.1.0` |\n| [go.opentelemetry.io/otel/log](https://github.com/open-telemetry/opentelemetry-go) | `0.0.1-alpha` | `0.18.0` |\n\n\nUpdates `github.com/99designs/gqlgen` from 0.17.44 to 0.17.89\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/99designs/gqlgen/releases\"\u003egithub.com/99designs/gqlgen's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.17.89\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeature/optimize packages load validation by \u003ca href=\"https://github.com/jhonDoe15\"\u003e\u003ccode\u003e@​jhonDoe15\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4070\"\u003e99designs/gqlgen#4070\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdated integration test dependencies by \u003ca href=\"https://github.com/UnAfraid\"\u003e\u003ccode\u003e@​UnAfraid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4071\"\u003e99designs/gqlgen#4071\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor: just split injectTypesFromSchema into smaller methods by \u003ca href=\"https://github.com/atzedus\"\u003e\u003ccode\u003e@​atzedus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4061\"\u003e99designs/gqlgen#4061\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIgnore headers from body by \u003ca href=\"https://github.com/jeolted\"\u003e\u003ccode\u003e@​jeolted\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4088\"\u003e99designs/gqlgen#4088\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: batch resolver being called multiple times for interface implementations by \u003ca href=\"https://github.com/tomoikey\"\u003e\u003ccode\u003e@​tomoikey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4087\"\u003e99designs/gqlgen#4087\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove use_light_mode_prefetch option by \u003ca href=\"https://github.com/jhonDoe15\"\u003e\u003ccode\u003e@​jhonDoe15\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4080\"\u003e99designs/gqlgen#4080\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​graphql-codegen/cli\u003c/code\u003e from 6.1.2 to 6.1.3 in /integration by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4067\"\u003e99designs/gqlgen#4067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4069\"\u003e99designs/gqlgen#4069\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump dawidd6/action-download-artifact from 16 to 19 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4092\"\u003e99designs/gqlgen#4092\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jeolted\"\u003e\u003ccode\u003e@​jeolted\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4088\"\u003e99designs/gqlgen#4088\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/99designs/gqlgen/compare/v0.17.88...v0.17.89\"\u003ehttps://github.com/99designs/gqlgen/compare/v0.17.88...v0.17.89\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.17.88\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd nested batch resolver tests and documentation to batchresolver example by \u003ca href=\"https://github.com/dpulpeiro\"\u003e\u003ccode\u003e@​dpulpeiro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4043\"\u003e99designs/gqlgen#4043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in unmarshalling null to non-nullable bound type by \u003ca href=\"https://github.com/deitrix\"\u003e\u003ccode\u003e@​deitrix\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4055\"\u003e99designs/gqlgen#4055\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes a bug that causes excessive pruning by \u003ca href=\"https://github.com/AdallomRoy\"\u003e\u003ccode\u003e@​AdallomRoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4054\"\u003e99designs/gqlgen#4054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMissing config options in gqlgen.schema.json by \u003ca href=\"https://github.com/atzedus\"\u003e\u003ccode\u003e@​atzedus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4045\"\u003e99designs/gqlgen#4045\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: support \u003ca href=\"https://github.com/goField\"\u003e\u003ccode\u003e@​goField\u003c/code\u003e\u003c/a\u003e(batch: true) directive by \u003ca href=\"https://github.com/dpulpeiro\"\u003e\u003ccode\u003e@​dpulpeiro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4040\"\u003e99designs/gqlgen#4040\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove duplicated buildField batch flag block by \u003ca href=\"https://github.com/dpulpeiro\"\u003e\u003ccode\u003e@​dpulpeiro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4057\"\u003e99designs/gqlgen#4057\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add incremental code generation for follow-schema layout by \u003ca href=\"https://github.com/jhonDoe15\"\u003e\u003ccode\u003e@​jhonDoe15\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4042\"\u003e99designs/gqlgen#4042\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump dawidd6/action-download-artifact from 14 to 15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4037\"\u003e99designs/gqlgen#4037\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump devops-actions/actionlint from 0.1.10 to 0.1.11 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4036\"\u003e99designs/gqlgen#4036\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​apollo/client\u003c/code\u003e from 4.1.4 to 4.1.5 in /integration by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4035\"\u003e99designs/gqlgen#4035\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​graphql-codegen/client-preset\u003c/code\u003e from 5.2.2 to 5.2.3 in /integration by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4034\"\u003e99designs/gqlgen#4034\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/sosodev/duration from 1.3.1 to 1.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4032\"\u003e99designs/gqlgen#4032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​graphql-codegen/cli\u003c/code\u003e from 6.1.1 to 6.1.2 in /integration by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4033\"\u003e99designs/gqlgen#4033\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump rollup from 4.56.0 to 4.59.0 in /integration in the npm_and_yarn group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4039\"\u003e99designs/gqlgen#4039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github.com/urfave/cli/v3 from 3.6.2 to 3.7.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4046\"\u003e99designs/gqlgen#4046\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump \u003ccode\u003e@​apollo/client\u003c/code\u003e from 4.1.5 to 4.1.6 in /integration by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4048\"\u003e99designs/gqlgen#4048\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump mikepenz/action-junit-report from 6.2.0 to 6.3.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4049\"\u003e99designs/gqlgen#4049\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/setup-go from 6.2.0 to 6.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4050\"\u003e99designs/gqlgen#4050\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump dawidd6/action-download-artifact from 15 to 16 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4051\"\u003e99designs/gqlgen#4051\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4052\"\u003e99designs/gqlgen#4052\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): bump graphql from 16.12.0 to 16.13.0 in /integration by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4047\"\u003e99designs/gqlgen#4047\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump immutable from 3.7.6 to 5.1.5 in /integration in the npm_and_yarn group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4058\"\u003e99designs/gqlgen#4058\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dpulpeiro\"\u003e\u003ccode\u003e@​dpulpeiro\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4043\"\u003e99designs/gqlgen#4043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jhonDoe15\"\u003e\u003ccode\u003e@​jhonDoe15\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/99designs/gqlgen/pull/4042\"\u003e99designs/gqlgen#4042\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/99designs/gqlgen/compare/v0.17.87...v0.17.88\"\u003ehttps://github.com/99designs/gqlgen/compare/v0.17.87...v0.17.88\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.17.87\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/99designs/gqlgen/blob/master/CHANGELOG.md\"\u003egithub.com/99designs/gqlgen's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCHANGELOG\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/99designs/gqlgen/compare/v0.17.50...HEAD\"\u003eUnreleased\u003c/a\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/99designs/gqlgen/compare/v0.17.49...v0.17.50\"\u003ev0.17.50\u003c/a\u003e - 2024-09-13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003ea6d5d843\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e release v0.17.50\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003ef154d99d\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e Fix Nancy to use Go 1.22\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e6b9e40e8\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e make rewrite default for resolver layout single-file (\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://redirect.github.com/99designs/gqlgen/issues/3243\"\u003e#3243\u003c/a\u003e\u003c!-- raw HTML omitted --\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eBumps the npm_and_yarn group in /integration with 1 update: \u003ca href=\"https://github.com/lukeed/dset\"\u003edset\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eUpdates \u003ccode\u003edset\u003c/code\u003e from 3.1.3 to 3.1.4\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukeed/dset/releases\"\u003eRelease notes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lukeed/dset/compare/v3.1.3...v3.1.4\"\u003eCommits\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eupdated-dependencies:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003edependency-name: dset\ndependency-type: indirect\ndependency-group: npm_and_yarn\n...\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eBump some more module versions\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate aurora\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAvoid upgrade to go 1.23\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003edowngrade goquery to support pre-Go 1.23 for now\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/76d62cf985e293ae4c352529659381a4caf45565\"\u003e\u003ccode\u003e76d62cf\u003c/code\u003e\u003c/a\u003e release v0.17.89\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/be391aebdd50897dbb7d65fe2ee8b1cb1c63721e\"\u003e\u003ccode\u003ebe391ae\u003c/code\u003e\u003c/a\u003e Remove use_light_mode_prefetch option (\u003ca href=\"https://redirect.github.com/99designs/gqlgen/issues/4080\"\u003e#4080\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/8139cd123fc4ad498aaed4c26886ab76a64281c1\"\u003e\u003ccode\u003e8139cd1\u003c/code\u003e\u003c/a\u003e fix: batch resolver being called multiple times for interface implementations...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/f7f177b0572a89be1cd9e5a3ae6c9c0f90d54826\"\u003e\u003ccode\u003ef7f177b\u003c/code\u003e\u003c/a\u003e Ignore headers from body (\u003ca href=\"https://redirect.github.com/99designs/gqlgen/issues/4088\"\u003e#4088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/5f192ccff3459f2751abae431bdaf386d0ef2df8\"\u003e\u003ccode\u003e5f192cc\u003c/code\u003e\u003c/a\u003e chore(deps): bump dawidd6/action-download-artifact from 16 to 19 (\u003ca href=\"https://redirect.github.com/99designs/gqlgen/issues/4092\"\u003e#4092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/82bf8457f1df0a7073b5f45ef70e8b95eb09cba8\"\u003e\u003ccode\u003e82bf845\u003c/code\u003e\u003c/a\u003e fix: Handle interface-to-interface inheritance in introspection (\u003ca href=\"https://redirect.github.com/99designs/gqlgen/issues/4083\"\u003e#4083\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/daf8f07ffad018bd8b061674bcbf5cb7e9ae9f72\"\u003e\u003ccode\u003edaf8f07\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (\u003ca href=\"https://redirect.github.com/99designs/gqlgen/issues/4069\"\u003e#4069\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/3e779134def8708ff6ac1bb08e0143fa03027037\"\u003e\u003ccode\u003e3e77913\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump \u003ccode\u003e@​graphql-codegen/cli\u003c/code\u003e in /integration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/f92e401550602ddc9c0cf9c35cfe5f3385a5566c\"\u003e\u003ccode\u003ef92e401\u003c/code\u003e\u003c/a\u003e Refactor: just split injectTypesFromSchema into smaller methods (\u003ca href=\"https://redirect.github.com/99designs/gqlgen/issues/4061\"\u003e#4061\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/99designs/gqlgen/commit/6edc0f4144c9a9296fc2d8e0d63d5b8ebb02968a\"\u003e\u003ccode\u003e6edc0f4\u003c/code\u003e\u003c/a\u003e Updated integration test dependencies (\u003ca href=\"https://redirect.github.com/99designs/gqlgen/issues/4071\"\u003e#4071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/99designs/gqlgen/compare/v0.17.44...v0.17.89\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/Khan/genqlient` from 0.7.0 to 0.8.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Khan/genqlient/releases\"\u003egithub.com/Khan/genqlient's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.1\u003c/h2\u003e\n\u003cp\u003eThis release fixes a bug introduced in v0.8.0 breaking path resolution on Windows, along with some other small features and bugs.\u003c/p\u003e\n\u003ch3\u003eNew features:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e@genqlient(alias)\u003c/code\u003e directive to customize field names without requiring GraphQL aliases (fixes \u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/367\"\u003e#367\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eauto_camel_case\u003c/code\u003e config option to automatically convert snake_case to camelCase in both field names and type names\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efixed path resolution on Windows\u003c/li\u003e\n\u003cli\u003efixed documentation link in \u003ccode\u003eintroduction.md\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eupgraded version of alexflint/go-arg from 1.4.2 to 1.5.1\u003c/li\u003e\n\u003cli\u003efixed a typo in the struct + fragment error message\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003cp\u003eThis release adds support for genqlient subscriptions; see the \u003ca href=\"https://github.com/Khan/genqlient/blob/HEAD/subscriptions.md\"\u003edocumentation\u003c/a\u003e for more, and thanks to \u003ca href=\"https://github.com/matthieu4294967296moineau\"\u003e\u003ccode\u003e@​matthieu4294967296moineau\u003c/code\u003e\u003c/a\u003e for the original implementation and \u003ca href=\"https://github.com/HaraldNordgren\"\u003e\u003ccode\u003e@​HaraldNordgren\u003c/code\u003e\u003c/a\u003e for additional testing and improvements.\u003c/p\u003e\n\u003cp\u003eNote that genqlient now requires Go 1.22.5 or higher, and is tested through Go 1.23.3.\u003c/p\u003e\n\u003ch3\u003eBreaking changes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egenqlient now forbids \u003ccode\u003eomitempty: false\u003c/code\u003e (including implicit behaviour) when using pointer on non-null input field.\u003c/li\u003e\n\u003cli\u003eThe error text for HTTP errors has changed slightly. If you were parsing it, switch to \u003ca href=\"https://github.com/Khan/genqlient/blob/HEAD/client_config.md#handling-errors\"\u003e\u003ccode\u003eAs\u003c/code\u003e-ing to \u003ccode\u003egraphql.HTTPError\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew features:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egenqlient now supports subscriptions; the websocket protocol is by default \u003ccode\u003egraphql-transport-ws\u003c/code\u003e but can be set to another value.\u003cbr /\u003e\nSee the \u003ca href=\"https://github.com/Khan/genqlient/blob/HEAD/subscriptions.md\"\u003edocumentation\u003c/a\u003e for more details on how to use subscriptions.\u003c/li\u003e\n\u003cli\u003egenqlient now supports double-star globs for schema and query files; see \u003ca href=\"https://github.com/Khan/genqlient/blob/HEAD/genqlient.yaml\"\u003e\u003ccode\u003ehttps://github.com/Khan/genqlient/blob/HEAD/genqlient.yaml\u003c/code\u003e docs\u003c/a\u003e for more.\u003c/li\u003e\n\u003cli\u003egenqlient now generates slices containing all enum values for each enum type.\u003c/li\u003e\n\u003cli\u003egenqlient now returns \u003ccode\u003eIs\u003c/code\u003e/\u003ccode\u003eAs\u003c/code\u003e-able errors when the HTTP request returns a non-200 status.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eomitempty validation:\n\u003cul\u003e\n\u003cli\u003eallow \u003ccode\u003eomitempty\u003c/code\u003e on non-nullable input field, if the field has a default\u003c/li\u003e\n\u003cli\u003eallow \u003ccode\u003eomitempty: false\u003c/code\u003e on an input field, even when it is non-nullable\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edon't do \u003ccode\u003eomitempty\u003c/code\u003e and \u003ccode\u003epointer\u003c/code\u003e input types validation when \u003ccode\u003euse_struct_reference\u003c/code\u003e is used, as the generated type is often not compatible with validation logic.\u003c/li\u003e\n\u003cli\u003ethe \u003ccode\u003eallow_broken_features\u003c/code\u003e option, which no longer did anything, has been removed\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/Khan/genqlient/blob/main/docs/CHANGELOG.md\"\u003egithub.com/Khan/genqlient's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.8.1\u003c/h2\u003e\n\u003cp\u003eThis release fixes a bug introduced in v0.8.0 breaking path resolution on Windows, along with some other small features and bugs.\u003c/p\u003e\n\u003ch3\u003eNew features:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e@genqlient(alias)\u003c/code\u003e directive to customize field names without requiring GraphQL aliases (fixes \u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/367\"\u003e#367\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eauto_camel_case\u003c/code\u003e config option to automatically convert snake_case to camelCase in both field names and type names\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efixed path resolution on Windows\u003c/li\u003e\n\u003cli\u003efixed documentation link in \u003ccode\u003eintroduction.md\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eupgraded version of alexflint/go-arg from 1.4.2 to 1.5.1\u003c/li\u003e\n\u003cli\u003efixed a typo in the struct + fragment error message\u003c/li\u003e\n\u003cli\u003eavoid error when a subscription message is received without a subscription ID\u003c/li\u003e\n\u003cli\u003eavoid closing subscription channels more than once, which could cause a panic in some cases\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.8.0\u003c/h2\u003e\n\u003cp\u003eThis release adds support for genqlient subscriptions; see the \u003ca href=\"https://github.com/Khan/genqlient/blob/main/docs/subscriptions.md\"\u003edocumentation\u003c/a\u003e for more, and thanks to \u003ca href=\"https://github.com/matthieu4294967296moineau\"\u003e\u003ccode\u003e@​matthieu4294967296moineau\u003c/code\u003e\u003c/a\u003e for the original implementation and \u003ca href=\"https://github.com/HaraldNordgren\"\u003e\u003ccode\u003e@​HaraldNordgren\u003c/code\u003e\u003c/a\u003e for additional testing and improvements.\u003c/p\u003e\n\u003cp\u003eNote that genqlient now requires Go 1.22.5 or higher, and is tested through Go 1.23.3.\u003c/p\u003e\n\u003ch3\u003eBreaking changes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egenqlient now forbids \u003ccode\u003eomitempty: false\u003c/code\u003e (including implicit behaviour) when using pointer on non-null input field.\u003c/li\u003e\n\u003cli\u003eThe error text for HTTP errors has changed slightly. If you were parsing it, switch to \u003ca href=\"https://github.com/Khan/genqlient/blob/main/docs/client_config.md#handling-errors\"\u003e\u003ccode\u003eAs\u003c/code\u003e-ing to \u003ccode\u003egraphql.HTTPError\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew features:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003egenqlient now supports subscriptions; the websocket protocol is by default \u003ccode\u003egraphql-transport-ws\u003c/code\u003e but can be set to another value.\nSee the \u003ca href=\"https://github.com/Khan/genqlient/blob/main/docs/subscriptions.md\"\u003edocumentation\u003c/a\u003e for more details on how to use subscriptions.\u003c/li\u003e\n\u003cli\u003egenqlient now supports double-star globs for schema and query files; see \u003ca href=\"https://github.com/Khan/genqlient/blob/main/docs/genqlient.yaml\"\u003e\u003ccode\u003ehttps://github.com/Khan/genqlient/blob/main/docs/genqlient.yaml\u003c/code\u003e docs\u003c/a\u003e for more.\u003c/li\u003e\n\u003cli\u003egenqlient now generates slices containing all enum values for each enum type.\u003c/li\u003e\n\u003cli\u003egenqlient now returns \u003ccode\u003eIs\u003c/code\u003e/\u003ccode\u003eAs\u003c/code\u003e-able errors when the HTTP request returns a non-200 status.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes:\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eomitempty validation:\n\u003cul\u003e\n\u003cli\u003eallow \u003ccode\u003eomitempty\u003c/code\u003e on non-nullable input field, if the field has a default\u003c/li\u003e\n\u003cli\u003eallow \u003ccode\u003eomitempty: false\u003c/code\u003e on an input field, even when it is non-nullable\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003edon't do \u003ccode\u003eomitempty\u003c/code\u003e and \u003ccode\u003epointer\u003c/code\u003e input types validation when \u003ccode\u003euse_struct_reference\u003c/code\u003e is used, as the generated type is often not compatible with validation logic.\u003c/li\u003e\n\u003cli\u003ethe \u003ccode\u003eallow_broken_features\u003c/code\u003e option, which no longer did anything, has been removed\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/6309a6ef5f325d254be1a91756b56fd9ec5441a3\"\u003e\u003ccode\u003e6309a6e\u003c/code\u003e\u003c/a\u003e Release v0.8.1 (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/381\"\u003e#381\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/ad1db8f531b790837fe52947d8e5527752821d9f\"\u003e\u003ccode\u003ead1db8f\u003c/code\u003e\u003c/a\u003e Fix typo frragment -\u0026gt; fragment (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/380\"\u003e#380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/e2e0ef0ffa068f8abdfa61c737ed7c23dc70500f\"\u003e\u003ccode\u003ee2e0ef0\u003c/code\u003e\u003c/a\u003e Auto snake case (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/377\"\u003e#377\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/bc17161536c0b61b8ed24bfb955a7d16caeec692\"\u003e\u003ccode\u003ebc17161\u003c/code\u003e\u003c/a\u003e Add field aliasing (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/376\"\u003e#376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/86db6f08b9de0db041beae947bb2e6f9b02d2748\"\u003e\u003ccode\u003e86db6f0\u003c/code\u003e\u003c/a\u003e chore: upgrade alexflint/go-arg (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/375\"\u003e#375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/3a0d213034f77f0523632d1627b239c5a59888ce\"\u003e\u003ccode\u003e3a0d213\u003c/code\u003e\u003c/a\u003e Matching in genqlient by Normalizing Paths (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/373\"\u003e#373\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/63893acf8f44252a5d074757821e5ae4ce965fc4\"\u003e\u003ccode\u003e63893ac\u003c/code\u003e\u003c/a\u003e Fix link in introduction.md (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/78a03a6c6df684eba7233c8efc9ffb9d4ffdfcea\"\u003e\u003ccode\u003e78a03a6\u003c/code\u003e\u003c/a\u003e Release v0.8.0 (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/370\"\u003e#370\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/8ba2f831316f9d31e059bfafb856bdff7f2196ab\"\u003e\u003ccode\u003e8ba2f83\u003c/code\u003e\u003c/a\u003e Fix documentation for client error As-ability, and add tests (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/369\"\u003e#369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Khan/genqlient/commit/6010b636967a16fed1058591b70899b3608fb2cb\"\u003e\u003ccode\u003e6010b63\u003c/code\u003e\u003c/a\u003e HTTPError wraps full Response for typed output (\u003ca href=\"https://redirect.github.com/Khan/genqlient/issues/366\"\u003e#366\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/Khan/genqlient/compare/v0.7.0...v0.8.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/a-h/templ` from 0.2.543 to 0.3.1001\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/a-h/templ/releases\"\u003egithub.com/a-h/templ's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.3.1001\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e2c505c0 chore: add unit test to cover recent fix\u003c/li\u003e\n\u003cli\u003e4233429 chore: bump compiler to Go 1.26\u003c/li\u003e\n\u003cli\u003e1b9a429 chore: bump deps in fiber example\u003c/li\u003e\n\u003cli\u003e54981db chore: bump docusaurus version\u003c/li\u003e\n\u003cli\u003ee606c30 chore: bump flake builder\u003c/li\u003e\n\u003cli\u003e66bc28b chore: bump gofiber example deps\u003c/li\u003e\n\u003cli\u003e95f88a6 chore: bump to Go 1.25, update csrf example\u003c/li\u003e\n\u003cli\u003e916a243 chore: bump version\u003c/li\u003e\n\u003cli\u003e45dda73 chore: fix test broken by merge\u003c/li\u003e\n\u003cli\u003e5ddd784 chore: revert Nix bump to Go 1.26 because it breaks the golangci-lint package\u003c/li\u003e\n\u003cli\u003e4037d8a feat: add Range to BoolConstantAttribute nodes (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1340\"\u003e#1340\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eafb0034 feat: add Range to BooleanExpressionAttribute nodes (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1336\"\u003e#1336\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec80f745 feat: add Range to ChildrenExpression nodes (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1337\"\u003e#1337\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb0f5243 feat: add Range to ConditionalAttribute nodes (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1338\"\u003e#1338\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e60fc376 feat: add Range to ConstantAttribute nodes (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1341\"\u003e#1341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb4e809e feat: add Range to SpreadAttributes nodes (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1335\"\u003e#1335\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e5824d4b feat: add TLS support to live reload proxy (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1345\"\u003e#1345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ee9a940b feat: strip space from CSS classname rendering, closes \u003ca href=\"https://redirect.github.com/a-h/templ/issues/1074\"\u003e#1074\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1346\"\u003e#1346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebdda41e fix: don't remove unaliased hyphenated imports if they're used (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1342\"\u003e#1342\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec2ff8bb fix: issue 1253 (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecf6235a fix: proxy escaping characters (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1321\"\u003e#1321\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ed97730c fix: support nushell for prettier, fixes \u003ca href=\"https://redirect.github.com/a-h/templ/issues/1266\"\u003e#1266\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1343\"\u003e#1343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eb666bd7 fix: undefined variable in proxy test range loop (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1324\"\u003e#1324\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebe8271d refactor: skip some more tests that require prettier\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.3.977\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ee269629 chore: bump nix dependencies\u003c/li\u003e\n\u003cli\u003ee16061b chore: bump npm docs (npm audit fix)\u003c/li\u003e\n\u003cli\u003eacc6444 chore: bump versions in examples\u003c/li\u003e\n\u003cli\u003e54b3856 chore: fix broken unit test\u003c/li\u003e\n\u003cli\u003e8662cdb feat(proxy): flush streamed html (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1271\"\u003e#1271\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edc31b64 feat: add Range to DocType nodes (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1302\"\u003e#1302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebe9d6c9 feat: add Range to Whitespace nodes (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1301\"\u003e#1301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ea74cfa9 feat: add prettier to templ info command\u003c/li\u003e\n\u003cli\u003e0d69ba4 feat: add support for \u0026quot;fallthrough\u0026quot; in case statements (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1289\"\u003e#1289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ea7df818 fix: LSP diagnostics on Windows (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1274\"\u003e#1274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e40d2b42 fix: LSP proxy SourceMapCache should not store nil SourceMaps (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1294\"\u003e#1294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e25dc2ce fix: normalize leading whitespaces in multiline go code (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1305\"\u003e#1305\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e7be7dd6 fix: prevent templ fmt from adding whitespace to blank lines in inline functions (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1287\"\u003e#1287\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e554eab8 fix: wait for proxy to be ready upon restart (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1299\"\u003e#1299\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.3.960\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e7a75104 chore: bump version\u003c/li\u003e\n\u003cli\u003e8b51dc9 chore: bump version\u003c/li\u003e\n\u003cli\u003e336ca10 chore: bump version\u003c/li\u003e\n\u003cli\u003eb75203b chore: fix ensure generated\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/5ddd784440b232930161d76c7ca85d922fdcf183\"\u003e\u003ccode\u003e5ddd784\u003c/code\u003e\u003c/a\u003e chore: revert Nix bump to Go 1.26 because it breaks the golangci-lint package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/66bc28ba98f86760cb4bf6b4bf053712b078cdac\"\u003e\u003ccode\u003e66bc28b\u003c/code\u003e\u003c/a\u003e chore: bump gofiber example deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/4233429a642783b86210bb4dcdd96a1e3f85805b\"\u003e\u003ccode\u003e4233429\u003c/code\u003e\u003c/a\u003e chore: bump compiler to Go 1.26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/45dda7376a22bd23ccf0a06938205fd4d707584a\"\u003e\u003ccode\u003e45dda73\u003c/code\u003e\u003c/a\u003e chore: fix test broken by merge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/916a24376495584474b2fb93a92e11a64c8ac929\"\u003e\u003ccode\u003e916a243\u003c/code\u003e\u003c/a\u003e chore: bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/d97730c370b9f8961590feb60ed0b50af997ae62\"\u003e\u003ccode\u003ed97730c\u003c/code\u003e\u003c/a\u003e fix: support nushell for prettier, fixes \u003ca href=\"https://redirect.github.com/a-h/templ/issues/1266\"\u003e#1266\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1343\"\u003e#1343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/c2ff8bbb347008e470f5fbb7e9f5a793a8196b4e\"\u003e\u003ccode\u003ec2ff8bb\u003c/code\u003e\u003c/a\u003e fix: issue 1253 (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1339\"\u003e#1339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/5824d4b54de71e8f2bb183171f873a263cc7ed19\"\u003e\u003ccode\u003e5824d4b\u003c/code\u003e\u003c/a\u003e feat: add TLS support to live reload proxy (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1345\"\u003e#1345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/be8271d5c7d5a1d2d8f6bd18317fe2ba68d55a00\"\u003e\u003ccode\u003ebe8271d\u003c/code\u003e\u003c/a\u003e refactor: skip some more tests that require prettier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/a-h/templ/commit/e9a940b9a9c5dacc7fe721fe815df9c4c5371053\"\u003e\u003ccode\u003ee9a940b\u003c/code\u003e\u003c/a\u003e feat: strip space from CSS classname rendering, closes \u003ca href=\"https://redirect.github.com/a-h/templ/issues/1074\"\u003e#1074\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/a-h/templ/issues/1346\"\u003e#1346\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/a-h/templ/compare/v0.2.543...v0.3.1001\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/adrg/xdg` from 0.4.0 to 0.5.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/adrg/xdg/releases\"\u003egithub.com/adrg/xdg's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.5.3\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003exdg.SearchRuntimeFile\u003c/code\u003e to also look in the operating system's temporary directory for runtime files.\nThis covers unlikely cases in which runtime files cannot be written relative to the base runtime directory either because it does not exist or it is not accessible, so \u003ccode\u003exdg.RuntimeFile\u003c/code\u003e suggests the operating system's temporary directory as a suitable fallback location.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImproved package testing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.2\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated logic of \u003ccode\u003exdg.RuntimeFile\u003c/code\u003e: due to the special nature of the \u003ccode\u003eruntime directory\u003c/code\u003e, the function no longer attempts to create it if it does not exist. If that's the case, the function uses the operating system's \u003ccode\u003etemporary directory\u003c/code\u003e as a fallback. The function still creates subdirectories relative to the base runtime directory or its fallback.\u003c/p\u003e\n\u003cp\u003eJustification: the creation of the runtime directory is not in the scope of this package as it has special requirements defined by the \u003ca href=\"https://specifications.freedesktop.org/basedir-spec/latest\"\u003eXDG Base Directory Specification\u003c/a\u003e. Relevant excerpt:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eThe lifetime of the directory MUST be bound to the user being logged in. It MUST be created  when the user first logs in and if the user fully logs out the directory MUST be removed. If the user logs in more than once they should get pointed to the same directory, and it is mandatory that the directory continues to exist from their first login to their last logout on the system, and not removed in between. Files in the directory MUST not survive reboot or a full logout/login cycle.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eAlso, on \u003ccode\u003eLinux\u003c/code\u003e, the parent directories of the default user runtime directory are owned by the root user so they cannot be created by a regular user. \u003ca href=\"https://www.freedesktop.org/software/systemd/man/latest/pam_systemd.html\"\u003epam_systemd\u003c/a\u003e is usually responsible for creating the runtime directory (\u003ccode\u003e/run/user/$UID\u003c/code\u003e).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.1\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for the non-standard \u003ccode\u003eXDG_BIN_HOME\u003c/code\u003e base directory.\nSee \u003ca href=\"https://github.com/adrg/xdg?tab=readme-ov-file#xdg-base-directory\"\u003eXDG base directories\u003c/a\u003e README section for more details.\u003c/li\u003e\n\u003cli\u003eAdded more config and data search locations on \u003ccode\u003emacOS\u003c/code\u003e.\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e~/.config\u003c/code\u003e at the end of the list of default locations for \u003ccode\u003eXDG_CONFIG_DIRS\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003e~/.local/share\u003c/code\u003e at the end of the list of default locations for \u003ccode\u003eXDG_DATA_DIRS\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAdded more application search locations on \u003ccode\u003eWindows\u003c/code\u003e:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e%ProgramFiles%\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e%ProgramFiles%\\Common Files\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e%LOCALAPPDATA%\\Programs\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e%LOCALAPPDATA%\\Programs\\Common\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated \u003ccode\u003egolang.org/x/sys\u003c/code\u003e dependency to the latest version.\u003c/li\u003e\n\u003cli\u003eImproved package testing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.0\u003c/h2\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003euser-dirs.dirs\u003c/code\u003e config file is now parsed on Unix-like operating systems (except for macOS and Plan 9).\nSee \u003ca href=\"https://github.com/adrg/xdg?tab=readme-ov-file#xdg-user-directories\"\u003eXDG user directories\u003c/a\u003e README section for more details.\u003c/li\u003e\n\u003cli\u003eUpdated \u003ccode\u003egolang.org/x/sys\u003c/code\u003e dependency to the latest version.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eInternal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eMoved all path related functionality in internal \u003ccode\u003epathutil\u003c/code\u003e package.\u003c/li\u003e\n\u003cli\u003eAdded internal \u003ccode\u003euserdirs\u003c/code\u003e package:\n\u003cul\u003e\n\u003cli\u003eMoved \u003ccode\u003exdg.UserDirectories\u003c/code\u003e to \u003ccode\u003euserdirs.Directories\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAdded parsing functions for \u003ccode\u003euser-dirs.dirs\u003c/code\u003e config file.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eImproved package testing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/aa865a51a1b35fd06925fd6b8604991e79e3167e\"\u003e\u003ccode\u003eaa865a5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/adrg/xdg/issues/101\"\u003e#101\u003c/a\u003e from adrg/update-search-runtime-file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/71a81eccf3e9ac9ebf03e8c11ca3ed60a06eac7f\"\u003e\u003ccode\u003e71a81ec\u003c/code\u003e\u003c/a\u003e Minor xdg.SearchRuntimeFile function documentation update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/88111eba52ac2a211b97194266db5207c975c266\"\u003e\u003ccode\u003e88111eb\u003c/code\u003e\u003c/a\u003e Minor example update in README.md and doc.go\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/d9f76be86d944bf2b9bdb8544952111e2533f3ad\"\u003e\u003ccode\u003ed9f76be\u003c/code\u003e\u003c/a\u003e Improve non-existent runtime directory test case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/800775a49c0a7877af5dca22104b90dc7e788cd0\"\u003e\u003ccode\u003e800775a\u003c/code\u003e\u003c/a\u003e Update xdg.SearchRuntimeFile to also look in temporary directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/2335a687b19a49dafb193856d64d911d33c4b3c1\"\u003e\u003ccode\u003e2335a68\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/adrg/xdg/issues/99\"\u003e#99\u003c/a\u003e from adrg/improve-runtime-file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/221e50698e5b31d277289e971f645299279efdd5\"\u003e\u003ccode\u003e221e506\u003c/code\u003e\u003c/a\u003e Minor non-existent runtime directory test case fix on macOS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/9bbb6024b2e9ee213bbed1f63ae8ea6063767d5b\"\u003e\u003ccode\u003e9bbb602\u003c/code\u003e\u003c/a\u003e Minor error format improvement in pathutil.Create and pathutil.Search\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/987b3ce5c440036b799a21a633a699be91530d0a\"\u003e\u003ccode\u003e987b3ce\u003c/code\u003e\u003c/a\u003e Minor README.md update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/adrg/xdg/commit/3c39d559725cf005c392630100f4f338b49daf24\"\u003e\u003ccode\u003e3c39d55\u003c/code\u003e\u003c/a\u003e Add non-existent runtime directory test case\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/adrg/xdg/compare/v0.4.0...v0.5.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/charmbracelet/bubbletea` from 0.25.0 to 1.3.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/charmbracelet/bubbletea/releases\"\u003egithub.com/charmbracelet/bubbletea's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.3.10\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e9edf69c677c7353eca5fae6d3ea3986af39717b7: fix: handle setWindowTitleMsg and windowSizeMsg in eventLoop (\u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003eThoughts? Questions? We love hearing from you. Feel free to reach out on \u003ca href=\"https://x.com/charmcli\"\u003eX\u003c/a\u003e, \u003ca href=\"https://charm.land/discord\"\u003eDiscord\u003c/a\u003e, \u003ca href=\"https://charm.land/slack\"\u003eSlack\u003c/a\u003e, \u003ca href=\"https://mastodon.social/@charmcli\"\u003eThe Fediverse\u003c/a\u003e, \u003ca href=\"https://bsky.app/profile/charm.land\"\u003eBluesky\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev1.3.9\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eNew Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e314b50c7b452fd737d28582ae9d27c04ea725001: feat: properly call nested sequenceMsg and batchMsg (\u003ca href=\"https://github.com/wolfmagnate\"\u003e\u003ccode\u003e@​wolfmagnate\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e9e0e8f0df1c55044ed04bd17f4b460e01e94dc9c: fix: recover from nested panics in Sequence and Batch commands (\u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther work\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e6e1282a76358cb680de9d4de7520f9f99c9e2903: add example for the nested Sequence and Batch (\u003ca href=\"https://github.com/wolfmagnate\"\u003e\u003ccode\u003e@​wolfmagnate\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e0290af4a499ee6a3e22822cebe1e74fdeac313be: simplify case for BatchMsg (\u003ca href=\"https://github.com/wolfmagnate\"\u003e\u003ccode\u003e@​wolfmagnate\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003eThoughts? Questions? We love hearing from you. Feel free to reach out on \u003ca href=\"https://twitter.com/charmcli\"\u003eTwitter\u003c/a\u003e, \u003ca href=\"https://charm.land/discord\"\u003eDiscord\u003c/a\u003e, \u003ca href=\"https://charm.land/slack\"\u003eSlack\u003c/a\u003e, \u003ca href=\"https://mastodon.technology/@charm\"\u003eThe Fediverse\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev1.3.8\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e21eecd586367fd0cd78da6842c48f9c4b1185b6f: fix: send batch commands to cmds channel instead of executing them in event loop (\u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/1473\"\u003e#1473\u003c/a\u003e) (\u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003eThoughts? Questions? We love hearing from you. Feel free to reach out on \u003ca href=\"https://twitter.com/charmcli\"\u003eTwitter\u003c/a\u003e, \u003ca href=\"https://charm.land/discord\"\u003eDiscord\u003c/a\u003e, \u003ca href=\"https://charm.land/slack\"\u003eSlack\u003c/a\u003e, \u003ca href=\"https://mastodon.technology/@charm\"\u003eThe Fediverse\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev1.3.7\u003c/h2\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003eBug fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e28ab4f41b29fef14d900c46a4873a45891a9ee9b: fix(renderer): properly reset cursor position to start of line (\u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/1472\"\u003e#1472\u003c/a\u003e) (\u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ec76509a9d4974207cd66255707d14f4f938f7f52: fix: compact sequences like batches (\u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/958\"\u003e#958\u003c/a\u003e) (\u003ca href=\"https://github.com/jdhenke\"\u003e\u003ccode\u003e@​jdhenke\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ef5da8d068af74764b271a197de54e2bc2bfedb38: fix: handle nested SequenceMsg in event loop and use sync.WaitGroup f… (\u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/1463\"\u003e#1463\u003c/a\u003e) (\u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e80ea844a7650c84e13958de14cdd4f63ac1775aa: fix: lint issues in key_windows.go and tty_windows.go (\u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ec3136ed49037a096fe05c6cb16f0a14a38e20c58: docs(license): update copyright date range (\u003ca href=\"https://github.com/meowgorithm\"\u003e\u003ccode\u003e@​meowgorithm\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e919805f8f0d134af7e3569b0054c13b561976dfa: docs(readme): update footer art (\u003ca href=\"https://github.com/meowgorithm\"\u003e\u003ccode\u003e@​meowgorithm\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ef01583bb899e125c7a26d3b870eff585ec0f4816: docs: show the correct branch in the build badge (\u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther work\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/9edf69c677c7353eca5fae6d3ea3986af39717b7\"\u003e\u003ccode\u003e9edf69c\u003c/code\u003e\u003c/a\u003e fix: handle setWindowTitleMsg and windowSizeMsg in eventLoop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/31c0299982a8237acc35979ce07f25f441c62cd6\"\u003e\u003ccode\u003e31c0299\u003c/code\u003e\u003c/a\u003e chore(deps): bump github.com/lucasb-eyer/go-colorful (\u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/1496\"\u003e#1496\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/ffa05021909e14c478cbe138ca78effbea04e4e0\"\u003e\u003ccode\u003effa0502\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/848\"\u003e#848\u003c/a\u003e from wolfmagnate/fix-nested-cmd-order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/9e0e8f0df1c55044ed04bd17f4b460e01e94dc9c\"\u003e\u003ccode\u003e9e0e8f0\u003c/code\u003e\u003c/a\u003e fix: recover from nested panics in Sequence and Batch commands\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/0966c3a140902959f86223eb4092bb52a74e8c96\"\u003e\u003ccode\u003e0966c3a\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix-nested-cmd-order\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/21eecd586367fd0cd78da6842c48f9c4b1185b6f\"\u003e\u003ccode\u003e21eecd5\u003c/code\u003e\u003c/a\u003e fix: send batch commands to cmds channel instead of executing them in event l...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/9aae1f0a1bce0226c058b969f8f13f40bf012a69\"\u003e\u003ccode\u003e9aae1f0\u003c/code\u003e\u003c/a\u003e chore(examples): go mod tidy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/41f39959f2617a5cba6530608690e98c682c4439\"\u003e\u003ccode\u003e41f3995\u003c/code\u003e\u003c/a\u003e chore(deps): bump golang.org/x/sys in the all group (\u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/1492\"\u003e#1492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/3da2d282196bb732a8b80a373318d73f29b6bb55\"\u003e\u003ccode\u003e3da2d28\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/setup-go from 5 to 6 in the all group (\u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/1491\"\u003e#1491\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/bubbletea/commit/28ab4f41b29fef14d900c46a4873a45891a9ee9b\"\u003e\u003ccode\u003e28ab4f4\u003c/code\u003e\u003c/a\u003e fix(renderer): properly reset cursor position to start of line (\u003ca href=\"https://redirect.github.com/charmbracelet/bubbletea/issues/1472\"\u003e#1472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/charmbracelet/bubbletea/compare/v0.25.0...v1.3.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/charmbracelet/lipgloss` from 0.10.0 to 1.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/charmbracelet/lipgloss/releases\"\u003egithub.com/charmbracelet/lipgloss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003ch2\u003eTables, Improved\u003c/h2\u003e\n\u003cp\u003eIn this release, the inimitable \u003ca href=\"https://github.com/andreynering\"\u003e\u003ccode\u003e@​andreynering\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/bashbunni\"\u003e\u003ccode\u003e@​bashbunni\u003c/code\u003e\u003c/a\u003e majorly overhauled on the table sizing and content wrapping algorithms. Tables will now be much smarter on deciding the ideal width of each column, and contents now wraps by default inside cells.\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// Table content wraps by default.\r\nt := table.New().\r\n    Headers(someHeaders...).\r\n    Rows(someRows...).\r\n    Width(80)\r\n\u003cp\u003efmt.Println(t)\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003e// Actually, let's not wrap the content.\r\nt := table.New().\r\n    Headers(someHeaders...).\r\n    Rows(someRows...).\r\n    Width(80).\r\n    Wrap(false)\r\n\r\nfmt.Println(t)\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eNew Border Styles\u003c/h2\u003e\n\u003cp\u003eAlso, we added two new border styles that you can use to generate tables in Markdown and ASCII styles.\u003c/p\u003e\n\u003ch3\u003eMarkdown Tables\u003c/h3\u003e\n\u003cp\u003eTo render tables correctly for Markdown you'll want to use \u003ca href=\"https://pkg.go.dev/github.com/charmbracelet/lipgloss@v1.1.0#MarkdownBorder\"\u003e\u003ccode\u003elipgloss.MarkdownBorder\u003c/code\u003e\u003c/a\u003e \u003cem\u003eand\u003c/em\u003e disable the top and bottom borders.\u003c/p\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003et := table.New().\r\n    Headers(someHeaders...).\r\n    Rows(someRows).\r\n    Border(lipgloss.MarkdownBorder()).\r\n    BorderTop(false).\r\n    BorderBottom(false)\r\n\u003cp\u003efmt.Println(t)\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/f0e45475a64ee60d712b81145172d3739db36a93\"\u003e\u003ccode\u003ef0e4547\u003c/code\u003e\u003c/a\u003e chore: fix lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/fb0d75756388d327a7d6f3721c83d6e122aee6f2\"\u003e\u003ccode\u003efb0d757\u003c/code\u003e\u003c/a\u003e chore(taskfile): delete \u003ccode\u003elint:all\u003c/code\u003e and \u003ccode\u003elint:soft\u003c/code\u003e tasks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/1209cf0750c629e5e4d5f3fe99bf8fc3454733b1\"\u003e\u003ccode\u003e1209cf0\u003c/code\u003e\u003c/a\u003e ci: sync golangci-lint config (\u003ca href=\"https://redirect.github.com/charmbracelet/lipgloss/issues/490\"\u003e#490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/c454a0adaafcf9ff18704e8b27aa8fe4a2d22026\"\u003e\u003ccode\u003ec454a0a\u003c/code\u003e\u003c/a\u003e feat(tables): add markdown and ascii border style for tables (\u003ca href=\"https://redirect.github.com/charmbracelet/lipgloss/issues/480\"\u003e#480\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/341996d8a0782447c845154288e42d7f50baf27b\"\u003e\u003ccode\u003e341996d\u003c/code\u003e\u003c/a\u003e chore: update \u003ccode\u003echarmbracelet/x/cellbuf\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/1f1209e8be34adf156ed35bed6aded58410f071b\"\u003e\u003ccode\u003e1f1209e\u003c/code\u003e\u003c/a\u003e feat(table): use cellbuf to preserve styles for wrapped content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/2aa2eb0349ddb873dcd4548a642cc3b3e6809d90\"\u003e\u003ccode\u003e2aa2eb0\u003c/code\u003e\u003c/a\u003e test(table): test wrapping cell styles\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/9500f10a6b9145b4d3ed9b317ad952ca162dbde3\"\u003e\u003ccode\u003e9500f10\u003c/code\u003e\u003c/a\u003e fix(table): ensure we're passing the right row index to \u003ccode\u003estyleFunc\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/7b191c57d42d0bb7e73873719ad5d572aced14ec\"\u003e\u003ccode\u003e7b191c5\u003c/code\u003e\u003c/a\u003e fix(test): make table wrapping tests use golden files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/charmbracelet/lipgloss/commit/9cfb7dd7998c648cbe502b96bac83ddb8ca2a38c\"\u003e\u003ccode\u003e9cfb7dd\u003c/code\u003e\u003c/a\u003e test(table): check truncation logic for overflow and nowrap\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/charmbracelet/lipgloss/compare/v0.10.0...v1.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/console` from 1.0.4 to 1.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/console/releases\"\u003egithub.com/containerd/console's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add solaris to non-supported shim. by \u003ca href=\"https://github.com/jperkin\"\u003e\u003ccode\u003e@​jperkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/console/pull/84\"\u003econtainerd/console#84\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003epty: add GetPtyFromFile as safer GetPty by \u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/console/pull/86\"\u003econtainerd/console#86\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jperkin\"\u003e\u003ccode\u003e@​jperkin\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containerd/console/pull/84\"\u003econtainerd/console#84\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cyphar\"\u003e\u003ccode\u003e@​cyphar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containerd/console/pull/86\"\u003econtainerd/console#86\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/containerd/console/compare/v1.0.4...v1.0.5\"\u003ehttps://github.com/containerd/console/compare/v1.0.4...v1.0.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/console/commit/c8d962180f543ac07c008ecc79a413406ea10c0b\"\u003e\u003ccode\u003ec8d9621\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/console/issues/86\"\u003e#86\u003c/a\u003e from cyphar/newpty-from-file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/console/commit/fa4de4c0aec0e866904828dbb2c5a1383dd56bd3\"\u003e\u003ccode\u003efa4de4c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/console/issues/84\"\u003e#84\u003c/a\u003e from jperkin/fix-solaris\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/console/commit/c79e45e6b8addceef7d8bb3c96809bd7f0ed4433\"\u003e\u003ccode\u003ec79e45e\u003c/code\u003e\u003c/a\u003e pty: add GetPtyFromFile as safer GetPty\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/console/commit/12ba7453ffca933d433261ec89cbb9b97974567a\"\u003e\u003ccode\u003e12ba745\u003c/code\u003e\u003c/a\u003e tc: make internal handlers take File interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/console/commit/9dd67e11b32547c0e9e9bdb9c593ca008b9177c1\"\u003e\u003ccode\u003e9dd67e1\u003c/code\u003e\u003c/a\u003e gha: bump containerd/project-checks to v1.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/console/commit/37ae7bbd2fb26e22e74a2c9431eb1ad61d274fdf\"\u003e\u003ccode\u003e37ae7bb\u003c/code\u003e\u003c/a\u003e fix: add solaris to non-supported shim.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containerd/console/compare/v1.0.4...v1.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.7.15 to 1.7.30\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.7.30\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.7.30 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirtieth patch release for containerd 1.7 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFix NRI dropping requested CDI devices silently\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRedact all query parameters in CRI error logs\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12551\"\u003e#12551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eRuntime\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eUpdate runc binary to v1.3.4\u003c/strong\u003e (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12619\"\u003e#12619\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eMike Brown\u003c/li\u003e\n\u003cli\u003eWei Fu\u003c/li\u003e\n\u003cli\u003eAndrey Noskov\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eDavanum Srinivas\u003c/li\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eKrisztian Litkey\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003ePaweł Gronowski\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare release notes for v1.7.30 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12652\"\u003e#12652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d2e\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix NRI dropping requested CDI devices silently (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12650\"\u003e#12650\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f47e\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003escript/setup/install-cni: install CNI plugins v1.9.0 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12660\"\u003e#12660\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b562\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ego.mod: golang.org/x/crypto v0.45.0 (drop support for Go 1.23) (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/12640\"\u003e#12640\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b47\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd2224\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/71c1c8666c6a999cc8c319160b6b2ea38c4a2c9e\"\u003e\u003ccode\u003e71c1c86\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12652\"\u003e#12652\u003c/a\u003e from dmcgowan/prepare-1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3d0ca6d2e7ba597bf0423e5f5f49e47b81c1e7a0\"\u003e\u003ccode\u003e3d0ca6d\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.7.30\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/a8ce78b8eb3e4b5c6eca0cc4d5a5706288bc5184\"\u003e\u003ccode\u003ea8ce78b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12650\"\u003e#12650\u003c/a\u003e from klihub/fixes/1.7.x/nri-cdi-device-injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ba2b3a20c5101cabe91768d9360b1f0b7055f492\"\u003e\u003ccode\u003eba2b3a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12660\"\u003e#12660\u003c/a\u003e from AkihiroSuda/cni-1.9.0-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0bc74f47e708bd843e676c5a8617f0498ea6459a\"\u003e\u003ccode\u003e0bc74f4\u003c/code\u003e\u003c/a\u003e cri,nri: don't drop requested CDI devices silently.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7db16b5627a550caf05d9a902e16cb0d04bf1ee1\"\u003e\u003ccode\u003e7db16b5\u003c/code\u003e\u003c/a\u003e script/setup/install-cni: install CNI plugins v1.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/3b655c21e08e51cbd81d353cdcfc7a1d722ea322\"\u003e\u003ccode\u003e3b655c2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/12640\"\u003e#12640\u003c/a\u003e from AkihiroSuda/dev-1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/bca897b4739fef9b6a34c54ac6050d1621e53f92\"\u003e\u003ccode\u003ebca897b\u003c/code\u003e\u003c/a\u003e go.mod: golang.org/x/crypto v0.45.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/37cbd2224e674c317e25b03bbf4ab5a9ed644a5d\"\u003e\u003ccode\u003e37cbd22\u003c/code\u003e\u003c/a\u003e CI: drop Go 1.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ee49d1747c357cd45119750d4db464f957f4d793\"\u003e\u003ccode\u003eee49d17\u003c/code\u003e\u003c/a\u003e Update Go requirements in BUILDING\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.7.15...v1.7.30\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/continuity` from 0.4.3 to 0.4.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/continuity/releases\"\u003egithub.com/containerd/continuity's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.4.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eupdate golangci-lint to vl.55.0 by \u003ca href=\"https://github.com/henry118\"\u003e\u003ccode\u003e@​henry118\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/233\"\u003econtainerd/continuity#233\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efs: add DiffDirChanges function to get changeset fast by \u003ca href=\"https://github.com/fuweid\"\u003e\u003ccode\u003e@​fuweid\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/145\"\u003econtainerd/continuity#145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esupport filesystem magic for linux by \u003ca href=\"https://github.com/yylt\"\u003e\u003ccode\u003e@​yylt\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/239\"\u003econtainerd/continuity#239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/protobuf from 1.26.0 to 1.33.0 in /cmd/continuity by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/237\"\u003econtainerd/continuity#237\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump google.golang.org/protobuf from 1.26.0 to 1.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/238\"\u003econtainerd/continuity#238\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efs: implement Atime for Windows by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/241\"\u003econtainerd/continuity#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix TestDiffDirChangeWithOverlayfs (also updates the CI to use Ubuntu 24.04) by \u003ca href=\"https://github.com/AkihiroSuda\"\u003e\u003ccode\u003e@​AkihiroSuda\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/249\"\u003econtainerd/continuity#249\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eswitch to github.com/containerd/log module by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/243\"\u003econtainerd/continuity#243\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egha: run CI on go1.22 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/242\"\u003econtainerd/continuity#242\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: prune indirect gopkg.in/yaml.v3 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/250\"\u003econtainerd/continuity#250\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egha: update CodeQL action to v3, run on go1.22 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/251\"\u003econtainerd/continuity#251\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efs: properly handle ENOTSUP in copyXAttrs by \u003ca href=\"https://github.com/sondavidb\"\u003e\u003ccode\u003e@​sondavidb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/245\"\u003econtainerd/continuity#245\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego-fix: remove pre-go1.17 build-tags by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/252\"\u003econtainerd/continuity#252\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ekind.String(): fix missing case statements for iota consts in switch by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/256\"\u003econtainerd/continuity#256\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecmd/continuity/commands: MountCmd: remove macOS remnants by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/254\"\u003econtainerd/continuity#254\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ego.mod: bump up by \u003ca href=\"https://github.com/AkihiroSuda\"\u003e\u003ccode\u003e@​AkihiroSuda\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/257\"\u003econtainerd/continuity#257\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yylt\"\u003e\u003ccode\u003e@​yylt\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/239\"\u003econtainerd/continuity#239\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/237\"\u003econtainerd/continuity#237\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sondavidb\"\u003e\u003ccode\u003e@​sondavidb\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/containerd/continuity/pull/245\"\u003econtainerd/continuity#245\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/containerd/continuity/compare/v0.4.3...v0.4.4\"\u003ehttps://github.com/containerd/continuity/compare/v0.4.3...v0.4.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/2fab5e9ef807da8b932addc4ca1fe6c551ca1c15\"\u003e\u003ccode\u003e2fab5e9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/continuity/issues/257\"\u003e#257\u003c/a\u003e from AkihiroSuda/dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/8ae2b5ed00ea2ce911d163c19b85de58ffeaee10\"\u003e\u003ccode\u003e8ae2b5e\u003c/code\u003e\u003c/a\u003e Disable FUSE for FreeBSD\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/ef3b6f490ced58b82bf25ffd3ca5c242bedf06ef\"\u003e\u003ccode\u003eef3b6f4\u003c/code\u003e\u003c/a\u003e go.mod: bump up\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/332293b49b3d268b404b4ff539be3b909170ade0\"\u003e\u003ccode\u003e332293b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/continuity/issues/254\"\u003e#254\u003c/a\u003e from thaJeztah/rm_macos_bits\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/1287117cdbc7879395a64e0bd04aafd151fa4b69\"\u003e\u003ccode\u003e1287117\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/continuity/issues/256\"\u003e#256\u003c/a\u003e from thaJeztah/fix_kind\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/0a983fcf9e1c92e9b4a102e66e5f2e59f2c3925f\"\u003e\u003ccode\u003e0a983fc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/continuity/issues/252\"\u003e#252\u003c/a\u003e from thaJeztah/gofix_buildtags\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/75b1c65ec9b850224f4e37b006ebd779bcf6f2e8\"\u003e\u003ccode\u003e75b1c65\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/continuity/issues/245\"\u003e#245\u003c/a\u003e from sondavidb/properly-handle-fs-without-xattrs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/cb01a52dedbb5cadd243e15be7fefb6906861bd7\"\u003e\u003ccode\u003ecb01a52\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/continuity/issues/251\"\u003e#251\u003c/a\u003e from thaJeztah/bump_codeql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/7d074e72420162b4e873d4699f2518c02fcb983f\"\u003e\u003ccode\u003e7d074e7\u003c/code\u003e\u003c/a\u003e kind.String(): fix missing case statements for iota consts in switch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/continuity/commit/327ebdd9c1ddcbfd517279a3602efa286dfe5cdc\"\u003e\u003ccode\u003e327ebdd\u003c/code\u003e\u003c/a\u003e cmd/continuity/commands: ...\n\n_Description has been truncated_","html_url":"https://github.com/samalba/dagger/pull/280","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/samalba%2Fdagger/issues/280","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/280/packages"}},{"old_version":"2.8.1+incompatible","new_version":"2.8.2+incompatible","update_type":"patch","path":null,"pr_created_at":"2026-02-24T03:16:54.000Z","version_change":"2.8.1+incompatible → 2.8.2+incompatible","issue":{"uuid":"3981261403","node_id":"PR_kwDOPcPlF87Fzjh6","number":670,"state":"open","title":"build(deps): bump the go_modules group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-24T03:16:54.000Z","updated_at":"2026-02-25T06:02:09.689Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go_modules","update_count":5,"packages":[{"name":"github.com/docker/distribution","old_version":"2.8.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/golang-jwt/jwt/v4","old_version":"4.5.0","new_version":"4.5.2","repository_url":"https://github.com/golang-jwt/jwt"},{"name":"github.com/jackc/pgproto3/v2","old_version":"2.3.0","new_version":"2.3.3","repository_url":"https://github.com/jackc/pgproto3"},{"name":"github.com/jackc/pgx/v4","old_version":"4.16.0","new_version":"4.18.2","repository_url":"https://github.com/jackc/pgx"},{"name":"golang.org/x/crypto","old_version":"0.41.0","new_version":"0.45.0","repository_url":"https://github.com/golang/crypto"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 5 updates in the /components/ambient-api-server directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/docker/distribution](https://github.com/docker/distribution) | `2.8.1+incompatible` | `2.8.2+incompatible` |\n| [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) | `4.5.0` | `4.5.2` |\n| [github.com/jackc/pgproto3/v2](https://github.com/jackc/pgproto3) | `2.3.0` | `2.3.3` |\n| [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) | `4.16.0` | `4.18.2` |\n| [golang.org/x/crypto](https://github.com/golang/crypto) | `0.41.0` | `0.45.0` |\n\n\nUpdates `github.com/docker/distribution` from 2.8.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/golang-jwt/jwt/v4` from 4.5.0 to 4.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/golang-jwt/jwt/releases\"\u003egithub.com/golang-jwt/jwt/v4's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.5.2\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.5.1\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cp\u003eUnclear documentation of the error behavior in \u003ccode\u003eParseWithClaims\u003c/code\u003e in \u0026lt;= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by \u003ccode\u003eParseWithClaims\u003c/code\u003e return both error codes. If users only check for the \u003ccode\u003ejwt.ErrTokenExpired \u003c/code\u003e using \u003ccode\u003eerror.Is\u003c/code\u003e, they will ignore the embedded \u003ccode\u003ejwt.ErrTokenSignatureInvalid\u003c/code\u003e and thus potentially accept invalid tokens.\u003c/p\u003e\n\u003cp\u003eThis issue was documented in \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\u003c/a\u003e and fixed in this release.\u003c/p\u003e\n\u003cp\u003eNote: \u003ccode\u003ev5\u003c/code\u003e was not affected by this issue. So upgrading to this release version is also recommended.\u003c/p\u003e\n\u003ch1\u003eWhat's Changed\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBack-ported error-handling logic in \u003ccode\u003eParseWithClaims\u003c/code\u003e from \u003ccode\u003ev5\u003c/code\u003e branch. This fixes \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/2f0e9add62078527821828c76865661aa7718a84\"\u003e\u003ccode\u003e2f0e9ad\u003c/code\u003e\u003c/a\u003e Backporting 0951d18 to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c\"\u003e\u003ccode\u003e7b1c1c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgproto3/v2` from 2.3.0 to 2.3.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007\"\u003e\u003ccode\u003e945c212\u003c/code\u003e\u003c/a\u003e Backport fixes from pgx v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/0c0f7b03fb4967dfff8de06d07a9fe20baf83449\"\u003e\u003ccode\u003e0c0f7b0\u003c/code\u003e\u003c/a\u003e Add pgx v5 note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/f59ff94cbed817a4c9f755696894e1f919756cfc\"\u003e\u003ccode\u003ef59ff94\u003c/code\u003e\u003c/a\u003e UnmarshalJSON: removing hex decode\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgproto3/commit/fd427c06da934db1e3a73859ba6bed4d0810fb08\"\u003e\u003ccode\u003efd427c0\u003c/code\u003e\u003c/a\u003e Don't panic when receiving zero bytes with \u0026quot;slice bounds out of range\u0026quot;\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jackc/pgproto3/compare/v2.3.0...v2.3.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/jackc/pgx/v4` from 4.16.0 to 4.18.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md\"\u003egithub.com/jackc/pgx/v4's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e4.18.2 (March 4, 2024)\u003c/h1\u003e\n\u003cp\u003eFix CVE-2024-27289\u003c/p\u003e\n\u003cp\u003eSQL injection can occur when all of the following conditions are met:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eThe non-default simple protocol is used.\u003c/li\u003e\n\u003cli\u003eA placeholder for a numeric value must be immediately preceded by a minus.\u003c/li\u003e\n\u003cli\u003eThere must be a second placeholder for a string value after the first placeholder; both must be on the same line.\u003c/li\u003e\n\u003cli\u003eBoth parameter values must be user-controlled.\u003c/li\u003e\n\u003c/ol\u003e\n\u003cp\u003eThanks to Paul Gerste for reporting this issue.\u003c/p\u003e\n\u003cp\u003eFix CVE-2024-27304\u003c/p\u003e\n\u003cp\u003eSQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer\noverflow in the calculated message size can cause the one large message to be sent as multiple messages under the\nattacker's control.\u003c/p\u003e\n\u003cp\u003eThanks to Paul Gerste for reporting this issue.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix *dbTx.Exec not checking if it is already closed\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.18.1 (February 27, 2023)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix: Support pgx v4 and v5 stdlib in same program (Tomáš Procházka)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.18.0 (February 11, 2023)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade pgconn to v1.14.0\u003c/li\u003e\n\u003cli\u003eUpgrade pgproto3 to v2.3.2\u003c/li\u003e\n\u003cli\u003eUpgrade pgtype to v1.14.0\u003c/li\u003e\n\u003cli\u003eFix query sanitizer when query text contains Unicode replacement character\u003c/li\u003e\n\u003cli\u003eFix context with value in BeforeConnect (David Harju)\u003c/li\u003e\n\u003cli\u003eSupport pgx v4 and v5 stdlib in same program (Vitalii Solodilov)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.17.2 (September 3, 2022)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix panic when logging batch error (Tom Möller)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.17.1 (August 27, 2022)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade puddle to v1.3.0 - fixes context failing to cancel Acquire when acquire is creating resource which was introduced in v4.17.0 (James Hartig)\u003c/li\u003e\n\u003cli\u003eFix atomic alignment on 32-bit platforms\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e4.17.0 (August 6, 2022)\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade pgconn to v1.13.0\u003c/li\u003e\n\u003cli\u003eUpgrade pgproto3 to v2.3.1\u003c/li\u003e\n\u003cli\u003eUpgrade pgtype to v1.12.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/14690df4c533758df97f7cc561cb9062155045c6\"\u003e\u003ccode\u003e14690df\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/779548e1f725060db4f4fc528325d7304aa34f93\"\u003e\u003ccode\u003e779548e\u003c/code\u003e\u003c/a\u003e Update required Go version to 1.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/80e96622d64b9c4dcc7d78a2200c8eade1713118\"\u003e\u003ccode\u003e80e9662\u003c/code\u003e\u003c/a\u003e Update github.com/jackc/pgconn to v1.14.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/0bf9ac391c87b05d3c44cf0bbc43b9556761bc64\"\u003e\u003ccode\u003e0bf9ac3\u003c/code\u003e\u003c/a\u003e Fix erroneous test case\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df\"\u003e\u003ccode\u003ef94eb0e\u003c/code\u003e\u003c/a\u003e Always wrap arguments in parentheses in the SQL sanitizer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/826a89229b8b1cdf18e4190afa437d3df9901b9c\"\u003e\u003ccode\u003e826a892\u003c/code\u003e\u003c/a\u003e Fix SQL injection via line comment creation in simple protocol\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7d882f9aa7b33f88fcf9da6b795685c5821950fd\"\u003e\u003ccode\u003e7d882f9\u003c/code\u003e\u003c/a\u003e Fix *dbTx.Exec not checking if it is already closed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/1d07b8b939810f2417b6c2010acac08d64be6e7d\"\u003e\u003ccode\u003e1d07b8b\u003c/code\u003e\u003c/a\u003e go mod tidy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/13468eb321a0bacbb0cbdfddb1ea1d62e68e0652\"\u003e\u003ccode\u003e13468eb\u003c/code\u003e\u003c/a\u003e Release v4.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jackc/pgx/commit/7fed69b9540b7725f38abae5759a0cc98c541048\"\u003e\u003ccode\u003e7fed69b\u003c/code\u003e\u003c/a\u003e simplify duplicate \u003ccode\u003epgx\u003c/code\u003e registration guard\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jackc/pgx/compare/v4.16.0...v4.18.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.41.0 to 0.45.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/4e0068c0098be10d7025c99ab7c50ce454c1f0f9\"\u003e\u003ccode\u003e4e0068c\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c\"\u003e\u003ccode\u003ee79546e\u003c/code\u003e\u003c/a\u003e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f91f7a7c31bf90b39c1de895ad116a2bacc88748\"\u003e\u003ccode\u003ef91f7a7\u003c/code\u003e\u003c/a\u003e ssh/agent: prevent panic on malformed constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/2df4153a0311bdfea44376e0eb6ef2faefb0275b\"\u003e\u003ccode\u003e2df4153\u003c/code\u003e\u003c/a\u003e acme/autocert: let automatic renewal work with short lifetime certs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/bcf6a849efcf4702fa5172cb0998b46c3da1e989\"\u003e\u003ccode\u003ebcf6a84\u003c/code\u003e\u003c/a\u003e acme: pass context to request\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b4f2b62076abeee4e43fb59544dac565715fbf1e\"\u003e\u003ccode\u003eb4f2b62\u003c/code\u003e\u003c/a\u003e ssh: fix error message on unsupported cipher\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/79ec3a51fcc7fbd2691d56155d578225ccc542e2\"\u003e\u003ccode\u003e79ec3a5\u003c/code\u003e\u003c/a\u003e ssh: allow to bind to a hostname in remote forwarding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/122a78f140d9d3303ed3261bc374bbbca149140f\"\u003e\u003ccode\u003e122a78f\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/c0531f9c34514ad5c5551e2d6ce569ca673a8afd\"\u003e\u003ccode\u003ec0531f9\u003c/code\u003e\u003c/a\u003e all: eliminate vet diagnostics\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/0997000b45e3a40598272081bcad03ffd21b8adb\"\u003e\u003ccode\u003e0997000\u003c/code\u003e\u003c/a\u003e all: fix some comments\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/crypto/compare/v0.41.0...v0.45.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ambient-code/platform/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ambient-code/platform/pull/670","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ambient-code%2Fplatform/issues/670","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/670/packages"}},{"old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","update_type":"minor","path":null,"pr_created_at":"2025-11-06T15:16:26.000Z","version_change":"2.7.1+incompatible → 2.8.2+incompatible","issue":{"uuid":"3596267902","node_id":"PR_kwDOHscbzc6x7IK7","number":34,"state":"open","title":"Bump the go_modules group across 1 directory with 13 updates","user":"dependabot[bot]","labels":["wontfix","dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2025-11-06T15:16:26.000Z","updated_at":"2025-11-21T20:50:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":13,"packages":[{"name":"filippo.io/age","old_version":"1.0.0-beta7","new_version":"1.2.1","repository_url":"https://github.com/FiloSottile/age"},{"name":"github.com/golang-jwt/jwt/v4","old_version":"4.0.0","new_version":"4.5.2","repository_url":"https://github.com/golang-jwt/jwt"},{"name":"github.com/hashicorp/go-slug","old_version":"0.8.1","new_version":"0.16.3","repository_url":"https://github.com/hashicorp/go-slug"},{"name":"github.com/ulikunitz/xz","old_version":"0.5.8","new_version":"0.5.14","repository_url":"https://github.com/ulikunitz/xz"},{"name":"golang.org/x/oauth2","old_version":"0.0.0-20211104180415-d3ed0bb246c8","new_version":"0.27.0","repository_url":"https://github.com/golang/oauth2"},{"name":"google.golang.org/protobuf","old_version":"1.27.1","new_version":"1.33.0"},{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/docker/docker","old_version":"20.10.12+incompatible","new_version":"25.0.13+incompatible","repository_url":"https://github.com/docker/docker"},{"name":"github.com/hashicorp/go-retryablehttp","old_version":"0.7.1","new_version":"0.7.7","repository_url":"https://github.com/hashicorp/go-retryablehttp"},{"name":"github.com/prometheus/client_golang","old_version":"1.11.0","new_version":"1.11.1","repository_url":"https://github.com/prometheus/client_golang"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 10 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [filippo.io/age](https://github.com/FiloSottile/age) | `1.0.0-beta7` | `1.2.1` |\n| [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) | `4.0.0` | `4.5.2` |\n| [github.com/hashicorp/go-slug](https://github.com/hashicorp/go-slug) | `0.8.1` | `0.16.3` |\n| [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) | `0.5.8` | `0.5.14` |\n| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.0.0-20211104180415-d3ed0bb246c8` | `0.27.0` |\n| google.golang.org/protobuf | `1.27.1` | `1.33.0` |\n| [github.com/docker/distribution](https://github.com/docker/distribution) | `2.7.1+incompatible` | `2.8.2+incompatible` |\n| [github.com/docker/docker](https://github.com/docker/docker) | `20.10.12+incompatible` | `25.0.13+incompatible` |\n| [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) | `0.7.1` | `0.7.7` |\n| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.11.0` | `1.11.1` |\n\n\nUpdates `filippo.io/age` from 1.0.0-beta7 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/FiloSottile/age/releases\"\u003efilippo.io/age's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eage v1.2.1: security fix\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability that could allow an attacker to execute an arbitrary binary under certain conditions.\u003c/p\u003e\n\u003cp\u003eSee GHSA-32gq-x56h-299c.\u003c/p\u003e\n\u003cp\u003ePlugin names may now only contain alphanumeric characters or the four special characters \u003ccode\u003e+-._\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThanks to ⬡-49016 for reporting this issue.\u003c/p\u003e\n\u003ch2\u003eage v1.2.0\u003c/h2\u003e\n\u003cp\u003eA small release to build the release binaries with a more recent Go toolchain, and to fix a couple CLI edge cases (\u003ca href=\"https://redirect.github.com/FiloSottile/age/issues/491\"\u003eFiloSottile/age#491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/FiloSottile/age/issues/555\"\u003eFiloSottile/age#555\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eThe Go module now exposes a plugin package that provides an age plugin client. That is, Recipient and Identity implementations that invoke a plugin binary, allowing the use of age plugins in Go programs.\u003c/p\u003e\n\u003cp\u003eFinally, Recipients can now return a set of \u0026quot;labels\u0026quot; by implementing RecipientWithLabels. This allows replicating the special behavior of the scrypt Recipient in third-party Recipients, or applying policy useful for authenticated or post-quantum Recipients.\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e// RecipientWithLabels can be optionally implemented by a Recipient, in which\n// case Encrypt will use WrapWithLabels instead of Wrap.\n//\n// Encrypt will succeed only if the labels returned by all the recipients\n// (assuming the empty set for those that don't implement RecipientWithLabels)\n// are the same.\n//\n// This can be used to ensure a recipient is only used with other recipients\n// with equivalent properties (for example by setting a \u0026quot;postquantum\u0026quot; label) or\n// to ensure a recipient is always used alone (by returning a random label, for\n// example to preserve its authentication properties).\ntype RecipientWithLabels interface {\n\tWrapWithLabels(fileKey []byte) (s []*Stanza, labels []string, err error)\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eage v1.1.1 is a patch release to fix \u003ccode\u003ego install filippo.io/age/...@latest\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/FiloSottile/age/releases/tag/v1.1.0\"\u003ethe release notes for v1.1.0 for changes since v1.0.0\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eage v1.1.0: plugin and YubiKeys support\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eage is a simple, modern and secure file encryption tool, format, and Go library. It features small explicit keys, no config options, and UNIX-style composability. Learn more by reading the \u003ca href=\"https://github.com/FiloSottile/age/blob/main/README.md\"\u003eREADME\u003c/a\u003e, the \u003ca href=\"https://filippo.io/age/age.1\"\u003eage(1) man page\u003c/a\u003e, the \u003ca href=\"https://pkg.go.dev/filippo.io/age\"\u003eGo API reference\u003c/a\u003e, the \u003ca href=\"https://age-encryption.org/v1\"\u003eformat specification\u003c/a\u003e, or the \u003ca href=\"https://github.com/FiloSottile/age/compare/v1.0.0...v1.1.0\"\u003efull release changelog\u003c/a\u003e. Watch the repository or \u003ca href=\"https://abyssdomain.expert/@filippo\"\u003e\u003ccode\u003efollow @​filippo@abyssdomain.expert\u003c/code\u003e\u003c/a\u003e to be notified of new releases.\u003c/p\u003e\n\u003cp\u003e🛠️ FYI, age now has an extensive \u003ca href=\"https://c2sp.org/CCTV/age\"\u003etest suite\u003c/a\u003e which all age implementations are encouraged to adopt.\u003c/p\u003e\n\u003ch2\u003ePlugin support\u003c/h2\u003e\n\u003cp\u003eThe age CLI now supports plugins, such as \u003ca href=\"https://github.com/str4d/age-plugin-yubikey\"\u003eage-plugin-yubikey\u003c/a\u003e by \u003ca href=\"https://github.com/str4d\"\u003e\u003ccode\u003e@​str4d\u003c/code\u003e\u003c/a\u003e. To try it on macOS with Homebrew:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e$ brew upgrade age\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/482cf6fc9babd3ab06f6606762aac10447222201\"\u003e\u003ccode\u003e482cf6f\u003c/code\u003e\u003c/a\u003e plugin: restrict characters in plugin names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/cda3988cc76a139426281a1d812914b71435bd18\"\u003e\u003ccode\u003ecda3988\u003c/code\u003e\u003c/a\u003e all: fix staticcheck warnings (\u003ca href=\"https://redirect.github.com/FiloSottile/age/issues/589\"\u003e#589\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/176e245b3cb3ada322c21eef0bce166dc5a5e4c7\"\u003e\u003ccode\u003e176e245\u003c/code\u003e\u003c/a\u003e README: rotate Sigsum keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/faefdc3c81efa89fd41998b77c62234ca56be10b\"\u003e\u003ccode\u003efaefdc3\u003c/code\u003e\u003c/a\u003e README: document Sigsum proofs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/bbe6ce5eeb1bb70cfc705d0961c943f0dd637ffd\"\u003e\u003ccode\u003ebbe6ce5\u003c/code\u003e\u003c/a\u003e .github/workflows: update artifacts Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/1e1badabf74064ee800d19817a725f4803fa4e94\"\u003e\u003ccode\u003e1e1bada\u003c/code\u003e\u003c/a\u003e .github/workflows: go-version stable, not latest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/2293a9afef6984915cb28d2a7264b145604d61e9\"\u003e\u003ccode\u003e2293a9a\u003c/code\u003e\u003c/a\u003e .github/workflows: use latest Go for bootstrap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/01fe9cd84aa5380cd09b8761af919e5d0a1386ad\"\u003e\u003ccode\u003e01fe9cd\u003c/code\u003e\u003c/a\u003e README: add pkgx installation instructions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/bd0511b415355bf84a3861c77d47d9337ab367b1\"\u003e\u003ccode\u003ebd0511b\u003c/code\u003e\u003c/a\u003e cmd/age: detect output/input file reuse when possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/febaaded8756511fd12b7aea122e44be80c35862\"\u003e\u003ccode\u003efebaade\u003c/code\u003e\u003c/a\u003e cmd/age: create file for empty decryptions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FiloSottile/age/compare/v1.0.0-beta7...v1.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/golang-jwt/jwt/v4` from 4.0.0 to 4.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/golang-jwt/jwt/releases\"\u003egithub.com/golang-jwt/jwt/v4's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.5.2\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.5.1\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cp\u003eUnclear documentation of the error behavior in \u003ccode\u003eParseWithClaims\u003c/code\u003e in \u0026lt;= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by \u003ccode\u003eParseWithClaims\u003c/code\u003e return both error codes. If users only check for the \u003ccode\u003ejwt.ErrTokenExpired \u003c/code\u003e using \u003ccode\u003eerror.Is\u003c/code\u003e, they will ignore the embedded \u003ccode\u003ejwt.ErrTokenSignatureInvalid\u003c/code\u003e and thus potentially accept invalid tokens.\u003c/p\u003e\n\u003cp\u003eThis issue was documented in \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\u003c/a\u003e and fixed in this release.\u003c/p\u003e\n\u003cp\u003eNote: \u003ccode\u003ev5\u003c/code\u003e was not affected by this issue. So upgrading to this release version is also recommended.\u003c/p\u003e\n\u003ch1\u003eWhat's Changed\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBack-ported error-handling logic in \u003ccode\u003eParseWithClaims\u003c/code\u003e from \u003ccode\u003ev5\u003c/code\u003e branch. This fixes \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow strict base64 decoding by \u003ca href=\"https://github.com/AlexanderYastrebov\"\u003e\u003ccode\u003e@​AlexanderYastrebov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/259\"\u003egolang-jwt/jwt#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.4.3...v4.5.0\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.4.3...v4.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.4.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: link update for README.md for v4 by \u003ca href=\"https://github.com/krokite\"\u003e\u003ccode\u003e@​krokite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/217\"\u003egolang-jwt/jwt#217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement a BearerExtractor by \u003ca href=\"https://github.com/WhyNotHugo\"\u003e\u003ccode\u003e@​WhyNotHugo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/226\"\u003egolang-jwt/jwt#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump matrix to support latest go version (go1.19) by \u003ca href=\"https://github.com/mfridman\"\u003e\u003ccode\u003e@​mfridman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/231\"\u003egolang-jwt/jwt#231\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude \u003ca href=\"https://github.com/golang-jwt/jwe\"\u003ehttps://github.com/golang-jwt/jwe\u003c/a\u003e in README by \u003ca href=\"https://github.com/oxisto\"\u003e\u003ccode\u003e@​oxisto\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/229\"\u003egolang-jwt/jwt#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd doc comment to ParseWithClaims by \u003ca href=\"https://github.com/jkopczyn\"\u003e\u003ccode\u003e@​jkopczyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/232\"\u003egolang-jwt/jwt#232\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor: removed the unneeded if statement by \u003ca href=\"https://github.com/Krout0n\"\u003e\u003ccode\u003e@​Krout0n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/241\"\u003egolang-jwt/jwt#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNo pointer embedding in the example by \u003ca href=\"https://github.com/oxisto\"\u003e\u003ccode\u003e@​oxisto\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/255\"\u003egolang-jwt/jwt#255\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/krokite\"\u003e\u003ccode\u003e@​krokite\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/217\"\u003egolang-jwt/jwt#217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WhyNotHugo\"\u003e\u003ccode\u003e@​WhyNotHugo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/226\"\u003egolang-jwt/jwt#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jkopczyn\"\u003e\u003ccode\u003e@​jkopczyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/232\"\u003egolang-jwt/jwt#232\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krout0n\"\u003e\u003ccode\u003e@​Krout0n\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/241\"\u003egolang-jwt/jwt#241\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.4.2...v4.4.3\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.4.2...v4.4.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.4.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded MicahParks/keyfunc to extensions by \u003ca href=\"https://github.com/oxisto\"\u003e\u003ccode\u003e@​oxisto\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/194\"\u003egolang-jwt/jwt#194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link to v4 on pkg.go.dev page by \u003ca href=\"https://github.com/polRk\"\u003e\u003ccode\u003e@​polRk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/195\"\u003egolang-jwt/jwt#195\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md\"\u003egithub.com/golang-jwt/jwt/v4's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ccode\u003ejwt-go\u003c/code\u003e Version History\u003c/h1\u003e\n\u003cp\u003eThe following version history is kept for historic purposes. To retrieve the current changes of each version, please refer to the change-log of the specific release versions on \u003ca href=\"https://github.com/golang-jwt/jwt/releases\"\u003ehttps://github.com/golang-jwt/jwt/releases\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/2f0e9add62078527821828c76865661aa7718a84\"\u003e\u003ccode\u003e2f0e9ad\u003c/code\u003e\u003c/a\u003e Backporting 0951d18 to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c\"\u003e\u003ccode\u003e7b1c1c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/9358574a7a1a2c8d644f22b6e8de627ba85c58d0\"\u003e\u003ccode\u003e9358574\u003c/code\u003e\u003c/a\u003e Allow strict base64 decoding (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/2f0984a28be854685a0b59b71d597f10f2c49cff\"\u003e\u003ccode\u003e2f0984a\u003c/code\u003e\u003c/a\u003e Using \u003ccode\u003etparse\u003c/code\u003e for nicer CI test display (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/251\"\u003e#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/2101c1f4bc589dcef71b5f750191a8db07c82431\"\u003e\u003ccode\u003e2101c1f\u003c/code\u003e\u003c/a\u003e No pointer embedding in the example (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/35053d4e202c7cffd7ecc96ce2b247e2117f838e\"\u003e\u003ccode\u003e35053d4\u003c/code\u003e\u003c/a\u003e Removed unneeded if statement (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/241\"\u003e#241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/0c4e3879854669acd15ea435f2c8aada6c73810a\"\u003e\u003ccode\u003e0c4e387\u003c/code\u003e\u003c/a\u003e Add doc comment to ParseWithClaims (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/bfea432b1a9da383509086a2141c06dc103e82f9\"\u003e\u003ccode\u003ebfea432\u003c/code\u003e\u003c/a\u003e Include \u003ca href=\"https://github.com/golang-jwt/jwe\"\u003ehttps://github.com/golang-jwt/jwe\u003c/a\u003e in README (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/229\"\u003e#229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/d81acbf7f30f11e5ef65030008b876e46a3ca7d0\"\u003e\u003ccode\u003ed81acbf\u003c/code\u003e\u003c/a\u003e Bump matrix to support latest go version (go1.19) (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/231\"\u003e#231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/fdaf0eb0e0c1f33ca4bc05ce761d931fc236007f\"\u003e\u003ccode\u003efdaf0eb\u003c/code\u003e\u003c/a\u003e Implement a BearerExtractor (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.0.0...v4.5.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/hashicorp/go-slug` from 0.8.1 to 0.16.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hashicorp/go-slug/releases\"\u003egithub.com/hashicorp/go-slug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.16.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdjust destination path check by \u003ca href=\"https://github.com/NodyHub\"\u003e\u003ccode\u003e@​NodyHub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/76\"\u003ehashicorp/go-slug#76\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: This release may have issues when unpacking a tarball, we recommend using 0.16.4 or later.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hashicorp/go-slug/compare/v0.16.2...v0.16.3\"\u003ehttps://github.com/hashicorp/go-slug/compare/v0.16.2...v0.16.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.16.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CODEOWNERS file in .github/CODEOWNERS by \u003ca href=\"https://github.com/mukeshjc\"\u003e\u003ccode\u003e@​mukeshjc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/72\"\u003ehashicorp/go-slug#72\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate unused pack/unpack option \u003ccode\u003eAllowSymlinkTarget\u003c/code\u003e by \u003ca href=\"https://github.com/NodyHub\"\u003e\u003ccode\u003e@​NodyHub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/74\"\u003ehashicorp/go-slug#74\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mukeshjc\"\u003e\u003ccode\u003e@​mukeshjc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/72\"\u003ehashicorp/go-slug#72\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NodyHub\"\u003e\u003ccode\u003e@​NodyHub\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/74\"\u003ehashicorp/go-slug#74\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hashicorp/go-slug/compare/v0.16.1...v0.16.2\"\u003ehttps://github.com/hashicorp/go-slug/compare/v0.16.1...v0.16.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.16.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/68\"\u003e#68\u003c/a\u003e: Fix panic in \u003ccode\u003esourcebundle\u003c/code\u003e package when RegistryMeta and Packages aren't the same size.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hashicorp/go-slug/compare/v0.16.0...v0.16.1\"\u003ehttps://github.com/hashicorp/go-slug/compare/v0.16.0...v0.16.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.16.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/64\"\u003e#64\u003c/a\u003e: Remove the \u003ccode\u003e.Append(...)\u003c/code\u003e function from the \u003ccode\u003esourcebundle\u003c/code\u003e diagnostics API. Consumers should instead use the built-in golang \u003ccode\u003eappend()\u003c/code\u003e function. This ensures type-safety as you can't attempt to insert an invalid object into the diagnostics using the built-in function.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: this is technically a breaking change for consumers of the \u003ccode\u003esourcebundle\u003c/code\u003e package since it removes a method, but we had previously marked it as experimental in the v0.12.0 release and warned that its API is subject to change. The package continues to be experimental and may change further before stabilizing.\u003c/p\u003e\n\u003ch2\u003ev0.15.2\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003esourcebundle\u003c/code\u003e: Fixed a bug in the PackageMeta receiver method \u003ccode\u003eGetCommitMessage() string\u003c/code\u003e that caused it to return an empty string instead of the git commit message.  (\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/61\"\u003e#61\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003ev0.15.1\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/59\"\u003e#59\u003c/a\u003e: expose registry module version deprecation data in \u003ccode\u003esourcebundle\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003ev0.15.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/56/files\"\u003e#56\u003c/a\u003e: collect commit messages in package meta struct.\u003c/p\u003e\n\u003cp\u003eNote: this is technically a breaking change for consumers of the sourcebundle package since it removes a method, but we had previously marked it as experimental in the v0.12.0 release and warned that its API is subject to change. The package continues to be experimental and may change further before stabilizing.\u003c/p\u003e\n\u003ch2\u003ev0.14.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/55\"\u003e#55\u003c/a\u003e: revise the experimental \u003ccode\u003esourcebundle\u003c/code\u003e package fetcher and registry client interfaces to improve future extensibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: this is technically a breaking change for consumers of the \u003ccode\u003esourcebundle\u003c/code\u003e package, but we had previously marked it as experimental in the v0.12.0 release and warned that its API is subject to change. The package continues to be experimental and may change further before stabilizing.\u003c/p\u003e\n\u003ch2\u003ev0.13.4\u003c/h2\u003e\n\u003cp\u003eFixed a bug with default exclusion rules for .terraformignore which caused the \u003ccode\u003e.terraform/modules\u003c/code\u003e directory to be excluded\u003c/p\u003e\n\u003ch2\u003ev0.13.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/9a9315589124e21b01ffe8a7816f4f2bea7da8b4\"\u003e\u003ccode\u003e9a93155\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/76\"\u003e#76\u003c/a\u003e from hashicorp/nodyhub/adjust-path-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/fbb041690f076f8e983a0f5f0d7406545a41359a\"\u003e\u003ccode\u003efbb0416\u003c/code\u003e\u003c/a\u003e improve sanitization checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/53c172a3e00fc1ac280365255b56af57846abdb4\"\u003e\u003ccode\u003e53c172a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/74\"\u003e#74\u003c/a\u003e from hashicorp/nodyhub/depricate-option-allow-symlink-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/a6204cf5b83cac1430fb575f48423e3bd2e8a3ac\"\u003e\u003ccode\u003ea6204cf\u003c/code\u003e\u003c/a\u003e depricate unused pack/unpack option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/82d53eadfab53add56dd3fc6a2141d65579c20b6\"\u003e\u003ccode\u003e82d53ea\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/72\"\u003e#72\u003c/a\u003e from hashicorp/add-codeowners\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/1030616226cb2437f1780d11cebbdacb5c8f2ae0\"\u003e\u003ccode\u003e1030616\u003c/code\u003e\u003c/a\u003e Add CODEOWNERS file in .github/CODEOWNERS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/6004eb1bc5144a120f3e780aeb63e1582b9b72d7\"\u003e\u003ccode\u003e6004eb1\u003c/code\u003e\u003c/a\u003e Pin action refs to latest trusted by TSCCR (\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/69\"\u003e#69\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/82b71b9ba81f90d84bb8bff8a2f6b6cda5bd46ad\"\u003e\u003ccode\u003e82b71b9\u003c/code\u003e\u003c/a\u003e sourcebundle: Fix panic when RegistryMeta and Packages aren't the same size (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/bb15d99c98c0941f30301a31ca39673a1f5bada0\"\u003e\u003ccode\u003ebb15d99\u003c/code\u003e\u003c/a\u003e Pin action refs to latest trusted by TSCCR (\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/66\"\u003e#66\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/18b3ddeef74292c53b2cc237a16a243ca2fc544d\"\u003e\u003ccode\u003e18b3dde\u003c/code\u003e\u003c/a\u003e sourcebundle: remove the option to append anything into a diagnostic that wil...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hashicorp/go-slug/compare/v0.8.1...v0.16.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/ulikunitz/xz` from 0.5.8 to 0.5.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/7184815834c4777e8fa665946721d5fe114c2c35\"\u003e\u003ccode\u003e7184815\u003c/code\u003e\u003c/a\u003e Preparation of release v0.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2\"\u003e\u003ccode\u003e88ddf1d\u003c/code\u003e\u003c/a\u003e Address Security Issue GHSA-jc7w-c686-c4v9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/c8314b8f21e9c5e25b52da07544cac14db277e89\"\u003e\u003ccode\u003ec8314b8\u003c/code\u003e\u003c/a\u003e Add new package xio with WriteCloserStack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/4f11dce79b9977ec2976a978d6c594ea1c23cf29\"\u003e\u003ccode\u003e4f11dce\u003c/code\u003e\u003c/a\u003e Update README.md and SECURITY.md to address security questions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/f56ebbfaa2400067dcda8ade26ce912c2873ca08\"\u003e\u003ccode\u003ef56ebbf\u003c/code\u003e\u003c/a\u003e TODO.md: fix a typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/9d122a61c181b044e6b8b9c09979dfe7c513e2db\"\u003e\u003ccode\u003e9d122a6\u003c/code\u003e\u003c/a\u003e release version v0.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/4ce6f08566c86bf66a9bc1c2f811336ae2e462c0\"\u003e\u003ccode\u003e4ce6f08\u003c/code\u003e\u003c/a\u003e lzma: fix handling of small dictionary sizes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/0b7c695d23f84aa7e968bbcaa1980847683d909a\"\u003e\u003ccode\u003e0b7c695\u003c/code\u003e\u003c/a\u003e xz: add reader benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/553507794087117cd9bdc95c924c1c5611bd991a\"\u003e\u003ccode\u003e5535077\u003c/code\u003e\u003c/a\u003e xz: add compression reate to Writer benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/886dc9acde193dec013d4812372011c64f6efbc2\"\u003e\u003ccode\u003e886dc9a\u003c/code\u003e\u003c/a\u003e xz: add benchmark for Writer\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ulikunitz/xz/compare/v0.5.8...v0.5.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.0.0-20220127200216-cd36cc0744dd to 0.21.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/commits/v0.21.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.0.0-20211104180415-d3ed0bb246c8 to 0.27.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/oauth2/commits/v0.27.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.3.7 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/9c2f3a21352d1ff4e47776534e3f334b39ec0183\"\u003e\u003ccode\u003e9c2f3a2\u003c/code\u003e\u003c/a\u003e cmd/gotext: fix segfault in extract \u0026amp; rewrite commands\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/59e1219a5f3786e7011dc4816d0dbb09fee91bc8\"\u003e\u003ccode\u003e59e1219\u003c/code\u003e\u003c/a\u003e message: optimize lookupAndFormat function for better performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/a20a3e249605cda389f7039e0fccaabf709c47b3\"\u003e\u003ccode\u003ea20a3e2\u003c/code\u003e\u003c/a\u003e x/text: update x/tools for go/ssa range-over-func fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/8d533a0c40adec778a7d09ac6c8aa640d3c883f4\"\u003e\u003ccode\u003e8d533a0\u003c/code\u003e\u003c/a\u003e encoding/charmap: update UCM spec file URL prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/6c97a165dd661335ff7bce6104a008558123c353\"\u003e\u003ccode\u003e6c97a16\u003c/code\u003e\u003c/a\u003e all: update go directive to 1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f488e191e67ed95a5b9b7b39024e5a5f5f1ffd02\"\u003e\u003ccode\u003ef488e19\u003c/code\u003e\u003c/a\u003e unicode/norm: fix function name on comment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/fb697c0580b4b6ab0a21ca17e64788b981fb6018\"\u003e\u003ccode\u003efb697c0\u003c/code\u003e\u003c/a\u003e cmd/gotext: actually use -dir flag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f3e69ed4a8ab60c16ae76f4ddb08f2726b0a9428\"\u003e\u003ccode\u003ef3e69ed\u003c/code\u003e\u003c/a\u003e cmd/gotext: fix misbehaviors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/ab07ad1b65bc4cdc738e747f7569a3795d2e60ec\"\u003e\u003ccode\u003eab07ad1\u003c/code\u003e\u003c/a\u003e all: remove repetitive words\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e50348080f29449bcd6808c11400b3d45f08b09d\"\u003e\u003ccode\u003ee503480\u003c/code\u003e\u003c/a\u003e encoding/japanese, language: shorten very long sub-test names\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/text/compare/v0.3.7...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/protobuf` from 1.27.1 to 1.33.0\n\nUpdates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker` from 20.10.12+incompatible to 25.0.13+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/docker/releases\"\u003egithub.com/docker/docker's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev25.0.13\u003c/h2\u003e\n\u003ch2\u003e25.0.13\u003c/h2\u003e\n\u003cp\u003eFor a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/milestone/207?closed=1\"\u003emoby/moby, 25.0.13 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChanges to the Engine API, see \u003ca href=\"https://github.com/moby/moby/blob/v25.0.13/docs/api/version-history.md\"\u003eAPI version history\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes and enhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent restoration of iptables rules for deleted networks and containers on firewalld reload. \u003ca href=\"https://redirect.github.com/moby/moby/pull/50445\"\u003emoby/moby#50445\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Swarm services becoming unreachable from published ports after a firewalld reload. \u003ca href=\"https://redirect.github.com/moby/moby/pull/50445\"\u003emoby/moby#50445\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove the reliability of the Swarm overlay network control plane by fixing longstanding issues with NetworkDB. \u003ca href=\"https://redirect.github.com/moby/moby/pull/50511\"\u003emoby/moby#50511\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove the reliability of Swarm overlay container networks by fixing longstanding issues with the overlay network driver. \u003ca href=\"https://redirect.github.com/moby/moby/pull/50551\"\u003emoby/moby#50551\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev25.0.12\u003c/h2\u003e\n\u003ch2\u003e25.0.12\u003c/h2\u003e\n\u003cp\u003eFor a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.12\"\u003emoby/moby, 25.0.12 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChanges to the Engine API, see \u003ca href=\"https://github.com/moby/moby/blob/v25.0.12/docs/api/version-history.md\"\u003eAPI version history\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug fixes and enhancements\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix an issue where all new tasks in the Swarm could get stuck in the PENDING state forever after scaling up a service with placement preferences. \u003ca href=\"https://redirect.github.com/moby/moby/pull/50203\"\u003emoby/moby#50203\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix an issue which made DNS service discovery for Swarm services unreliable. \u003ca href=\"https://redirect.github.com/moby/moby/pull/50230\"\u003emoby/moby#50230\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePackaging updates\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Go toolchain to go1.23.9. \u003ca href=\"https://redirect.github.com/moby/moby/pull/50053\"\u003emoby/moby#50053\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev25.0.11\u003c/h2\u003e\n\u003ch2\u003e25.0.11\u003c/h2\u003e\n\u003cp\u003eFor a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.11\"\u003emoby/moby, 25.0.11 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChanges to the Engine API, see \u003ca href=\"https://github.com/moby/moby/blob/v25.0.11/docs/api/version-history.md\"\u003eAPI version history\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNetworking\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[25.0] Backport network fixes by \u003ca href=\"https://github.com/dperny\"\u003e\u003ccode\u003e@​dperny\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/moby/moby/pull/50005\"\u003emoby/moby#50005\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eKnown Issues\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSome Swarm services are not discoverable over DNS \u003ca href=\"https://redirect.github.com/moby/moby/issues/50129\"\u003emoby/moby#50129\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/moby/compare/v25.0.10...v25.0.11\"\u003ehttps://github.com/moby/moby/compare/v25.0.10...v25.0.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev25.0.10\u003c/h2\u003e\n\u003ch2\u003e25.0.10\u003c/h2\u003e\n\u003cp\u003eFor a full list of pull requests and changes in this release, refer to the relevant GitHub milestone:\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/165516eb478021fdc99976e5aadc26bf73c1e51b\"\u003e\u003ccode\u003e165516e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/50551\"\u003e#50551\u003c/a\u003e from corhere/backport-25.0/libn/all-the-overlay-fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/f099e911bd99581bb0f6c0802cc5c10081c457b4\"\u003e\u003ccode\u003ef099e91\u003c/code\u003e\u003c/a\u003e libnetwork: handle coalesced endpoint events\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/bace1b8a3bf33718a6c2d387cc7a9841f0b87b99\"\u003e\u003ccode\u003ebace1b8\u003c/code\u003e\u003c/a\u003e libnetwork/d/overlay: handle coalesced peer updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/f9e54290b54fe990110341cc2a985e245d3a05d2\"\u003e\u003ccode\u003ef9e5429\u003c/code\u003e\u003c/a\u003e libn/d/win/overlay: dedupe NetworkDB definitions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/fc3df5523007c1a96e194a4146aea5f49bb58c01\"\u003e\u003ccode\u003efc3df55\u003c/code\u003e\u003c/a\u003e libn/d/overlay: extract hashable address types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/b22872af606cbea4fafd4f47fbcf61fdba274a04\"\u003e\u003ccode\u003eb22872a\u003c/code\u003e\u003c/a\u003e libnetwork/driverapi: make EventNotify optional\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/c7e17ae65d89e9441c6ec461bfeb75bad90cd338\"\u003e\u003ccode\u003ec7e17ae\u003c/code\u003e\u003c/a\u003e libn/networkdb: report prev value in update events\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/d60c71a9d7b28adfd29464148ffc0f4ed7d598f9\"\u003e\u003ccode\u003ed60c71a\u003c/code\u003e\u003c/a\u003e libnetwork/d/overlay: fix logical race conditions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/ad54b8f9ce80e611e505046e8363b27338005a6c\"\u003e\u003ccode\u003ead54b8f\u003c/code\u003e\u003c/a\u003e libn/d/overlay: fix encryption race conditions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/8075689abd554f17bafad09f51869ae6bf4f4987\"\u003e\u003ccode\u003e8075689\u003c/code\u003e\u003c/a\u003e libn/d/overlay: inline secMapWalk into only caller\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker/compare/v20.10.12...v25.0.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/hashicorp/go-retryablehttp` from 0.7.1 to 0.7.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md\"\u003egithub.com/hashicorp/go-retryablehttp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.7.7 (May 30, 2024)\u003c/h2\u003e\n\u003cp\u003eBUG FIXES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: avoid potentially leaking URL-embedded basic authentication credentials in logs (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.7.6 (May 9, 2024)\u003c/h2\u003e\n\u003cp\u003eENHANCEMENTS:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: support a \u003ccode\u003eRetryPrepare\u003c/code\u003e function for modifying the request before retrying (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: support HTTP-date values for \u003ccode\u003eRetry-After\u003c/code\u003e header value (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: avoid reading entire body when the body is a \u003ccode\u003e*bytes.Reader\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/197\"\u003e#197\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBUG FIXES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: fix a broken check for invalid server certificate in go 1.20+ (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/210\"\u003e#210\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.7.5 (Nov 8, 2023)\u003c/h2\u003e\n\u003cp\u003eBUG FIXES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: fixes an issue where the request body is not preserved on temporary redirects or re-established HTTP/2 connections (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/207\"\u003e#207\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.7.4 (Jun 6, 2023)\u003c/h2\u003e\n\u003cp\u003eBUG FIXES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: fixing an issue where the Content-Type header wouldn't be sent with an empty payload when using HTTP/2 (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/194\"\u003e#194\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.7.3 (May 15, 2023)\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/1542b31176d3973a6ecbc06c05a2d0df89b59afb\"\u003e\u003ccode\u003e1542b31\u003c/code\u003e\u003c/a\u003e v0.7.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/defb9f441dcf67a2a56fae733482836ea83349ac\"\u003e\u003ccode\u003edefb9f4\u003c/code\u003e\u003c/a\u003e v0.7.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a\"\u003e\u003ccode\u003ea99f07b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/158\"\u003e#158\u003c/a\u003e from dany74q/danny/redacted-url-in-logs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/8a28c574da4098c0612fe1c7135f1f6de113d411\"\u003e\u003ccode\u003e8a28c57\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into danny/redacted-url-in-logs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/86e852df43aa0d94150c4629d74e5116d1ff3348\"\u003e\u003ccode\u003e86e852d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/227\"\u003e#227\u003c/a\u003e from hashicorp/dependabot/github_actions/actions/chec...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/47fe99e6460cddc5f433aad2b54dcf32281f8a53\"\u003e\u003ccode\u003e47fe99e\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.5 to 4.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/490fc06be0931548d3523a4245d15e9dc5d9214d\"\u003e\u003ccode\u003e490fc06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/226\"\u003e#226\u003c/a\u003e from testwill/ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/f3e9417dbfcd0dc2b4a02a1dfdeb75f1e636b692\"\u003e\u003ccode\u003ef3e9417\u003c/code\u003e\u003c/a\u003e chore: remove refs to deprecated io/ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/d969eaa9c97860482749df718a35b4a269361055\"\u003e\u003ccode\u003ed969eaa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/225\"\u003e#225\u003c/a\u003e from hashicorp/manicminer-patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/2ad8ed4a1d9e632284f6937e91b2f9a1d30e8298\"\u003e\u003ccode\u003e2ad8ed4\u003c/code\u003e\u003c/a\u003e v0.7.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hashicorp/go-retryablehttp/compare/v0.7.1...v0.7.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/prometheus/client_golang` from 1.11.0 to 1.11.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/releases\"\u003egithub.com/prometheus/client_golang's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.11.1 / 2022-02-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[SECURITY FIX] promhttp: Check validity of method and code label values \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/987\"\u003eprometheus/client_golang#987\u003c/a\u003e (Addressed \u003ca href=\"https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p\"\u003e\u003ccode\u003eCVE-2022-21698\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epromhttp: Check validity of method and code label values by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/kakkoyun\"\u003e\u003ccode\u003e@​kakkoyun\u003c/code\u003e\u003c/a\u003e in  \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/987\"\u003eprometheus/client_golang#987\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1\"\u003ehttps://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md\"\u003egithub.com/prometheus/client_golang's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch2\u003e1.23.2 / 2025-09-05\u003c/h2\u003e\n\u003cp\u003eThis release is made to upgrade to prometheus/common v0.66.1, which drops the dependencies github.com/grafana/regexp and go.uber.org/atomic and replaces gopkg.in/yaml.v2 with go.yaml.in/yaml/v2 (a drop-in replacement).\nThere are no functional changes.\u003c/p\u003e\n\u003ch2\u003e1.23.1 / 2025-09-04\u003c/h2\u003e\n\u003cp\u003eThis release is made to be compatible with a backwards incompatible API change\nin prometheus/common v0.66.0. There are no functional changes.\u003c/p\u003e\n\u003ch2\u003e1.23.0 / 2025-07-30\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1812\"\u003e#1812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1766\"\u003e#1766\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add exemplars for native histograms \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1686\"\u003e#1686\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] exp/api: Bubble up status code from writeResponse \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1823\"\u003e#1823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1833\"\u003e#1833\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] exp/api: client prompt return on context cancellation \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1729\"\u003e#1729\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.22.0 / 2025-04-07\u003c/h2\u003e\n\u003cp\u003e:warning: This release contains potential breaking change if you use experimental \u003ccode\u003ezstd\u003c/code\u003e support introduce in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1496\"\u003e#1496\u003c/a\u003e :warning:\u003c/p\u003e\n\u003cp\u003eExperimental support for \u003ccode\u003ezstd\u003c/code\u003e on scrape was added, controlled by the request \u003ccode\u003eAccept-Encoding\u003c/code\u003e header.\nIt was enabled by default since version 1.20, but now you need to add a blank import to enable it.\nThe decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon,\n\u003ca href=\"https://redirect.github.com/golang/go/issues/62513\"\u003egolang/go#62513\u003c/a\u003e however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.\u003c/p\u003e\n\u003cp\u003ee.g.:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003eimport (\n  _ \u0026quot;github.com/prometheus/client_golang/prometheus/promhttp/zstd\u0026quot;\n)\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003e[FEATURE] prometheus: Add new CollectorFunc utility \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1724\"\u003e#1724\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1738\"\u003e#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] api: \u003ccode\u003eWithLookbackDelta\u003c/code\u003e and \u003ccode\u003eWithStats\u003c/code\u003e options have been added to API client. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1743\"\u003e#1743\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] :warning: promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1765\"\u003e#1765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.1 / 2025-03-04\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] prometheus: Revert of \u003ccode\u003eInc\u003c/code\u003e, \u003ccode\u003eAdd\u003c/code\u003e and \u003ccode\u003eObserve\u003c/code\u003e cumulative metric CAS optimizations (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1661\"\u003e#1661\u003c/a\u003e), causing regressions on low contention cases.\u003c/li\u003e\n\u003cli\u003e[BUGFIX] prometheus: Fix GOOS=ios build, broken due to process_collector_* wrong build tags.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.0 / 2025-02-17\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/989baa30fe956631907493ccee1f8e7708660d96\"\u003e\u003ccode\u003e989baa3\u003c/code\u003e\u003c/a\u003e promhttp: Check validity of method and code label values (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/962\"\u003e#962\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/987\"\u003e#987\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.0.0-20211117183948-ae814b36b871 to 0.24.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/commits/v0.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/spring-financial-group/helmfile/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/spring-financial-group/helmfile/pull/34","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/spring-financial-group%2Fhelmfile/issues/34","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/34/packages"}},{"old_version":"2.8.2+incompatible","new_version":"2.8.3+incompatible","update_type":"patch","path":null,"pr_created_at":"2025-10-06T21:34:46.000Z","version_change":"2.8.2+incompatible → 2.8.3+incompatible","issue":{"uuid":"3489199246","node_id":"PR_kwDOPUzTr86sYBsw","number":70,"state":"open","title":"build(deps): bump github.com/docker/distribution from 2.8.2+incompatible to 2.8.3+incompatible","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-10-06T21:34:46.000Z","updated_at":"2025-10-07T16:07:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/docker/distribution","old_version":"2.8.2+incompatible","new_version":"2.8.3+incompatible","repository_url":"https://github.com/docker/distribution"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.2+incompatible to 2.8.3+incompatible.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass \u003ccode\u003eBUILDTAGS\u003c/code\u003e argument to \u003ccode\u003ego build\u003c/code\u003e by \u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable Go build tags by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4009\"\u003edistribution/distribution#4009\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ereference\u003c/code\u003e: replace deprecated function \u003ccode\u003eSplitHostname\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4032\"\u003edistribution/distribution#4032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDont parse errors as JSON unless Content-Type is set to JSON by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4054\"\u003edistribution/distribution#4054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go 1.20.8 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4056\"\u003edistribution/distribution#4056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003eContent-Type\u003c/code\u003e header in registry client \u003ccode\u003eReadFrom\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4053\"\u003edistribution/distribution#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeprecate reference package, migrate to github.com/distribution/reference by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4063\"\u003edistribution/distribution#4063\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edigestset\u003c/code\u003e: deprecate package in favor of \u003ccode\u003ego-digest/digestset\u003c/code\u003e  by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4064\"\u003edistribution/distribution#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not close HTTP request body in HTTP handler by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4068\"\u003edistribution/distribution#4068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd v2.8.3 release notes by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4088\"\u003edistribution/distribution#4088\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4772604ae973031ab32dd9805a4bccf61d94909f\"\u003e\u003ccode\u003e4772604\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4088\"\u003e#4088\u003c/a\u003e from distribution/2.8.3-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a4fa69927538d336b6c537712b03ebb8e4194535\"\u003e\u003ccode\u003ea4fa699\u003c/code\u003e\u003c/a\u003e Add v2.8.3 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/1eb2c30122f5e45360037a9e5191e861b0fb86e6\"\u003e\u003ccode\u003e1eb2c30\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4068\"\u003e#4068\u003c/a\u003e from milosgajdos/2_8-dont-close-request-body\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5e6b1b5c9823f5941f40f8dc2bbf93f86342a897\"\u003e\u003ccode\u003e5e6b1b5\u003c/code\u003e\u003c/a\u003e Do not close HTTP request body in HTTP handler\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b76378843a642c9f92dc0cc528219e103aa9bee\"\u003e\u003ccode\u003e2b76378\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4064\"\u003e#4064\u003c/a\u003e from thaJeztah/2.8_backport_nodigestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/29b00e8b28994a706bb9eb20574ed60416ddc55c\"\u003e\u003ccode\u003e29b00e8\u003c/code\u003e\u003c/a\u003e digestset: deprecate package in favor of go-digest/digestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/d1ab2430e6c6226cf54cb46d9a8c8f253f24f8ec\"\u003e\u003ccode\u003ed1ab243\u003c/code\u003e\u003c/a\u003e [release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/11eb4194f67598afebcc15bf474b488b3c5b09a0\"\u003e\u003ccode\u003e11eb419\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4063\"\u003e#4063\u003c/a\u003e from thaJeztah/2.8_backport_switch_reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/3dda0677474a076ec5746e960fc0fb96ff738fd1\"\u003e\u003ccode\u003e3dda067\u003c/code\u003e\u003c/a\u003e deprecate reference package, migrate to github.com/distribution/reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/da05539ad3168aaba3a0b22aebdbddb3deeba6a2\"\u003e\u003ccode\u003eda05539\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4053\"\u003e#4053\u003c/a\u003e from thaJeztah/2.8_backport_set-content-type-client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.2...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution\u0026package-manager=go_modules\u0026previous-version=2.8.2+incompatible\u0026new-version=2.8.3+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/foundriesio/fioup/pull/70","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/foundriesio%2Ffioup/issues/70","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/70/packages"}},{"old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","update_type":"minor","path":null,"pr_created_at":"2025-09-09T10:31:18.000Z","version_change":"2.7.1+incompatible → 2.8.2+incompatible","issue":{"uuid":"2811450045","node_id":"PR_kwDOKbJdCc6nk1K9","number":22,"state":"open","title":"build(deps): bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.2+incompatible","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"CONTRIBUTOR","state_reason":null,"created_at":"2025-09-09T10:31:18.000Z","updated_at":"2025-09-09T10:31:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.7.1+incompatible to 2.8.2+incompatible.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution\u0026package-manager=go_modules\u0026previous-version=2.7.1+incompatible\u0026new-version=2.8.2+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kahlys/codex/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/kahlys/codex/pull/22","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kahlys%2Fcodex/issues/22","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/22/packages"}},{"old_version":"2.8.1+incompatible","new_version":"2.8.2+incompatible","update_type":"patch","path":null,"pr_created_at":"2025-08-28T22:02:15.000Z","version_change":"2.8.1+incompatible → 2.8.2+incompatible","issue":{"uuid":"3364812625","node_id":"PR_kwDOOTONfc6l4rQ9","number":14,"state":"open","title":"Bump the go_modules group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-28T22:02:15.000Z","updated_at":"2025-08-28T22:02:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":9,"packages":[{"name":"gopkg.in/yaml.v3","old_version":"3.0.0-20210107192922-496545a6307b","new_version":"3.0.1"},{"name":"github.com/docker/distribution","old_version":"2.8.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/docker/docker","old_version":"20.10.14+incompatible","new_version":"28.0.0+incompatible","repository_url":"https://github.com/docker/docker"},{"name":"github.com/moby/buildkit","old_version":"0.10.3","new_version":"0.12.5","repository_url":"https://github.com/moby/buildkit"},{"name":"github.com/lestrrat-go/jwx","old_version":"1.2.25","new_version":"1.2.29","repository_url":"https://github.com/lestrrat-go/jwx"},{"name":"golang.org/x/oauth2","old_version":"0.0.0-20220411215720-9780585627b5","new_version":"0.27.0","repository_url":"https://github.com/golang/oauth2"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| gopkg.in/yaml.v3 | `3.0.0-20210107192922-496545a6307b` | `3.0.1` |\n| [github.com/docker/distribution](https://github.com/docker/distribution) | `2.8.1+incompatible` | `2.8.2+incompatible` |\n| [github.com/docker/docker](https://github.com/docker/docker) | `20.10.14+incompatible` | `28.0.0+incompatible` |\n| [github.com/moby/buildkit](https://github.com/moby/buildkit) | `0.10.3` | `0.12.5` |\n| [github.com/lestrrat-go/jwx](https://github.com/lestrrat-go/jwx) | `1.2.25` | `1.2.29` |\n| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.0.0-20220411215720-9780585627b5` | `0.27.0` |\n\n\nUpdates `gopkg.in/yaml.v3` from 3.0.0-20210107192922-496545a6307b to 3.0.1\n\nUpdates `github.com/docker/distribution` from 2.8.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker` from 20.10.14+incompatible to 28.0.0+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/docker/releases\"\u003egithub.com/docker/docker's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev28.0.0\u003c/h2\u003e\n\u003ch1\u003e28.0.0\u003c/h1\u003e\n\u003cp\u003eFor a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.0.0\"\u003edocker/cli, 28.0.0 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.0.0\"\u003emoby/moby, 28.0.0 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecated and removed features, see \u003ca href=\"https://github.com/docker/cli/blob/v28.0.0/docs/deprecated.md\"\u003eDeprecated Features\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eChanges to the Engine API, see \u003ca href=\"https://github.com/moby/moby/blob/v28.0.0/docs/api/version-history.md\"\u003eAPI version history\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ability to mount an image inside a container via \u003ccode\u003e--mount type=image\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48798\"\u003emoby/moby#48798\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eYou can also specify \u003ccode\u003e--mount type=image,image-subpath=[subpath],...\u003c/code\u003e option to mount a specific path from the image. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5755\"\u003edocker/cli#5755\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker images --tree\u003c/code\u003e now shows metadata badges. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5744\"\u003edocker/cli#5744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker load\u003c/code\u003e, \u003ccode\u003edocker save\u003c/code\u003e, and \u003ccode\u003edocker history\u003c/code\u003e now support a \u003ccode\u003e--platform\u003c/code\u003e flag allowing you to choose a specific platform for single-platform operations on multi-platform images. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5331\"\u003edocker/cli#5331\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eOOMScoreAdj\u003c/code\u003e to \u003ccode\u003edocker service create\u003c/code\u003e and \u003ccode\u003edocker stack\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5145\"\u003edocker/cli#5145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker buildx prune\u003c/code\u003e now supports \u003ccode\u003ereserved-space\u003c/code\u003e, \u003ccode\u003emax-used-space\u003c/code\u003e, \u003ccode\u003emin-free-space\u003c/code\u003e and \u003ccode\u003ekeep-bytes\u003c/code\u003e filters. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48720\"\u003emoby/moby#48720\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWindows: Add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47955\"\u003emoby/moby#47955\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNetworking\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edocker-proxy\u003c/code\u003e binary has been updated, older versions will not work with the updated \u003ccode\u003edockerd\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48132\"\u003emoby/moby#48132\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eClose a window in which the userland proxy (\u003ccode\u003edocker-proxy\u003c/code\u003e) could accept TCP connections, that would then fail after \u003ccode\u003eiptables\u003c/code\u003e NAT rules were set up.\u003c/li\u003e\n\u003cli\u003eThe executable \u003ccode\u003erootlesskit-docker-proxy\u003c/code\u003e is no longer used, it has been removed from the build and distribution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDNS nameservers read from the host's \u003ccode\u003e/etc/resolv.conf\u003c/code\u003e are now always accessed from the host's network namespace. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48290\"\u003emoby/moby#48290\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eWhen the host's \u003ccode\u003e/etc/resolv.conf\u003c/code\u003e contains no nameservers and there are no \u003ccode\u003e--dns\u003c/code\u003e overrides, Google's DNS servers are no longer used, apart from by the default bridge network and in build containers.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eContainer interfaces in bridge and macvlan networks now use randomly generated MAC addresses. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48808\"\u003emoby/moby#48808\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eGratuitous ARP / Neighbour Advertisement messages will be sent when the interfaces are started so that, when IP addresses are reused, they're associated with the newly generated MAC address.\u003c/li\u003e\n\u003cli\u003eIPv6 addresses in the default bridge network are now IPAM-assigned, rather than being derived from the MAC address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eThe deprecated OCI \u003ccode\u003eprestart\u003c/code\u003e hook is now only used by build containers. For other containers, network interfaces are added to the network namespace after task creation is complete, before the container task is started. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47406\"\u003emoby/moby#47406\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a new \u003ccode\u003egw-priority\u003c/code\u003e option to \u003ccode\u003edocker run\u003c/code\u003e, \u003ccode\u003edocker container create\u003c/code\u003e, and \u003ccode\u003edocker network connect\u003c/code\u003e. This option will be used by the Engine to determine which network provides the default gateway for a container. On \u003ccode\u003edocker run\u003c/code\u003e, this option is only available through the extended \u003ccode\u003e--network\u003c/code\u003e syntax. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5664\"\u003edocker/cli#5664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a new netlabel \u003ccode\u003ecom.docker.network.endpoint.ifname\u003c/code\u003e to customize the interface name used when connecting a container to a network. It's supported by all built-in network drivers on Linux. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49155\"\u003emoby/moby#49155\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eWhen a container is created with multiple networks specified, there's no guarantee on the order networks will be connected to the container. So, if a custom interface name uses the same prefix as the auto-generated names, for example \u003ccode\u003eeth\u003c/code\u003e, the container might fail to start.\u003c/li\u003e\n\u003cli\u003eThe recommended practice is to use a different prefix, for example \u003ccode\u003een0\u003c/code\u003e, or a numerical suffix high enough to never collide, for example \u003ccode\u003eeth100\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThis label can be specified on \u003ccode\u003edocker network connect\u003c/code\u003e via the \u003ccode\u003e--driver-opt\u003c/code\u003e flag, for example \u003ccode\u003edocker network connect --driver-opt=com.docker.network.endpoint.ifname=foobar …\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eOr via the long-form \u003ccode\u003e--network\u003c/code\u003e flag on \u003ccode\u003edocker run\u003c/code\u003e, for example \u003ccode\u003edocker run --network=name=bridge,driver-opt=com.docker.network.endpoint.ifname=foobar …\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eIf a custom network driver reports capability \u003ccode\u003eGwAllocChecker\u003c/code\u003e then, before a network is created, it will get a \u003ccode\u003eGwAllocCheckerRequest\u003c/code\u003e with the network's options. The custom driver may then reply that no gateway IP address should be allocated. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49372\"\u003emoby/moby#49372\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePort publishing in bridge networks\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003edockerd\u003c/code\u003e now requires \u003ccode\u003eipset\u003c/code\u003e support in the Linux kernel. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48596\"\u003emoby/moby#48596\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eiptables\u003c/code\u003e and \u003ccode\u003eip6tables\u003c/code\u003e rules used to implement port publishing and network isolation have been extensively modified. This enables some of the following functional changes, and is a first step in refactoring to enable native \u003ccode\u003enftables\u003c/code\u003e support in a future release. \u003ca href=\"https://redirect.github.com/moby/moby/issues/48815\"\u003emoby/moby#48815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf it becomes necessary to downgrade to an earlier version of the daemon, some manual cleanup of the new rules will be necessary. The simplest and surest approach is to reboot the host, or use \u003ccode\u003eiptables -F\u003c/code\u003e and \u003ccode\u003eip6tables -F\u003c/code\u003e to flush all existing \u003ccode\u003eiptables\u003c/code\u003e rules from the \u003ccode\u003efilter\u003c/code\u003e table before starting the older version of the daemon. When that is not possible, run the following commands as root:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eiptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eiptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -j DOCKER; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -j DOCKER\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eIf you were previously running with the iptables filter-FORWARD policy set to \u003ccode\u003eACCEPT\u003c/code\u003e and need to restore access to unpublished ports, also delete per-bridge-network rules from the \u003ccode\u003eDOCKER\u003c/code\u003e chains. For example, \u003ccode\u003eiptables -D DOCKER ! -i docker0 -o docker0 -j DROP\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix a security issue that was allowing remote hosts to connect directly to a container on its published ports. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49325\"\u003emoby/moby#49325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a security issue that was allowing neighbor hosts to connect to ports mapped on a loopback address. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49325\"\u003emoby/moby#49325\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/af898abe44662d9554fb15ee4d4a7307f1b8e315\"\u003e\u003ccode\u003eaf898ab\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49495\"\u003e#49495\u003c/a\u003e from vvoland/update-buildkit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/d67f035d31bab71be3ae7dcaacba41f5a98aad11\"\u003e\u003ccode\u003ed67f035\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/buildkit v0.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/00ab386b5a2ebcf85b6a03b800f593c3a140c6a8\"\u003e\u003ccode\u003e00ab386\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49491\"\u003e#49491\u003c/a\u003e from vvoland/update-buildkit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/1fde8c46159cb41f584c01551f83cc21ecf924d9\"\u003e\u003ccode\u003e1fde8c4\u003c/code\u003e\u003c/a\u003e builder-next: fix cdi manager\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/cde9f0752e9c9f63b459e0247ff7df0b35488af3\"\u003e\u003ccode\u003ecde9f07\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/buildkit v0.20.0-rc3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/89e1429b65f194b25fe2e31088a4c4e69a651a47\"\u003e\u003ccode\u003e89e1429\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49490\"\u003e#49490\u003c/a\u003e from thaJeztah/dockerfile_linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/b2b55903d0bb54e11bfe22204c1e0b73627943eb\"\u003e\u003ccode\u003eb2b5590\u003c/code\u003e\u003c/a\u003e Dockerfile: fix linting warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/62bc5979908f152a8929ce44927cbdd929bf53ea\"\u003e\u003ccode\u003e62bc597\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49480\"\u003e#49480\u003c/a\u003e from thaJeztah/docs_api_1.48\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/670cd81423932b3e9103f0893c5d5e63a079ae58\"\u003e\u003ccode\u003e670cd81\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49485\"\u003e#49485\u003c/a\u003e from vvoland/c8d-list-panic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/a3628f3f8e806ede250e2c95f6757070c9fb56e4\"\u003e\u003ccode\u003ea3628f3\u003c/code\u003e\u003c/a\u003e docs/api: add documentation for API v1.48\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker/compare/v20.10.14...v28.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/buildkit` from 0.10.3 to 0.12.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/bac3f2b673f3f9d33e79046008e7a38e856b3dc6\"\u003e\u003ccode\u003ebac3f2b\u003c/code\u003e\u003c/a\u003e update runc to v1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/f781267af1acb688e94740e1fdc22c1bf587d7fd\"\u003e\u003ccode\u003ef781267\u003c/code\u003e\u003c/a\u003e exec: add extra validation for submount sources\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/d089e0b9527ba85075a2db02b55e7002847a0e8d\"\u003e\u003ccode\u003ed089e0b\u003c/code\u003e\u003c/a\u003e oci: fix error handling on submount calls\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/00fe637d43aba66f0937f5bdf4b9fc96991794fd\"\u003e\u003ccode\u003e00fe637\u003c/code\u003e\u003c/a\u003e executor: recheck mount stub path within root after container run\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e\"\u003e\u003ccode\u003e92cc595\u003c/code\u003e\u003c/a\u003e llbsolver: make sure interactive container API validates entitlements\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e\"\u003e\u003ccode\u003e5026d95\u003c/code\u003e\u003c/a\u003e gateway: pass executor with build and not access worker directly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/7718bd5c3dc8fc5cd246a30cc41766e7a53c043c\"\u003e\u003ccode\u003e7718bd5\u003c/code\u003e\u003c/a\u003e pb: add extra validation to protobuf types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/e1924dc32da35bfb0bfdbb9d0fc7bca25e552330\"\u003e\u003ccode\u003ee1924dc\u003c/code\u003e\u003c/a\u003e sourcepolicy: add validations for nil values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/96663dd35bf3787d7efb1ee7fd9ac7fe533582ae\"\u003e\u003ccode\u003e96663dd\u003c/code\u003e\u003c/a\u003e exporter: add validation for platforms key value\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/481d9c45f473c58537f39694a38d7995cc656987\"\u003e\u003ccode\u003e481d9c4\u003c/code\u003e\u003c/a\u003e exporter: add validation for invalid platorm\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/buildkit/compare/v0.10.3...v0.12.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.0.0-20220427172511-eb4f295cb31f to 0.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/commits/v0.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.0.0-20220421235706-1d1ef9303861 to 0.8.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/commits/v0.8.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/protobuf` from 1.28.0 to 1.30.0\n\nUpdates `github.com/lestrrat-go/jwx` from 1.2.25 to 1.2.29\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lestrrat-go/jwx/releases\"\u003egithub.com/lestrrat-go/jwx's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003ev1.2.29 07 Mar 2024\u003c/h1\u003e\n\u003ch2\u003e[Security]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e[jwe] Added \u003ccode\u003ejwe.Settings(jwe.WithMaxDecompressBufferSize(int64))\u003c/code\u003e to specify the\nmaximum size of a decompressed JWE payload. The default value is 10MB. If you\nare compressing payloads greater than this, you need to explicitly set it.\u003c/p\u003e\n\u003cp\u003eUnlike in v2, there is no way to set this globally. Please use v2 if this is required.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.2.28\u003c/h2\u003e\n\u003cpre\u003e\u003ccode\u003ev1.2.28 09 Jan 2024\n[Security Fixes]\n  * [jws] JWS messages formated in full JSON format (i.e. not the compact format, which\n    consists of three base64 strings concatenated with a '.') with missing \u0026quot;protected\u0026quot;\n    headers could cause a panic, thereby introducing a possiblity of a DoS.\n\u003cpre\u003e\u003ccode\u003eThis has been fixed so that the `jws.Parse` function succeeds in parsing a JWS message\nlacking a protected header. Calling `jws.Verify` on this same JWS message will result\nin a failed verification attempt. Note that this behavior will differ slightly when\nparsing JWS messages in compact form, which result in an error.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch2\u003ev1.2.27\u003c/h2\u003e\n\u003cpre\u003e\u003ccode\u003ev1.2.27 - 03 Dec 2023\n[Security]\n  * [jwe] A large number in p2c parameter for PBKDF2 based encryptions could cause a DoS attack,\n    similar to https://nvd.nist.gov/vuln/detail/CVE-2022-36083.  All users should upgrade, as\n    unlike v2, v1 attempts to decrypt JWEs on JWTs by default.\n    [GHSA-7f9x-gw85-8grf]\n\u003cp\u003e[Bug Fixes]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[jwk] jwk.Set(jwk.KeyOpsKey, \u0026lt;jwk.KeyOperation\u0026gt;) now works (previously, either\nSet(.., \u0026lt;string\u0026gt;) or Set(..., []jwk.KeyOperation{...}) worked, but not a single\njwk.KeyOperation\n\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[SECURITY] v1.2.26\u003c/h2\u003e\n\u003cpre\u003e\u003ccode\u003ev1.2.26 - 14 Jun 2023\n[Security]\n  * Potential Padding Oracle Attack Vulnerability and Timing Attack Vulnerability\n    for JWE AES-CBC encrypted payloads affecting all v2 releases up to v2.0.10,\n    all v1 releases up to v1.2.25, and all v0 releases up to v0.9.2 have been reported by\n    @shogo82148.\n\u003cpre\u003e\u003ccode\u003ePlease note that v0 versions will NOT receive fixes.\nThis release fixes these vulnerabilities for the v1 series.\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lestrrat-go/jwx/blob/v1.2.29/Changes\"\u003egithub.com/lestrrat-go/jwx's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003ev1.2.29 07 Mar 2024\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e[jwe] Added \u003ccode\u003ejwe.Settings(jwe.WithMaxDecompressBufferSize(int64))\u003c/code\u003e to specify the\nmaximum size of a decompressed JWE payload. The default value is 10MB. If you\nare compressing payloads greater than this, you need to explicitly set it.\u003c/p\u003e\n\u003cp\u003eUnlike in v2, there is no way to set this globally. Please use v2 if this is required.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ev1.2.28 09 Jan 2024\n[Security Fixes]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e[jws] JWS messages formated in full JSON format (i.e. not the compact format, which\nconsists of three base64 strings concatenated with a '.') with missing \u0026quot;protected\u0026quot;\nheaders could cause a panic, thereby introducing a possiblity of a DoS.\u003c/p\u003e\n\u003cp\u003eThis has been fixed so that the \u003ccode\u003ejws.Parse\u003c/code\u003e function succeeds in parsing a JWS message\nlacking a protected header. Calling \u003ccode\u003ejws.Verify\u003c/code\u003e on this same JWS message will result\nin a failed verification attempt. Note that this behavior will differ slightly when\nparsing JWS messages in compact form, which result in an error.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ev1.2.27 - 03 Dec 2023\n[Security]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[jwe] A large number in p2c parameter for PBKDF2 based encryptions could cause a DoS attack,\nsimilar to \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2022-36083\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2022-36083\u003c/a\u003e.  All users should upgrade, as\nunlike v2, v1 attempts to decrypt JWEs on JWTs by default.\n[GHSA-7f9x-gw85-8grf]\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[Bug Fixes]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[jwk] jwk.Set(jwk.KeyOpsKey, \u0026lt;jwk.KeyOperation\u0026gt;) now works (previously, either\nSet(.., \u003c!-- raw HTML omitted --\u003e) or Set(..., []jwk.KeyOperation{...}) worked, but not a single\njwk.KeyOperation\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ev1.2.26 - 14 Jun 2023\n[Security]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ePotential Padding Oracle Attack Vulnerability and Timing Attack Vulnerability\nfor JWE AES-CBC encrypted payloads affecting all v2 releases up to v2.0.10,\nall v1 releases up to v1.2.25, and all v0 releases up to v0.9.2 have been reported by\n\u003ca href=\"https://github.com/shogo82148\"\u003e\u003ccode\u003e@​shogo82148\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003ePlease note that v0 versions will NOT receive fixes.\nThis release fixes these vulnerabilities for the v1 series.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[Miscellaneous]\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJWE tests now only run algorithms that are supported by the underlying\n\u003ccode\u003ejose\u003c/code\u003e tool\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/1025f8eec3bd80c8d8f1be8f9cad989a5b78fd4b\"\u003e\u003ccode\u003e1025f8e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/lestrrat-go/jwx/issues/1092\"\u003e#1092\u003c/a\u003e from lestrrat-go/develop/v1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/4399ace82658d4639eb88342074fa97d68cc96f0\"\u003e\u003ccode\u003e4399ace\u003c/code\u003e\u003c/a\u003e Merge branch 'v1' into develop/v1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/dc80fede7c3766cda714a5cf0f4ce4b0ca5bec1c\"\u003e\u003ccode\u003edc80fed\u003c/code\u003e\u003c/a\u003e Update Changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/e4c1511301301a4481cc3cd3f5c6353a34be3e43\"\u003e\u003ccode\u003ee4c1511\u003c/code\u003e\u003c/a\u003e silence linter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/d01027d74c7376d66037a10f4f64af9af26a7e34\"\u003e\u003ccode\u003ed01027d\u003c/code\u003e\u003c/a\u003e Merge pull request from GHSA-hj3v-m684-v259\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/3d6e0e07be993dae07ec0b8b5d3a42f58a684ffc\"\u003e\u003ccode\u003e3d6e0e0\u003c/code\u003e\u003c/a\u003e Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (\u003ca href=\"https://redirect.github.com/lestrrat-go/jwx/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/3af5916bf0c6129e01487c8e47db534c8faa0c2a\"\u003e\u003ccode\u003e3af5916\u003c/code\u003e\u003c/a\u003e Bump golang.org/x/crypto from 0.19.0 to 0.21.0 (\u003ca href=\"https://redirect.github.com/lestrrat-go/jwx/issues/1087\"\u003e#1087\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/7a05818b361ae2594ec3294559438f1a5a90005e\"\u003e\u003ccode\u003e7a05818\u003c/code\u003e\u003c/a\u003e Bump golang.org/x/crypto from 0.18.0 to 0.19.0 (\u003ca href=\"https://redirect.github.com/lestrrat-go/jwx/issues/1074\"\u003e#1074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/8e2aacdf170d1cc9a5d9f7fbcb4738799315ce82\"\u003e\u003ccode\u003e8e2aacd\u003c/code\u003e\u003c/a\u003e Bump golangci/golangci-lint-action from 3 to 4 (\u003ca href=\"https://redirect.github.com/lestrrat-go/jwx/issues/1076\"\u003e#1076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lestrrat-go/jwx/commit/4b1fd05ad8bd33899aaf10f5d42b9e52291fda80\"\u003e\u003ccode\u003e4b1fd05\u003c/code\u003e\u003c/a\u003e Bump kentaro-m/auto-assign-action from 1.2.6 to 2.0.0 (\u003ca href=\"https://redirect.github.com/lestrrat-go/jwx/issues/1068\"\u003e#1068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lestrrat-go/jwx/compare/v1.2.25...v1.2.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.0.0-20220411215720-9780585627b5 to 0.27.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/oauth2/commits/v0.27.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AKJUS/secure-repo/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/AKJUS/secure-repo/pull/14","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Fsecure-repo/issues/14","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/14/packages"}},{"old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","update_type":"minor","path":null,"pr_created_at":"2025-08-28T19:44:39.000Z","version_change":"2.7.1+incompatible → 2.8.2+incompatible","issue":{"uuid":"2782805201","node_id":"PR_kwDONplZoM6l3jzR","number":3,"state":"open","title":"build(deps): bump the go_modules group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-28T19:44:39.000Z","updated_at":"2025-08-28T19:44:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go_modules","update_count":5,"packages":[{"name":"golang.org/x/net","old_version":"0.36.0","new_version":"0.38.0","repository_url":"https://github.com/golang/net"},{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/opencontainers/runc","old_version":"1.0.2","new_version":"1.2.0","repository_url":"https://github.com/opencontainers/runc"},{"name":"github.com/ulikunitz/xz","old_version":"0.5.12","new_version":"0.5.14","repository_url":"https://github.com/ulikunitz/xz"},{"name":"golang.org/x/oauth2","old_version":"0.17.0","new_version":"0.27.0","repository_url":"https://github.com/golang/oauth2"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [golang.org/x/net](https://github.com/golang/net) | `0.36.0` | `0.38.0` |\n| [github.com/docker/distribution](https://github.com/docker/distribution) | `2.7.1+incompatible` | `2.8.2+incompatible` |\n| [github.com/opencontainers/runc](https://github.com/opencontainers/runc) | `1.0.2` | `1.2.0` |\n| [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) | `0.5.12` | `0.5.14` |\n| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.17.0` | `0.27.0` |\n\n\nUpdates `golang.org/x/net` from 0.36.0 to 0.38.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9\"\u003e\u003ccode\u003ee1fcd82\u003c/code\u003e\u003c/a\u003e html: properly handle trailing solidus in unquoted attribute value in foreign...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ebed060e8f30f20235f74808c22125fd86b15edd\"\u003e\u003ccode\u003eebed060\u003c/code\u003e\u003c/a\u003e internal/http3: fix build of tests with GOEXPERIMENT=nosynctest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/1f1fa29e0a46fffe18c43a9da8daa5a0b180dfa9\"\u003e\u003ccode\u003e1f1fa29\u003c/code\u003e\u003c/a\u003e publicsuffix: regenerate table\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/12150816f701c912a32a376754ab28dd3878833a\"\u003e\u003ccode\u003e1215081\u003c/code\u003e\u003c/a\u003e http2: improve error when server sends HTTP/1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/312450e473eae9f9e6173ad895c80bc5ea2f79ad\"\u003e\u003ccode\u003e312450e\u003c/code\u003e\u003c/a\u003e html: ensure \u0026lt;search\u0026gt; tag closes \u0026lt;p\u0026gt; and update tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/09731f9bf919b00b344c763894cd1920b3d96d90\"\u003e\u003ccode\u003e09731f9\u003c/code\u003e\u003c/a\u003e http2: improve handling of lost PING in Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/55989e24b972a90ab99308fdc7ea1fb58a96fef1\"\u003e\u003ccode\u003e55989e2\u003c/code\u003e\u003c/a\u003e http2/h2c: use ResponseController for hijacking connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/2914f46773171f4fa13e276df1135bafef677801\"\u003e\u003ccode\u003e2914f46\u003c/code\u003e\u003c/a\u003e websocket: re-recommend gorilla/websocket\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/99b3ae0643f9a2f9d820fcbba5f9e4c83b23bd48\"\u003e\u003ccode\u003e99b3ae0\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/compare/v0.36.0...v0.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/runc` from 1.0.2 to 1.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/releases\"\u003egithub.com/opencontainers/runc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003erunc v1.2.0 -- \u0026quot;できるときにできることをやるんだ。それが今だ。\u0026quot;\u003c/h2\u003e\n\u003cp\u003eThis is the long-awaited release of runc 1.2.0! The primary changes from rc3\nare general improvements and fixes for minor regressions related to the\nnew /proc/self/exe cloning logic in runc 1.2, follow-on patches related\nto CVE-2024-45310, as well as some other minor changes.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eIn order to alleviate the remaining concerns around the memory usage and\n(arguably somewhat unimportant, but measurable) performance overhead of\nmemfds for cloning \u003ccode\u003e/proc/self/exe\u003c/code\u003e, we have added a new protection using\n\u003ccode\u003eoverlayfs\u003c/code\u003e that is used if you have enough privileges and the running\nkernel supports it. It has effectively no performance nor memory overhead\n(compared to no cloning at all). (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4448\"\u003e#4448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe original fix for \u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv\"\u003eCVE-2024-45310\u003c/a\u003e was intentionally very\nlimited in scope to make it easier to review, however it also did not handle\nall possible \u003ccode\u003eos.MkdirAll\u003c/code\u003e cases and thus could lead to regressions. We have\nswitched to the more complete implementation in the newer versions of\n\u003ccode\u003egithub.com/cyphar/filepath-securejoin\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4393\"\u003e#4393\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4400\"\u003e#4400\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4421\"\u003e#4421\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4430\"\u003e#4430\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIn certain situations (a system with lots of mounts or racing mounts) we\ncould accidentally end up leaking mounts from the container into the host.\nThis has been fixed. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4417\"\u003e#4417\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe fallback logic for \u003ccode\u003eO_TMPFILE\u003c/code\u003e clones of \u003ccode\u003e/proc/self/exe\u003c/code\u003e had a minor\nbug that would cause us to miss non-\u003ccode\u003enoexec\u003c/code\u003e directories and thus fail to\nstart containers on some systems. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4444\"\u003e#4444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSometimes the cloned \u003ccode\u003e/proc/self/exe\u003c/code\u003e file descriptor could be placed in a\nway that it would get clobbered by the Go runtime. We had a fix for this\nalready but it turns out it could still break in rare circumstances, but it\nhas now been fixed. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4294\"\u003e#4294\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4452\"\u003e#4452\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIt is not possible for \u003ccode\u003erunc kill\u003c/code\u003e to work properly in some specific\nconfigurations (such as rootless containers with no cgroups and a shared pid\nnamespace). We now output a warning for such configurations. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4398\"\u003e#4398\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ememfd-bind: update the documentation and make path handling with the systemd\nunit more idiomatic. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4428\"\u003e#4428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWe now use v0.16 of Cilium's eBPF library, including fixes that quite a few\ndownstreams asked for. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4397\"\u003e#4397\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4396\"\u003e#4396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSome internal \u003ccode\u003erunc init\u003c/code\u003e synchronisation that was no longer necessary (due\nto the \u003ccode\u003e/proc/self/exe\u003c/code\u003e cloning move to Go) was removed. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4441\"\u003e#4441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eStatic Linking Notices\u003c/h3\u003e\n\u003cp\u003eThe \u003ccode\u003erunc\u003c/code\u003e binary distributed with this release are \u003cem\u003estatically linked\u003c/em\u003e with\nthe following \u003ca href=\"https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html\"\u003eGNU LGPL-2.1\u003c/a\u003e licensed libraries, with \u003ccode\u003erunc\u003c/code\u003e acting\nas a \u0026quot;work that uses the Library\u0026quot;:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/seccomp/libseccomp\"\u003elibseccomp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe versions of these libraries were not modified from their upstream versions,\nbut in order to comply with the LGPL-2.1 (§6(a)), we have attached the\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/runc/blob/main/CHANGELOG.md\"\u003egithub.com/opencontainers/runc's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[1.2.0] - 2024-10-22\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eできるときにできることをやるんだ。それが今だ。\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIn order to alleviate the remaining concerns around the memory usage and\n(arguably somewhat unimportant, but measurable) performance overhead of\nmemfds for cloning \u003ccode\u003e/proc/self/exe\u003c/code\u003e, we have added a new protection using\n\u003ccode\u003eoverlayfs\u003c/code\u003e that is used if you have enough privileges and the running\nkernel supports it. It has effectively no performance nor memory overhead\n(compared to no cloning at all). (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4448\"\u003e#4448\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe original fix for \u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv\"\u003eCVE-2024-45310\u003c/a\u003e was intentionally very\nlimited in scope to make it easier to review, however it also did not handle\nall possible \u003ccode\u003eos.MkdirAll\u003c/code\u003e cases and thus could lead to regressions. We have\nswitched to the more complete implementation in the newer versions of\n\u003ccode\u003egithub.com/cyphar/filepath-securejoin\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4393\"\u003e#4393\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4400\"\u003e#4400\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4421\"\u003e#4421\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4430\"\u003e#4430\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIn certain situations (a system with lots of mounts or racing mounts) we\ncould accidentally end up leaking mounts from the container into the host.\nThis has been fixed. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4417\"\u003e#4417\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe fallback logic for \u003ccode\u003eO_TMPFILE\u003c/code\u003e clones of \u003ccode\u003e/proc/self/exe\u003c/code\u003e had a minor\nbug that would cause us to miss non-\u003ccode\u003enoexec\u003c/code\u003e directories and thus fail to\nstart containers on some systems. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4444\"\u003e#4444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSometimes the cloned \u003ccode\u003e/proc/self/exe\u003c/code\u003e file descriptor could be placed in a\nway that it would get clobbered by the Go runtime. We had a fix for this\nalready but it turns out it could still break in rare circumstances, but it\nhas now been fixed. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4294\"\u003e#4294\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4452\"\u003e#4452\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIt is not possible for \u003ccode\u003erunc kill\u003c/code\u003e to work properly in some specific\nconfigurations (such as rootless containers with no cgroups and a shared pid\nnamespace). We now output a warning for such configurations. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4398\"\u003e#4398\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ememfd-bind: update the documentation and make path handling with the systemd\nunit more idiomatic. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4428\"\u003e#4428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWe now use v0.16 of Cilium's eBPF library, including fixes that quite a few\ndownstreams asked for. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4397\"\u003e#4397\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4396\"\u003e#4396\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSome internal \u003ccode\u003erunc init\u003c/code\u003e synchronisation that was no longer necessary (due\nto the \u003ccode\u003e/proc/self/exe\u003c/code\u003e cloning move to Go) was removed. (\u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4441\"\u003e#4441\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[1.2.0-rc.3] - 2024-09-02\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003eThe supreme happiness of life is the conviction that we are loved.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv\"\u003eCVE-2024-45310\u003c/a\u003e, a low-severity attack that allowed\nmaliciously configured containers to create empty files and directories on\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/0b9fa21be2bcba45f6d9d748b4bcf70cfbffbc19\"\u003e\u003ccode\u003e0b9fa21\u003c/code\u003e\u003c/a\u003e VERSION: release v1.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/5190d6124bd65d92468abad364660e5a2978f149\"\u003e\u003ccode\u003e5190d61\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4452\"\u003e#4452\u003c/a\u003e from lifubang/fix-fd-reuse-race\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/ca45a2c52db89dd3dbf04fb10964aa7a7e3e4959\"\u003e\u003ccode\u003eca45a2c\u003c/code\u003e\u003c/a\u003e merge \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4446\"\u003e#4446\u003c/a\u003e into opencontainers/runc:main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/568231cc4ef4b0c20ff50185c006d48827903fe4\"\u003e\u003ccode\u003e568231c\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;increase memory.max in cgroups.bats\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/e66992669172d1b5a10e553dc40a7c1853097d85\"\u003e\u003ccode\u003ee669926\u003c/code\u003e\u003c/a\u003e fix an error caused by fd reuse race when starting runc init\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/ca8ca3ce07403327ecc998cf031b3ec9d22d8c63\"\u003e\u003ccode\u003eca8ca3c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4448\"\u003e#4448\u003c/a\u003e from cyphar/cloned-binary-overlayfs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/08faf151069ed3a54f5d2b2770c09ee644c9d703\"\u003e\u003ccode\u003e08faf15\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4429\"\u003e#4429\u003c/a\u003e from kolyshkin/cap-load\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/515f09f7b1dbd442298132592c7e9689b855dbdf\"\u003e\u003ccode\u003e515f09f\u003c/code\u003e\u003c/a\u003e dmz: use overlayfs to write-protect /proc/self/exe if possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/8cfbccb6d99a1bcfad5b16fb3f0bbca97cb5be4c\"\u003e\u003ccode\u003e8cfbccb\u003c/code\u003e\u003c/a\u003e tests: integration: add helper to check if we're in a userns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/runc/commit/8bebdbafd8e5199d7734747a91ba7e8dd369aca8\"\u003e\u003ccode\u003e8bebdba\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/runc/issues/4456\"\u003e#4456\u003c/a\u003e from kolyshkin/misc-ci-cleanups\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/runc/compare/v1.0.2...v1.2.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/ulikunitz/xz` from 0.5.12 to 0.5.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/7184815834c4777e8fa665946721d5fe114c2c35\"\u003e\u003ccode\u003e7184815\u003c/code\u003e\u003c/a\u003e Preparation of release v0.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2\"\u003e\u003ccode\u003e88ddf1d\u003c/code\u003e\u003c/a\u003e Address Security Issue GHSA-jc7w-c686-c4v9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ulikunitz/xz/commit/c8314b8f21e9c5e25b52da07544cac14db277e89\"\u003e\u003ccode\u003ec8314b8\u003c/code\u003e\u003c/a\u003e Add new package xio with WriteCloserStack\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ulikunitz/xz/compare/v0.5.12...v0.5.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.17.0 to 0.27.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/681b4d8edca1bcfea5bce685d77ea7b82ed3e7b3\"\u003e\u003ccode\u003e681b4d8\u003c/code\u003e\u003c/a\u003e jws: split token into fixed number of parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/3f78298beea38fb76a3fbca33e3056f4b7eb5502\"\u003e\u003ccode\u003e3f78298\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.23.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/109dabf9017129171d1807e485ca5633ecd095ac\"\u003e\u003ccode\u003e109dabf\u003c/code\u003e\u003c/a\u003e endpoints: add links/provider for Discord\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/ac571fa341c2a2b979d2b2c8341fd24767ef5d47\"\u003e\u003ccode\u003eac571fa\u003c/code\u003e\u003c/a\u003e oauth2: fix docs for Config.DeviceAuth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/314ee5b92bf23c4973aa8e61eba3ff458e80eef2\"\u003e\u003ccode\u003e314ee5b\u003c/code\u003e\u003c/a\u003e endpoints: add patreon endpoint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/b9c813be7d0ec3262d46deb8677ba5cda93d95ec\"\u003e\u003ccode\u003eb9c813b\u003c/code\u003e\u003c/a\u003e google: add warning about externally-provided credentials\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/49a531d12a9ad6fa9f5a070d577ac752ada772c9\"\u003e\u003ccode\u003e49a531d\u003c/code\u003e\u003c/a\u003e all: make method and struct comments match the names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/22134a41033e44c2cd074106770ab5b7ca910d15\"\u003e\u003ccode\u003e22134a4\u003c/code\u003e\u003c/a\u003e README: don't recommend go get\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/3e6480915d39dd1a80fa460e56413857f02cc1b9\"\u003e\u003ccode\u003e3e64809\u003c/code\u003e\u003c/a\u003e x/oauth2: add Token.ExpiresIn\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/16a9973a41c72ea3e252e9c14be34fcaa2928211\"\u003e\u003ccode\u003e16a9973\u003c/code\u003e\u003c/a\u003e jwt: rename example to avoid vet error\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/oauth2/compare/v0.17.0...v0.27.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/offsoc/cloudpods/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/offsoc/cloudpods/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/offsoc%2Fcloudpods/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"2.8.1+incompatible","new_version":"2.8.3+incompatible","update_type":"patch","path":null,"pr_created_at":"2025-08-28T14:10:57.000Z","version_change":"2.8.1+incompatible → 2.8.3+incompatible","issue":{"uuid":"3363488490","node_id":"PR_kwDOHQjzDM6l0M8P","number":91,"state":"open","title":"build(deps): bump the go_modules group with 7 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-28T14:10:57.000Z","updated_at":"2025-08-28T14:10:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go_modules","update_count":7,"packages":[{"name":"github.com/containerd/containerd","old_version":"1.6.3-0.20220401172941-5ff8fce1fcc6","new_version":"1.6.38","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/docker/buildx","old_version":"0.8.2","new_version":"0.21.3","repository_url":"https://github.com/docker/buildx"},{"name":"github.com/docker/distribution","old_version":"2.8.1+incompatible","new_version":"2.8.3+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/go-git/go-git/v5","old_version":"5.4.2","new_version":"5.13.0","repository_url":"https://github.com/go-git/go-git"},{"name":"github.com/moby/buildkit","old_version":"0.10.2","new_version":"0.20.0","repository_url":"https://github.com/moby/buildkit"},{"name":"google.golang.org/grpc","old_version":"1.46.0","new_version":"1.69.4","repository_url":"https://github.com/grpc/grpc-go"},{"name":"gopkg.in/yaml.v3","old_version":"3.0.0-20210107192922-496545a6307b","new_version":"3.0.1"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 7 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.6.3-0.20220401172941-5ff8fce1fcc6` | `1.6.38` |\n| [github.com/docker/buildx](https://github.com/docker/buildx) | `0.8.2` | `0.21.3` |\n| [github.com/docker/distribution](https://github.com/docker/distribution) | `2.8.1+incompatible` | `2.8.3+incompatible` |\n| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `5.4.2` | `5.13.0` |\n| [github.com/moby/buildkit](https://github.com/moby/buildkit) | `0.10.2` | `0.20.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.46.0` | `1.69.4` |\n| gopkg.in/yaml.v3 | `3.0.0-20210107192922-496545a6307b` | `3.0.1` |\n\nUpdates `github.com/containerd/containerd` from 1.6.3-0.20220401172941-5ff8fce1fcc6 to 1.6.38\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.6.38\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.6.38 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirty-eighth patch release for containerd 1.6 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix integer overflow in User ID handling (\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg\"\u003eGHSA-265r-hfxg-fhmg\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix fatal map concurrency error in httpstream (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11319\"\u003e#11319\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eAkhil Mohan\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eCraig Ingram\u003c/li\u003e\n\u003cli\u003eKohei Tokunaga\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eningmingxiao\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a\"\u003e\u003ccode\u003ecf158e884\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f\"\u003e\u003ccode\u003e9639b9625\u003c/code\u003e\u003c/a\u003e validate uid/gid\u003c/li\u003e\n\u003cli\u003ePrepare release notes for v1.6.38 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11539\"\u003e#11539\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/eee34bac2c401b3e4381594e99f6220bf8258c9c\"\u003e\u003ccode\u003eeee34bac2\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.6.38\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate build to go1.23.7, test go1.24.1 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11421\"\u003e#11421\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/b67a35baf0a97c87033f1a6c9bdf97630fe4e9e8\"\u003e\u003ccode\u003eb67a35baf\u003c/code\u003e\u003c/a\u003e move exclude-dirs to issues.exclude-dirs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2104a41efece4a12a34e03f00d780e905b95b5a5\"\u003e\u003ccode\u003e2104a41ef\u003c/code\u003e\u003c/a\u003e update golangci-lint to 1.60.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/820e81adccbf3819d282a6597db98bd4df49c12c\"\u003e\u003ccode\u003e820e81adc\u003c/code\u003e\u003c/a\u003e update build to go1.23.7, test go1.24.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove hashicorp/go-multierror dependency and fix CI (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11500\"\u003e#11500\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7cc3b3dcec509f1ce2e5d52887520baa48201c54\"\u003e\u003ccode\u003e7cc3b3dce\u003c/code\u003e\u003c/a\u003e e2e: use the shim bundled with containerd artifact\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0733895f3de3df51fe4e14563ee94a98df1be8dd\"\u003e\u003ccode\u003e0733895f3\u003c/code\u003e\u003c/a\u003e Remove unnecessary joinError unwrap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/054c4cc79c929eecfb9724fd1c3e9f13a4cd5701\"\u003e\u003ccode\u003e054c4cc79\u003c/code\u003e\u003c/a\u003e Remove hashicorp/go-multierror\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ff21be0ee8b274c05a542a096c1042ef63857f09\"\u003e\u003ccode\u003eff21be0ee\u003c/code\u003e\u003c/a\u003e Update go to 1.20 to use its multi error support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/f63b5fd3f9b4b809d94d4a3053c4d76a7753072c\"\u003e\u003ccode\u003ef63b5fd3f\u003c/code\u003e\u003c/a\u003e update containerd/project-checks to 1.2.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix fatal map concurrency error in httpstream (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11319\"\u003e#11319\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/abd1692cf27bcff4590207bdd8a827b06657c446\"\u003e\u003ccode\u003eabd1692cf\u003c/code\u003e\u003c/a\u003e fix fatal error: concurrent map iteration and map write\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/containerd/containerd/commits/v1.6.38\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/buildx` from 0.8.2 to 0.21.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/buildx/releases\"\u003egithub.com/docker/buildx's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.21.3\u003c/h2\u003e\n\u003cp\u003eWelcome to the v0.21.3 release of buildx!\u003c/p\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/docker/buildx/issues\"\u003ehttps://github.com/docker/buildx/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eTõnis Tiigi\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNotable Changes\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nThis release contains security fixes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003eFix possible credential leakage to telemetry endpoint. \u003ca href=\"https://github.com/docker/buildx/security/advisories/GHSA-m4gq-fm9h-8q75\"\u003eGHSA-m4gq-fm9h-8q75\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove unused fields from local state group that could potentially leak credentials.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003cp\u003ePrevious release can be found at \u003ca href=\"https://github.com/docker/buildx/releases/tag/v0.21.2\"\u003ev0.21.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.21.2\u003c/h2\u003e\n\u003cp\u003eWelcome to the v0.21.2 release of buildx!\u003c/p\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/docker/buildx/issues\"\u003ehttps://github.com/docker/buildx/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eLaurent Goderre\u003c/li\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eJonathan A. Sternberg\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNotable Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix handling of attestation extra arguments \u003ca href=\"https://redirect.github.com/docker/buildx/issues/3027\"\u003e#3027\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix the cache attribute not being skipped when empty with Bake overrides \u003ca href=\"https://redirect.github.com/docker/buildx/issues/3021\"\u003e#3021\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/7b5fecbd7a62d73843f7a73a6d4ec353c0555ef5\"\u003e\u003ccode\u003e7b5fecb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/buildx/issues/3067\"\u003e#3067\u003c/a\u003e from crazy-max/0.21_picks_0.21.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/05f75a5bd5abb5e391b70f9e8226aed9bed69508\"\u003e\u003ccode\u003e05f75a5\u003c/code\u003e\u003c/a\u003e localstate: remove definition and inputs fields from group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/0982070af84d476b232d2d75ab551c3222592db1\"\u003e\u003ccode\u003e0982070\u003c/code\u003e\u003c/a\u003e otel: avoid tracing raw os arguments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/1360a9e8d25a2c3d03c2776d53ae62e6ff0a843d\"\u003e\u003ccode\u003e1360a9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/buildx/issues/3037\"\u003e#3037\u003c/a\u003e from crazy-max/0.21_picks_0.21.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/6019a2b32f3444a282e0540b0492f27b261f826f\"\u003e\u003ccode\u003e6019a2b\u003c/code\u003e\u003c/a\u003e buildflags: skip empty cache entries when parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/6da88e1555db601a28291777ab592193fe5c868b\"\u003e\u003ccode\u003e6da88e1\u003c/code\u003e\u003c/a\u003e Fix handling of attest extra arguments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/41f8e5c85c343f697d47ab79e9bf718bf45d8a64\"\u003e\u003ccode\u003e41f8e5c\u003c/code\u003e\u003c/a\u003e Add attest extra args tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/7c2359c6bf8b3331413c0fe95918fe1cfe9aa127\"\u003e\u003ccode\u003e7c2359c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/buildx/issues/3018\"\u003e#3018\u003c/a\u003e from crazy-max/0.21_picks_0.21.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/65a52b5272ebc22fd43dbd52faf611ad37f5d575\"\u003e\u003ccode\u003e65a52b5\u003c/code\u003e\u003c/a\u003e remove accidental debug\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/buildx/commit/34ed52e4ae66478e29c2ca88ac1a3a6ef5a56759\"\u003e\u003ccode\u003e34ed52e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/buildx/issues/3011\"\u003e#3011\u003c/a\u003e from jsternberg/v0.21.0-picks\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/buildx/compare/v0.8.2...v0.21.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/distribution` from 2.8.1+incompatible to 2.8.3+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePass \u003ccode\u003eBUILDTAGS\u003c/code\u003e argument to \u003ccode\u003ego build\u003c/code\u003e by \u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable Go build tags by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4009\"\u003edistribution/distribution#4009\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ereference\u003c/code\u003e: replace deprecated function \u003ccode\u003eSplitHostname\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4032\"\u003edistribution/distribution#4032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDont parse errors as JSON unless Content-Type is set to JSON by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4054\"\u003edistribution/distribution#4054\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go 1.20.8 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4056\"\u003edistribution/distribution#4056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSet \u003ccode\u003eContent-Type\u003c/code\u003e header in registry client \u003ccode\u003eReadFrom\u003c/code\u003e by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4053\"\u003edistribution/distribution#4053\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edeprecate reference package, migrate to github.com/distribution/reference by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4063\"\u003edistribution/distribution#4063\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edigestset\u003c/code\u003e: deprecate package in favor of \u003ccode\u003ego-digest/digestset\u003c/code\u003e  by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4064\"\u003edistribution/distribution#4064\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDo not close HTTP request body in HTTP handler by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4068\"\u003edistribution/distribution#4068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd v2.8.3 release notes by \u003ca href=\"https://github.com/milosgajdos\"\u003e\u003ccode\u003e@​milosgajdos\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/4088\"\u003edistribution/distribution#4088\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marcusirgens\"\u003e\u003ccode\u003e@​marcusirgens\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3926\"\u003edistribution/distribution#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.2...v2.8.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4772604ae973031ab32dd9805a4bccf61d94909f\"\u003e\u003ccode\u003e4772604\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4088\"\u003e#4088\u003c/a\u003e from distribution/2.8.3-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a4fa69927538d336b6c537712b03ebb8e4194535\"\u003e\u003ccode\u003ea4fa699\u003c/code\u003e\u003c/a\u003e Add v2.8.3 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/1eb2c30122f5e45360037a9e5191e861b0fb86e6\"\u003e\u003ccode\u003e1eb2c30\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4068\"\u003e#4068\u003c/a\u003e from milosgajdos/2_8-dont-close-request-body\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5e6b1b5c9823f5941f40f8dc2bbf93f86342a897\"\u003e\u003ccode\u003e5e6b1b5\u003c/code\u003e\u003c/a\u003e Do not close HTTP request body in HTTP handler\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b76378843a642c9f92dc0cc528219e103aa9bee\"\u003e\u003ccode\u003e2b76378\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4064\"\u003e#4064\u003c/a\u003e from thaJeztah/2.8_backport_nodigestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/29b00e8b28994a706bb9eb20574ed60416ddc55c\"\u003e\u003ccode\u003e29b00e8\u003c/code\u003e\u003c/a\u003e digestset: deprecate package in favor of go-digest/digestset\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/d1ab2430e6c6226cf54cb46d9a8c8f253f24f8ec\"\u003e\u003ccode\u003ed1ab243\u003c/code\u003e\u003c/a\u003e [release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/11eb4194f67598afebcc15bf474b488b3c5b09a0\"\u003e\u003ccode\u003e11eb419\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4063\"\u003e#4063\u003c/a\u003e from thaJeztah/2.8_backport_switch_reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/3dda0677474a076ec5746e960fc0fb96ff738fd1\"\u003e\u003ccode\u003e3dda067\u003c/code\u003e\u003c/a\u003e deprecate reference package, migrate to github.com/distribution/reference\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/da05539ad3168aaba3a0b22aebdbddb3deeba6a2\"\u003e\u003ccode\u003eda05539\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/4053\"\u003e#4053\u003c/a\u003e from thaJeztah/2.8_backport_set-content-type-client-...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.1...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-git/go-git/v5` from 5.4.2 to 5.13.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-git/go-git/releases\"\u003egithub.com/go-git/go-git/v5's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.13.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild: bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 in /cli/go-git by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1065\"\u003ego-git/go-git#1065\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/net from 0.22.0 to 0.23.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1068\"\u003ego-git/go-git#1068\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/net from 0.23.0 to 0.24.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1071\"\u003ego-git/go-git#1071\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eProperly support skipping of non-mandatory extensions  by \u003ca href=\"https://github.com/codablock\"\u003e\u003ccode\u003e@​codablock\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1066\"\u003ego-git/go-git#1066\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egit: Refine some codes in test and non-test. by \u003ca href=\"https://github.com/onee-only\"\u003e\u003ccode\u003e@​onee-only\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1077\"\u003ego-git/go-git#1077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: protocol/packp, client-side filter capability support by \u003ca href=\"https://github.com/edigaryev\"\u003e\u003ccode\u003e@​edigaryev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1000\"\u003ego-git/go-git#1000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/net from 0.22.0 to 0.23.0 in /cli/go-git by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1078\"\u003ego-git/go-git#1078\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: fix sideband demux on flush by \u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1084\"\u003ego-git/go-git#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estorage: dotgit, head reference usually comes first by \u003ca href=\"https://github.com/aymanbagabas\"\u003e\u003ccode\u003e@​aymanbagabas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1085\"\u003ego-git/go-git#1085\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/text from 0.14.0 to 0.15.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1091\"\u003ego-git/go-git#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/crypto from 0.22.0 to 0.23.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1094\"\u003ego-git/go-git#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/net from 0.24.0 to 0.25.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1093\"\u003ego-git/go-git#1093\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egit: Added an example for Repository.Branches by \u003ca href=\"https://github.com/johnmatthiggins\"\u003e\u003ccode\u003e@​johnmatthiggins\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1088\"\u003ego-git/go-git#1088\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egit: worktree_commit, Modify checking empty commit. Fixes \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/723\"\u003e#723\u003c/a\u003e by \u003ca href=\"https://github.com/onee-only\"\u003e\u003ccode\u003e@​onee-only\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1050\"\u003ego-git/go-git#1050\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: transport/http, Wrap http errors to return reason. Fixes \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1097\"\u003e#1097\u003c/a\u003e by \u003ca href=\"https://github.com/ggambetti\"\u003e\u003ccode\u003e@​ggambetti\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1100\"\u003ego-git/go-git#1100\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/sys from 0.20.0 to 0.21.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1106\"\u003ego-git/go-git#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/text from 0.15.0 to 0.16.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1107\"\u003ego-git/go-git#1107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBumps Go versions and go-billy by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1056\"\u003ego-git/go-git#1056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e_examples: Fixed a dead link COMPATIBILITY.md by \u003ca href=\"https://github.com/gecko655\"\u003e\u003ccode\u003e@​gecko655\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1109\"\u003ego-git/go-git#1109\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump github.com/jessevdk/go-flags from 1.5.0 to 1.6.1 in /cli/go-git by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1115\"\u003ego-git/go-git#1115\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump github.com/elazarl/goproxy from v0.0.0-20230808193330-2592e75ae04a to v0.0.0-20240618083138-03be62527ccb by \u003ca href=\"https://github.com/hbelmiro\"\u003e\u003ccode\u003e@​hbelmiro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1124\"\u003ego-git/go-git#1124\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/net from 0.25.0 to 0.26.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1104\"\u003ego-git/go-git#1104\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd option approximating \u003ccode\u003egit clean -x\u003c/code\u003e flag. by \u003ca href=\"https://github.com/msuozzo\"\u003e\u003ccode\u003e@​msuozzo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/995\"\u003ego-git/go-git#995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRevert \u0026quot;Add option approximating \u003ccode\u003egit clean -x\u003c/code\u003e flag.\u0026quot; by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1129\"\u003ego-git/go-git#1129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix reference updated concurrently error for the filesystem storer by \u003ca href=\"https://github.com/Javier-varez\"\u003e\u003ccode\u003e@​Javier-varez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1116\"\u003ego-git/go-git#1116\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/net from 0.26.0 to 0.27.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1134\"\u003ego-git/go-git#1134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eutils: merkletrie, Align error message with upstream by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1142\"\u003ego-git/go-git#1142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: transport/file, Change paths to absolute by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1141\"\u003ego-git/go-git#1141\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: gitignore, Fix loading of ignored .gitignore files. by \u003ca href=\"https://github.com/Achilleshiel\"\u003e\u003ccode\u003e@​Achilleshiel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1114\"\u003ego-git/go-git#1114\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump github.com/skeema/knownhosts from 1.2.2 to 1.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1147\"\u003ego-git/go-git#1147\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: transport/ssh, Add support for SSH \u003ca href=\"https://github.com/cert-authority\"\u003e\u003ccode\u003e@​cert-authority\u003c/code\u003e\u003c/a\u003e. by \u003ca href=\"https://github.com/Javier-varez\"\u003e\u003ccode\u003e@​Javier-varez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1157\"\u003ego-git/go-git#1157\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: run example tests during CI workflow by \u003ca href=\"https://github.com/crazybolillo\"\u003e\u003ccode\u003e@​crazybolillo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1030\"\u003ego-git/go-git#1030\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estorage: filesystem, Fix object cache not working due to uninitialised objects being put into cache by \u003ca href=\"https://github.com/SatelliteMind\"\u003e\u003ccode\u003e@​SatelliteMind\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1138\"\u003ego-git/go-git#1138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egit: Fix fetching missing commits by \u003ca href=\"https://github.com/AriehSchneier\"\u003e\u003ccode\u003e@​AriehSchneier\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1032\"\u003ego-git/go-git#1032\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: format/packfile, remove duplicate checks in findMatch() by \u003ca href=\"https://github.com/edigaryev\"\u003e\u003ccode\u003e@​edigaryev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1152\"\u003ego-git/go-git#1152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egit: worktree, Fix file reported as \u003ccode\u003eUntracked\u003c/code\u003e while it is committed by \u003ca href=\"https://github.com/rodrigocam\"\u003e\u003ccode\u003e@​rodrigocam\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1023\"\u003ego-git/go-git#1023\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/sys from 0.22.0 to 0.23.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1160\"\u003ego-git/go-git#1160\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: filemode, Remove check for setting size of .git/index file  by \u003ca href=\"https://github.com/nicholasSUSE\"\u003e\u003ccode\u003e@​nicholasSUSE\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1159\"\u003ego-git/go-git#1159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/net from 0.27.0 to 0.28.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1163\"\u003ego-git/go-git#1163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix some lint warning and increase stalebot to 180 days by \u003ca href=\"https://github.com/pjbgf\"\u003e\u003ccode\u003e@​pjbgf\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1128\"\u003ego-git/go-git#1128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadjust path extracted from file: url on Windows by \u003ca href=\"https://github.com/tomqwpl\"\u003e\u003ccode\u003e@​tomqwpl\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/416\"\u003ego-git/go-git#416\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/sys from 0.23.0 to 0.24.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1164\"\u003ego-git/go-git#1164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd RestoreStaged to Worktree that mimics the behaviour of git restore --staged \u003c!-- raw HTML omitted --\u003e... by \u003ca href=\"https://github.com/ben-tbotlabs\"\u003e\u003ccode\u003e@​ben-tbotlabs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/493\"\u003ego-git/go-git#493\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eplumbing: signature, support the same x509 signature formats as git by \u003ca href=\"https://github.com/yoavamit\"\u003e\u003ccode\u003e@​yoavamit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1169\"\u003ego-git/go-git#1169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: allow discovery of non bare repos in fsLoader by \u003ca href=\"https://github.com/jakobmoellerdev\"\u003e\u003ccode\u003e@​jakobmoellerdev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1170\"\u003ego-git/go-git#1170\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/sys from 0.24.0 to 0.25.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1178\"\u003ego-git/go-git#1178\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/text from 0.17.0 to 0.18.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1179\"\u003ego-git/go-git#1179\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild: bump golang.org/x/net from 0.28.0 to 0.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-git/go-git/pull/1184\"\u003ego-git/go-git#1184\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/94bd4af1deb15a64e90c6287eaf9e9f09b192a1f\"\u003e\u003ccode\u003e94bd4af\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1261\"\u003e#1261\u003c/a\u003e from BeChris/issue680\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/8b7f5ba6f0cade1a25c5c4ca9e4d07a95c639945\"\u003e\u003ccode\u003e8b7f5ba\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1262\"\u003e#1262\u003c/a\u003e from go-git/dependabot/go_modules/github.com/elazarl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/41d80a059a481d4c623bc8185c41ce82ed8ce985\"\u003e\u003ccode\u003e41d80a0\u003c/code\u003e\u003c/a\u003e build: bump github.com/elazarl/goproxy\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/499814044f111480b2a17a07c5a7a4c523ce5b87\"\u003e\u003ccode\u003e4998140\u003c/code\u003e\u003c/a\u003e git: worktree_commit, sanitize author and commiter name and email before crea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/9049625b98bd05edb9f1d00e7ff5da763afc0745\"\u003e\u003ccode\u003e9049625\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1260\"\u003e#1260\u003c/a\u003e from go-git/dependabot/github_actions/github/codeql-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/dae48b4340d1cc6b562ade40b54049584075991f\"\u003e\u003ccode\u003edae48b4\u003c/code\u003e\u003c/a\u003e build: bump github/codeql-action from 3.27.9 to 3.28.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/7d6fbc2c2a05eb6327b298b816bc0c4f854820a6\"\u003e\u003ccode\u003e7d6fbc2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1220\"\u003e#1220\u003c/a\u003e from BeChris/accept_uppercase_hexa_in_pktline_length\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/62a77b7d343dc1ed08d1d691efa13d81788cbc29\"\u003e\u003ccode\u003e62a77b7\u003c/code\u003e\u003c/a\u003e plumbing: Fix invalid reference name error while cloning branches containing ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/5e11196652708f339737b31bf9639373610dd7d1\"\u003e\u003ccode\u003e5e11196\u003c/code\u003e\u003c/a\u003e plumbing: format/pktline, accept upercase hexadecimal value as pktline length...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-git/go-git/commit/65f5e1ade083cfabacc2de4aaa68f7880e22b642\"\u003e\u003ccode\u003e65f5e1a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-git/go-git/issues/1256\"\u003e#1256\u003c/a\u003e from go-git/dependabot/go_modules/golang-org-232a611e2d\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-git/go-git/compare/v5.4.2...v5.13.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/moby/buildkit` from 0.10.2 to 0.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moby/buildkit/releases\"\u003egithub.com/moby/buildkit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.20.0\u003c/h2\u003e\n\u003cp\u003eWelcome to the v0.20.0 release of buildkit!\u003c/p\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/moby/buildkit/issues\"\u003ehttps://github.com/moby/buildkit/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eTõnis Tiigi\u003c/li\u003e\n\u003cli\u003eSebastiaan van Stijn\u003c/li\u003e\n\u003cli\u003eJonathan A. Sternberg\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eAnthony Nandaa\u003c/li\u003e\n\u003cli\u003eShaun Thompson\u003c/li\u003e\n\u003cli\u003eAustin Vazquez\u003c/li\u003e\n\u003cli\u003eBertrand Paquet\u003c/li\u003e\n\u003cli\u003eBrian Goff\u003c/li\u003e\n\u003cli\u003ePranav Pandit\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNotable Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBuiltin Dockerfile frontend has been updated to \u003ca href=\"https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.14.0\"\u003ev1.14.0\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGithub Actions cache backend has been updated to support v2 API. Github is expected to stop supporting V1 API from March 1st 2025. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5720\"\u003e#5720\u003c/a\u003e \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5750\"\u003e#5750\u003c/a\u003e \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5754\"\u003e#5754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport for CDI (Container Device Interface) devices has been added allowing builds to use GPUs and other defined devices. Build steps can now request devices to be injected into the container, if they are permitted to do so. In Dockerfile, devices are currently available in the \u003ccode\u003elabs\u003c/code\u003e channel. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/4056\"\u003e#4056\u003c/a\u003e \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5722\"\u003e#5722\u003c/a\u003e \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5726\"\u003e#5726\u003c/a\u003e \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5729\"\u003e#5729\u003c/a\u003e \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5742\"\u003e#5742\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHistory record APIs now support server-side filters and limiting amount of records returned. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5705\"\u003e#5705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Runc to v1.2.5. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5741\"\u003e#5741\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEmbedded binfmt emulators in the release image have been updated to QEMU v9.2.0 \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5695\"\u003e#5695\u003c/a\u003e \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5736\"\u003e#5736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix possible errors from credentials expiration for long builds. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5684\"\u003e#5684\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix possible crash from S3 remote cache backend. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5597\"\u003e#5597\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix possible record leak in Bolt database. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5692\"\u003e#5692\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix invalid warning messages when running subrequests (e.g. check, outline) for a specific platform. \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5730\"\u003e#5730\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/Azure/azure-sdk-for-go/sdk/azcore\u003c/strong\u003e                v1.11.1 -\u0026gt; v1.16.0\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/Azure/azure-sdk-for-go/sdk/azidentity\u003c/strong\u003e            v1.6.0 -\u0026gt; v1.8.0\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/Azure/azure-sdk-for-go/sdk/internal\u003c/strong\u003e              v1.8.0 -\u0026gt; v1.10.0\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/Azure/azure-sdk-for-go/sdk/storage/azblob\u003c/strong\u003e        v0.4.1 -\u0026gt; v1.5.0\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/AzureAD/microsoft-authentication-library-for-go\u003c/strong\u003e  v1.2.2 -\u0026gt; v1.3.2\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/containerd/cgroups/v3\u003c/strong\u003e                            v3.0.3 -\u0026gt; v3.0.5\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/containerd/fuse-overlayfs-snapshotter/v2\u003c/strong\u003e         v2.1.0 -\u0026gt; v2.1.1\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/containerd/go-cni\u003c/strong\u003e                                v1.1.11 -\u0026gt; v1.1.12\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/docker/cli\u003c/strong\u003e                                       v27.5.0 -\u0026gt; v27.5.1\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/docker/docker\u003c/strong\u003e                                    v27.5.0 -\u0026gt; v27.5.1\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/moby/term\u003c/strong\u003e                                        v0.5.0 -\u0026gt; v0.5.2\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/package-url/packageurl-go\u003c/strong\u003e                        89078438f170 -\u0026gt; v0.1.1\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003egithub.com/petermattis/goid\u003c/strong\u003e                                 4fcff4a6cae7 \u003cstrong\u003e\u003cem\u003enew\u003c/em\u003e\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/121ecd5b9083b8eef32183cd404dd13e15b4a3df\"\u003e\u003ccode\u003e121ecd5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5761\"\u003e#5761\u003c/a\u003e from jsternberg/v0.20.0-picks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/c7153d1eb5912e5ae42571559bd334374f325802\"\u003e\u003ccode\u003ec7153d1\u003c/code\u003e\u003c/a\u003e cache(gha): fix missing user-agent for importer\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/c016cdacba9ae85c7f4303e3fb5b5c29ab204f62\"\u003e\u003ccode\u003ec016cda\u003c/code\u003e\u003c/a\u003e cache(gha): set user-agent for github cache service requests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/6cad2f9c52af1cb78a0f590a68fe37e968efdba9\"\u003e\u003ccode\u003e6cad2f9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/moby/buildkit/issues/5755\"\u003e#5755\u003c/a\u003e from crazy-max/0.20_backport_rc3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/b0f75aa807a79cee73d0500864144ab5fdf66cea\"\u003e\u003ccode\u003eb0f75aa\u003c/code\u003e\u003c/a\u003e test: handle gha cache v2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/5ae6c31b11eaa914efc79bd3cdbe6e03852c3b8a\"\u003e\u003ccode\u003e5ae6c31\u003c/code\u003e\u003c/a\u003e buildctl: set fallback url for gha cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/61f13c08632830f8026d94676fc03607245874a1\"\u003e\u003ccode\u003e61f13c0\u003c/code\u003e\u003c/a\u003e dockerfile: update runc to 1.2.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/281e8c9d0ef85ff42f3c921673c36aeb0b28508c\"\u003e\u003ccode\u003e281e8c9\u003c/code\u003e\u003c/a\u003e client: test cdi entitlement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/f901bcc6a8376c21e726f180039495883ffa7f21\"\u003e\u003ccode\u003ef901bcc\u003c/code\u003e\u003c/a\u003e cdi: test find devices\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/buildkit/commit/e500309fc00b24825856d4035d7a432198a433fb\"\u003e\u003ccode\u003ee500309\u003c/code\u003e\u003c/a\u003e cdi: keep auto refresh\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moby/buildkit/compare/v0.10.2...v0.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.46.0 to 1.69.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.69.4\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003erbac: fix support for :path header matchers, which would previously never successfully match (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7965\"\u003e#7965\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eDocumentation\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexamples/features/csm_observability: update example client and server to use the helloworld service instead of echo service (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7945\"\u003e#7945\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eRelease 1.69.3 was accidentally tagged on the master branch and will be deleted. Please update to 1.69.4 instead.\u003c/p\u003e\n\u003ch2\u003eRelease 1.69.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats/experimental: add type aliases for symbols (\u003ccode\u003eMetrics\u003c/code\u003e/etc) that were moved to the stats package (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7929\"\u003e#7929\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eclient: set user-agent string to the correct version.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.69.0\u003c/h2\u003e\n\u003ch1\u003eKnown Issues\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eThe recently added \u003ccode\u003egrpc.NewClient\u003c/code\u003e function is incompatible with forward proxies, because it resolves the target hostname on the client instead of passing the hostname to the proxy. A fix is expected to be a part of grpc-go v1.70. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7556\"\u003e#7556\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003estats/opentelemetry: Introduce new APIs to enable OpenTelemetry instrumentation for metrics on servers and clients (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7874\"\u003e#7874\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exdsclient: add support to fallback to lower priority servers when higher priority ones are down (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7701\"\u003e#7701\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edns: Add support for link local IPv6 addresses (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7889\"\u003e#7889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eThe new experimental \u003ccode\u003epickfirst\u003c/code\u003e LB policy (disabled by default) supports Happy Eyeballs, interleaving IPv4 and IPv6 address as described in \u003ca href=\"https://www.rfc-editor.org/rfc/rfc8305#section-4\"\u003eRFC-8305 section 4\u003c/a\u003e, to attempt connections to multiple backends concurrently. The experimental \u003ccode\u003epickfirst\u003c/code\u003e policy can be enabled by setting the environment variable \u003ccode\u003eGRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST\u003c/code\u003e to \u003ccode\u003etrue\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7725\"\u003e#7725\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7742\"\u003e#7742\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebalancer/pickfirst: Emit metrics from the \u003ccode\u003epick_first\u003c/code\u003e load balancing policy (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7839\"\u003e#7839\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003egrpc: export \u003ccode\u003eMethodHandler\u003c/code\u003e, which is the type of an already-exported field in \u003ccode\u003eMethodDesc\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7796\"\u003e#7796\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/mohdjishin\"\u003e\u003ccode\u003e@​mohdjishin\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ecredentials/google: set scope for application default credentials (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7887\"\u003e#7887\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/halvards\"\u003e\u003ccode\u003e@​halvards\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: fix edge-case issues where some clients or servers would not initialize correctly or would not receive errors when resources are invalid or unavailable if another channel or server with the same target was already in use . (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7851\"\u003e#7851\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7853\"\u003e#7853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eexamples: fix the debugging example, which was broken by a recent change (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7833\"\u003e#7833\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: update retry attempt backoff to apply jitter per updates to \u003ca href=\"https://github.com/grpc/proposal/blob/master/A6-client-retries.md\"\u003egRFC A6\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7869\"\u003e#7869\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/isgj\"\u003e\u003ccode\u003e@​isgj\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ebalancer/weightedroundrobin: use the \u003ccode\u003epick_first\u003c/code\u003e LB policy to manage connections (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7826\"\u003e#7826\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer: An internal method is added to the \u003ccode\u003ebalancer.SubConn\u003c/code\u003e interface to force implementors to embed a delegate implementation. This requirement is present in the interface documentation, but wasn't enforced earlier. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7840\"\u003e#7840\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003ePerformance Improvements\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003emem: implement a \u003ccode\u003eReadAll()\u003c/code\u003e method for more efficient \u003ccode\u003eio.Reader\u003c/code\u003e consumption (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7653\"\u003e#7653\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/ash2k\"\u003e\u003ccode\u003e@​ash2k\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/4103cfc52a951673d441f8b2c02eee96e31f1897\"\u003e\u003ccode\u003e4103cfc\u003c/code\u003e\u003c/a\u003e Change version to 1.69.4 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8005\"\u003e#8005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/cf6ddaa06db9da8bcdc23e682b72dcf831abfda8\"\u003e\u003ccode\u003ecf6ddaa\u003c/code\u003e\u003c/a\u003e Change version to 1.69.4-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8001\"\u003e#8001\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/94a0c2cbfc5fa21cdc3f2a3eecad7f5ae5e23e99\"\u003e\u003ccode\u003e94a0c2c\u003c/code\u003e\u003c/a\u003e Change version to 1.69.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/8000\"\u003e#8000\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/ec415604a2f817c7c44fbadfa3f7983c9f6ab8d5\"\u003e\u003ccode\u003eec41560\u003c/code\u003e\u003c/a\u003e Cherry pick \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7965\"\u003e#7965\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7945\"\u003e#7945\u003c/a\u003e to v1.69.x (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7996\"\u003e#7996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/3b328ba4d21148e7d4526e938b0b2cde611b388f\"\u003e\u003ccode\u003e3b328ba\u003c/code\u003e\u003c/a\u003e Change version to 1.69.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7948\"\u003e#7948\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/b615b35c4feb932a0ac658fb86b7127f10ef664e\"\u003e\u003ccode\u003eb615b35\u003c/code\u003e\u003c/a\u003e Change version to 1.69.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7947\"\u003e#7947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6b36a3e60ae03bc1aebf3f3e6bce58a2bc496ded\"\u003e\u003ccode\u003e6b36a3e\u003c/code\u003e\u003c/a\u003e experimental/stats: re-add type aliases for migration (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7929\"\u003e#7929\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7941\"\u003e#7941\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/4535c6d2699749b5cd423e07caa7459fa42a76a7\"\u003e\u003ccode\u003e4535c6d\u003c/code\u003e\u003c/a\u003e Change version to 1.69.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7928\"\u003e#7928\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/b6e7c72ece4bc35a2fd79952cee6305a7ce5aaef\"\u003e\u003ccode\u003eb6e7c72\u003c/code\u003e\u003c/a\u003e examples/features/csm_observability: Make CSM Observability example server li...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/9355fbcc19aca55a3b6803626cb9f26f2ac7874e\"\u003e\u003ccode\u003e9355fbc\u003c/code\u003e\u003c/a\u003e Change version to 1.69.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/7927\"\u003e#7927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.46.0...v1.69.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `gopkg.in/yaml.v3` from 3.0.0-20210107192922-496545a6307b to 3.0.1\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/cpuguy83/dagger/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/cpuguy83/dagger/pull/91","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cpuguy83%2Fdagger/issues/91","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/91/packages"}},{"old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","update_type":"minor","path":null,"pr_created_at":"2025-08-28T14:10:18.000Z","version_change":"2.7.1+incompatible → 2.8.2+incompatible","issue":{"uuid":"2781922639","node_id":"PR_kwDOJG5hFs6l0MVP","number":32,"state":"open","title":"Bump the go_modules group with 10 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-28T14:10:18.000Z","updated_at":"2025-08-28T14:10:19.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":10,"packages":[{"name":"github.com/jaegertracing/jaeger","old_version":"1.38.2-0.20221007043206-b4c88ddf6cdd","new_version":"1.47.0","repository_url":"https://github.com/jaegertracing/jaeger"},{"name":"github.com/ClickHouse/ch-go","old_version":"0.47.3","new_version":"0.65.0","repository_url":"https://github.com/ClickHouse/ch-go"},{"name":"github.com/containerd/containerd","old_version":"1.5.0-beta.4","new_version":"1.6.38","repository_url":"https://github.com/containerd/containerd"},{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/docker/docker","old_version":"20.10.7+incompatible","new_version":"28.0.0+incompatible","repository_url":"https://github.com/docker/docker"},{"name":"github.com/opencontainers/image-spec","old_version":"1.0.1","new_version":"1.1.0","repository_url":"https://github.com/opencontainers/image-spec"},{"name":"golang.org/x/net","old_version":"0.0.0-20221002022538-bcab6841153b","new_version":"0.26.0","repository_url":"https://github.com/golang/net"},{"name":"golang.org/x/text","old_version":"0.3.7","new_version":"0.16.0","repository_url":"https://github.com/golang/text"},{"name":"google.golang.org/grpc","old_version":"1.50.0","new_version":"1.59.0","repository_url":"https://github.com/grpc/grpc-go"},{"name":"google.golang.org/protobuf","old_version":"1.28.1","new_version":"1.33.0"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 10 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [github.com/jaegertracing/jaeger](https://github.com/jaegertracing/jaeger) | `1.38.2-0.20221007043206-b4c88ddf6cdd` | `1.47.0` |\n| [github.com/ClickHouse/ch-go](https://github.com/ClickHouse/ch-go) | `0.47.3` | `0.65.0` |\n| [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.5.0-beta.4` | `1.6.38` |\n| [github.com/docker/distribution](https://github.com/docker/distribution) | `2.7.1+incompatible` | `2.8.2+incompatible` |\n| [github.com/docker/docker](https://github.com/docker/docker) | `20.10.7+incompatible` | `28.0.0+incompatible` |\n| [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec) | `1.0.1` | `1.1.0` |\n| [golang.org/x/net](https://github.com/golang/net) | `0.0.0-20221002022538-bcab6841153b` | `0.26.0` |\n| [golang.org/x/text](https://github.com/golang/text) | `0.3.7` | `0.16.0` |\n| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.50.0` | `1.59.0` |\n| google.golang.org/protobuf | `1.28.1` | `1.33.0` |\n\nUpdates `github.com/jaegertracing/jaeger` from 1.38.2-0.20221007043206-b4c88ddf6cdd to 1.47.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jaegertracing/jaeger/releases\"\u003egithub.com/jaegertracing/jaeger's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.47.0\u003c/h2\u003e\n\u003ch2\u003e1.47.0 (2023-07-05)\u003c/h2\u003e\n\u003ch3\u003eBackend Changes\u003c/h3\u003e\n\u003ch4\u003e⛔ Breaking Changes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e[SPM] Due to a breaking change in OpenTelemetry's prometheus exporter (\u003ca href=\"https://github.com/open-telemetry/opentelemetry-collector-contrib/releases/tag/v0.80.0\"\u003edetails\u003c/a\u003e)\nmetric names will no longer be normalized by default, meaning that the expected metric names would be \u003ccode\u003ecalls\u003c/code\u003e and\n\u003ccode\u003eduration_[buckets|count|sum]\u003c/code\u003e. Backwards compatibility with older OpenTelemetry Collector versions can be achieved through the following flags:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eprometheus.query.normalize-calls\u003c/code\u003e: If true, normalizes the \u0026quot;calls\u0026quot; metric name. e.g. \u0026quot;calls_total\u0026quot;.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eprometheus.query.normalize-duration\u003c/code\u003e: If true, normalizes the \u0026quot;duration\u0026quot; metric name to include the duration units. e.g. \u0026quot;duration_milliseconds_bucket\u0026quot;.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eNew Features\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e[Cassandra] Add Configuration.Close() to ensure TLS cert watcher is closed (\u003ca href=\"https://github.com/kennyaz\"\u003e\u003ccode\u003e@​kennyaz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4515\"\u003e#4515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd *.kerberos.disable-fast-negotiation option to Kafka consumer (\u003ca href=\"https://github.com/pmuls99\"\u003e\u003ccode\u003e@​pmuls99\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4520\"\u003e#4520\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Prometheus normalization for specific metrics related to OpenTelemetry compatibility (\u003ca href=\"https://github.com/albertteoh\"\u003e\u003ccode\u003e@​albertteoh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4555\"\u003e#4555\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBug fixes, Minor Improvements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd readme for memstore plugin (\u003ca href=\"https://github.com/yurishkuro\"\u003e\u003ccode\u003e@​yurishkuro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/jaegertracing/jaeger/commit/283bdd93cbb4a467842625d8eb320722fcb83494\"\u003e283bdd9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePass a wrapper instead of \u003ccode\u003eopentracing.Tracer\u003c/code\u003e to ease migration to OTEL in the future [part 1] (\u003ca href=\"https://github.com/afzalbin64\"\u003e\u003ccode\u003e@​afzalbin64\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4529\"\u003e#4529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotROD] Add OTEL instrumentation to customer svc (\u003ca href=\"https://github.com/afzal442\"\u003e\u003ccode\u003e@​afzal442\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4559\"\u003e#4559\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotROD] Replace gRPC instrumentation with OTEL (\u003ca href=\"https://github.com/afzal442\"\u003e\u003ccode\u003e@​afzal442\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4558\"\u003e#4558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotROD]: Upgrade \u003ccode\u003eredis\u003c/code\u003e service to use native OTEL instrumentation (\u003ca href=\"https://github.com/afzal442\"\u003e\u003ccode\u003e@​afzal442\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4533\"\u003e#4533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotROD] Fix OTEL logging in HotRod example (\u003ca href=\"https://github.com/albertteoh\"\u003e\u003ccode\u003e@​albertteoh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4556\"\u003e#4556\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotrod] Reduce span exporter's batch timeout to let the spans be exported sooner (\u003ca href=\"https://github.com/GLVSKiriti\"\u003e\u003ccode\u003e@​GLVSKiriti\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4518\"\u003e#4518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[tracegen] Add options to generate more spans and attributes for additional use cases (\u003ca href=\"https://github.com/yurishkuro\"\u003e\u003ccode\u003e@​yurishkuro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4535\"\u003e#4535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBuild improvement to rebuild jaeger-ui if the tree does not match any tag (\u003ca href=\"https://github.com/bobrik\"\u003e\u003ccode\u003e@​bobrik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4553\"\u003e#4553\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Test] Fixed a race condition causing unit test failure by changing the logging  (\u003ca href=\"https://github.com/yurishkuro\"\u003e\u003ccode\u003e@​yurishkuro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4546\"\u003e#4546\u003c/a\u003e) resolves \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/issues/4497\"\u003e#4497\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eUI Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUI pinned to version \u003ca href=\"https://github.com/jaegertracing/jaeger-ui/blob/main/CHANGELOG.md#v1310-2023-07-05\"\u003e1.31.0\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease v1.46.0\u003c/h2\u003e\n\u003ch3\u003eBackend Changes\u003c/h3\u003e\n\u003ch4\u003e⛔ Breaking Changes\u003c/h4\u003e\n\u003cp\u003eOTLP receiver is now enabled by default (\u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4494\"\u003e#4494\u003c/a\u003e). This change follows the Jaeger's strategic direction of aligning closely with the OpenTelemetry project. This may cause port conflicts if  \u003ccode\u003ejaeger-collector\u003c/code\u003e is depoyed in host network namespace. The original \u003ccode\u003e--collector.otlp.enabled\u003c/code\u003e option is still available and MUST be set to \u003ccode\u003efalse\u003c/code\u003e if OTLP receiver is not desired.\u003c/p\u003e\n\u003ch4\u003eNew Features\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eMake OTLP receiver enabled by default (\u003ca href=\"https://github.com/yurishkuro\"\u003e\u003ccode\u003e@​yurishkuro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4494\"\u003e#4494\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[SPM] Add support for OpenTelemetry SpanMetrics Connector (\u003ca href=\"https://github.com/albertteoh\"\u003e\u003ccode\u003e@​albertteoh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4452\"\u003e#4452\u003c/a\u003e). See \u003ca href=\"https://github.com/jaegertracing/jaeger/blob/main/docker-compose/monitor/README.md#migrating\"\u003eMigration README\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBug fixes, Minor Improvements\u003c/h4\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jaegertracing/jaeger/blob/main/CHANGELOG.md\"\u003egithub.com/jaegertracing/jaeger's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.47.0 (2023-07-05)\u003c/h2\u003e\n\u003ch3\u003eBackend Changes\u003c/h3\u003e\n\u003ch4\u003e⛔ Breaking Changes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e[SPM] Due to a breaking change in OpenTelemetry's prometheus exporter (\u003ca href=\"https://github.com/open-telemetry/opentelemetry-collector-contrib/releases/tag/v0.80.0\"\u003edetails\u003c/a\u003e)\nmetric names will no longer be normalized by default, meaning that the expected metric names would be \u003ccode\u003ecalls\u003c/code\u003e and\n\u003ccode\u003eduration_*\u003c/code\u003e. Backwards compatibility with older OpenTelemetry Collector versions can be achieved through the following flags:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eprometheus.query.normalize-calls\u003c/code\u003e: If true, normalizes the \u0026quot;calls\u0026quot; metric name. e.g. \u0026quot;calls_total\u0026quot;.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eprometheus.query.normalize-duration\u003c/code\u003e: If true, normalizes the \u0026quot;duration\u0026quot; metric name to include the duration units. e.g. \u0026quot;duration_milliseconds_bucket\u0026quot;.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eNew Features\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e[Cassandra] Add Configuration.Close() to ensure TLS cert watcher is closed (\u003ca href=\"https://github.com/kennyaz\"\u003e\u003ccode\u003e@​kennyaz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4515\"\u003e#4515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd *.kerberos.disable-fast-negotiation option to Kafka consumer (\u003ca href=\"https://github.com/pmuls99\"\u003e\u003ccode\u003e@​pmuls99\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4520\"\u003e#4520\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSupport Prometheus normalization for specific metrics related to OpenTelemetry compatibility (\u003ca href=\"https://github.com/albertteoh\"\u003e\u003ccode\u003e@​albertteoh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4555\"\u003e#4555\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBug fixes, Minor Improvements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAdd readme for memstore plugin (\u003ca href=\"https://github.com/yurishkuro\"\u003e\u003ccode\u003e@​yurishkuro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://github.com/jaegertracing/jaeger/commit/283bdd93cbb4a467842625d8eb320722fcb83494\"\u003e283bdd9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ePass a wrapper instead of \u003ccode\u003eopentracing.Tracer\u003c/code\u003e to ease migration to OTEL in the future [part 1] (\u003ca href=\"https://github.com/afzalbin64\"\u003e\u003ccode\u003e@​afzalbin64\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4529\"\u003e#4529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotROD] Add OTEL instrumentation to customer svc (\u003ca href=\"https://github.com/afzal442\"\u003e\u003ccode\u003e@​afzal442\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4559\"\u003e#4559\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotROD] Replace gRPC instrumentation with OTEL (\u003ca href=\"https://github.com/afzal442\"\u003e\u003ccode\u003e@​afzal442\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4558\"\u003e#4558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotROD]: Upgrade \u003ccode\u003eredis\u003c/code\u003e service to use native OTEL instrumentation (\u003ca href=\"https://github.com/afzal442\"\u003e\u003ccode\u003e@​afzal442\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4533\"\u003e#4533\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotROD] Fix OTEL logging in HotRod example (\u003ca href=\"https://github.com/albertteoh\"\u003e\u003ccode\u003e@​albertteoh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4556\"\u003e#4556\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[hotrod] Reduce span exporter's batch timeout to let the spans be exported sooner (\u003ca href=\"https://github.com/GLVSKiriti\"\u003e\u003ccode\u003e@​GLVSKiriti\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4518\"\u003e#4518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[tracegen] Add options to generate more spans and attributes for additional use cases (\u003ca href=\"https://github.com/yurishkuro\"\u003e\u003ccode\u003e@​yurishkuro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4535\"\u003e#4535\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBuild improvement to rebuild jaeger-ui if the tree does not match any tag (\u003ca href=\"https://github.com/bobrik\"\u003e\u003ccode\u003e@​bobrik\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4553\"\u003e#4553\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Test] Fixed a race condition causing unit test failure by changing the logging  (\u003ca href=\"https://github.com/yurishkuro\"\u003e\u003ccode\u003e@​yurishkuro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4546\"\u003e#4546\u003c/a\u003e) resolves \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/issues/4497\"\u003e#4497\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eUI Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUI pinned to version \u003ca href=\"https://github.com/jaegertracing/jaeger-ui/blob/main/CHANGELOG.md#v1310-2023-07-05\"\u003e1.31.0\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.46.0 (2023-06-05)\u003c/h2\u003e\n\u003ch3\u003eBackend Changes\u003c/h3\u003e\n\u003ch4\u003e⛔ Breaking Changes\u003c/h4\u003e\n\u003cp\u003eOTLP receiver is now enabled by default (\u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4494\"\u003e#4494\u003c/a\u003e). This change follows the Jaeger's strategic direction of aligning closely with the OpenTelemetry project. This may cause port conflicts if  \u003ccode\u003ejaeger-collector\u003c/code\u003e is depoyed in host network namespace. The original \u003ccode\u003e--collector.otlp.enabled\u003c/code\u003e option is still available and MUST be set to \u003ccode\u003efalse\u003c/code\u003e if OTLP receiver is not desired.\u003c/p\u003e\n\u003ch4\u003eNew Features\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eMake OTLP receiver enabled by default (\u003ca href=\"https://github.com/yurishkuro\"\u003e\u003ccode\u003e@​yurishkuro\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4494\"\u003e#4494\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[SPM] Add support for OpenTelemetry SpanMetrics Connector (\u003ca href=\"https://github.com/albertteoh\"\u003e\u003ccode\u003e@​albertteoh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jaegertracing/jaeger/pull/4452\"\u003e#4452\u003c/a\u003e). See \u003ca href=\"https://github.com/jaegertracing/jaeger/blob/main/docker-compose/monitor/README.md#migrating\"\u003eMigration README\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBug fixes, Minor Improvements\u003c/h4\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jaegertracing/jaeger/commits/v1.47.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/ClickHouse/ch-go` from 0.47.3 to 0.65.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ClickHouse/ch-go/releases\"\u003egithub.com/ClickHouse/ch-go's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.65.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eperf(compress.writer): allow creating a compress.writer with custom supported methods by \u003ca href=\"https://github.com/pablomatiasgomez\"\u003e\u003ccode\u003e@​pablomatiasgomez\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1039\"\u003eClickHouse/ch-go#1039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eperf(compressor): reduce memory by using new compression code by \u003ca href=\"https://github.com/SpencerTorres\"\u003e\u003ccode\u003e@​SpencerTorres\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1040\"\u003eClickHouse/ch-go#1040\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(compressor): fixing an overflow that could potentially smuggle query in from data by \u003ca href=\"https://github.com/santrancisco\"\u003e\u003ccode\u003e@​santrancisco\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1041\"\u003eClickHouse/ch-go#1041\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBreaking change if you were manually using the \u003ccode\u003eWriter\u003c/code\u003e from the \u003ccode\u003ecompress\u003c/code\u003e package.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pablomatiasgomez\"\u003e\u003ccode\u003e@​pablomatiasgomez\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1039\"\u003eClickHouse/ch-go#1039\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/santrancisco\"\u003e\u003ccode\u003e@​santrancisco\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1041\"\u003eClickHouse/ch-go#1041\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ClickHouse/ch-go/compare/v0.64.1...v0.65.0\"\u003ehttps://github.com/ClickHouse/ch-go/compare/v0.64.1...v0.65.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.64.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: add LowCardinality(String) example by \u003ca href=\"https://github.com/ernado\"\u003e\u003ccode\u003e@​ernado\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1036\"\u003eClickHouse/ch-go#1036\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: expose underlying string column for json by \u003ca href=\"https://github.com/SpencerTorres\"\u003e\u003ccode\u003e@​SpencerTorres\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1037\"\u003eClickHouse/ch-go#1037\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ClickHouse/ch-go/compare/v0.64.0...v0.64.1\"\u003ehttps://github.com/ClickHouse/ch-go/compare/v0.64.0...v0.64.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.64.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: upd version list by \u003ca href=\"https://github.com/ernado\"\u003e\u003ccode\u003e@​ernado\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/938\"\u003eClickHouse/ch-go#938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: col_datetime add appendraw method by \u003ca href=\"https://github.com/lzf575\"\u003e\u003ccode\u003e@​lzf575\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/957\"\u003eClickHouse/ch-go#957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: update version list by \u003ca href=\"https://github.com/ernado\"\u003e\u003ccode\u003e@​ernado\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1035\"\u003eClickHouse/ch-go#1035\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: json string column by \u003ca href=\"https://github.com/SpencerTorres\"\u003e\u003ccode\u003e@​SpencerTorres\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1034\"\u003eClickHouse/ch-go#1034\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lzf575\"\u003e\u003ccode\u003e@​lzf575\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/957\"\u003eClickHouse/ch-go#957\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SpencerTorres\"\u003e\u003ccode\u003e@​SpencerTorres\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/1034\"\u003eClickHouse/ch-go#1034\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ClickHouse/ch-go/compare/v0.63.1...v0.64.0\"\u003ehttps://github.com/ClickHouse/ch-go/compare/v0.63.1...v0.64.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.63.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(proto): properly handle \u003ccode\u003eEnum8\u003c/code\u003e and \u003ccode\u003eEnum8(...)\u003c/code\u003e in conflicts checker by \u003ca href=\"https://github.com/tdakkota\"\u003e\u003ccode\u003e@​tdakkota\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/pull/438\"\u003eClickHouse/ch-go#438\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ClickHouse/ch-go/compare/v0.63.0...v0.63.1\"\u003ehttps://github.com/ClickHouse/ch-go/compare/v0.63.0...v0.63.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/0e835663df32b09b828528c07a5507686e6d975e\"\u003e\u003ccode\u003e0e83566\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/issues/1041\"\u003e#1041\u003c/a\u003e from ClickHouse/fix_potential_overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/b64209fc5e8ddc3220b78e352c21d667a8e633f0\"\u003e\u003ccode\u003eb64209f\u003c/code\u003e\u003c/a\u003e refactor: simplify overflow check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/05fba0ab7c1a07a029128507a82c114410bacfbe\"\u003e\u003ccode\u003e05fba0a\u003c/code\u003e\u003c/a\u003e fix(security): overflow that could smuggle query\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/aadb7ee466420d129b25a23755dfdc0527edbb47\"\u003e\u003ccode\u003eaadb7ee\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/issues/1040\"\u003e#1040\u003c/a\u003e from ClickHouse/compressor_etc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/65a3012cbddbe31df00270c3ef32b4a81b908654\"\u003e\u003ccode\u003e65a3012\u003c/code\u003e\u003c/a\u003e perf(compressor): use new compression code, refactor/optimize\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/4cdb83a7871f7b52527a32012e17422a9a4d1955\"\u003e\u003ccode\u003e4cdb83a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ClickHouse/ch-go/issues/1039\"\u003e#1039\u003c/a\u003e from pablomatiasgomez/allow-creating-compressor-with...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/b9258c079e6ff8f83420a2377ad55e493ef72d78\"\u003e\u003ccode\u003eb9258c0\u003c/code\u003e\u003c/a\u003e perf(compress.writer): revert back to ifs in NewWriterWithMethods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/743c9d73a26ee42d7602e33637b635b4bd107058\"\u003e\u003ccode\u003e743c9d7\u003c/code\u003e\u003c/a\u003e perf(compress.writer): use %s instead of %v\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/b26ebf40672f968c7cd2035675d995e7a1399ada\"\u003e\u003ccode\u003eb26ebf4\u003c/code\u003e\u003c/a\u003e perf(compress.writer): revert nil check and use fixed length array\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ClickHouse/ch-go/commit/1d4ba4793a008d5daca14a199351902018a4c80a\"\u003e\u003ccode\u003e1d4ba47\u003c/code\u003e\u003c/a\u003e perf(compress.writer): remove methods map and instaed do nil check\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ClickHouse/ch-go/compare/v0.47.3...v0.65.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/containerd/containerd` from 1.5.0-beta.4 to 1.6.38\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/containerd/containerd/releases\"\u003egithub.com/containerd/containerd's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003econtainerd 1.6.38\u003c/h2\u003e\n\u003cp\u003eWelcome to the v1.6.38 release of containerd!\u003c/p\u003e\n\u003cp\u003eThe thirty-eighth patch release for containerd 1.6 contains various fixes\nand updates.\u003c/p\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix integer overflow in User ID handling (\u003ca href=\"https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg\"\u003eGHSA-265r-hfxg-fhmg\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eContainer Runtime Interface (CRI)\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix fatal map concurrency error in httpstream (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11319\"\u003e#11319\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease try out the release binaries and report any issues at\n\u003ca href=\"https://github.com/containerd/containerd/issues\"\u003ehttps://github.com/containerd/containerd/issues\u003c/a\u003e.\u003c/p\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJin Dong\u003c/li\u003e\n\u003cli\u003eAkhil Mohan\u003c/li\u003e\n\u003cli\u003eDerek McGowan\u003c/li\u003e\n\u003cli\u003ePhil Estes\u003c/li\u003e\n\u003cli\u003eAkihiro Suda\u003c/li\u003e\n\u003cli\u003eCraig Ingram\u003c/li\u003e\n\u003cli\u003eKohei Tokunaga\u003c/li\u003e\n\u003cli\u003eMaksym Pavlenko\u003c/li\u003e\n\u003cli\u003eSamuel Karp\u003c/li\u003e\n\u003cli\u003eningmingxiao\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a\"\u003e\u003ccode\u003ecf158e884\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f\"\u003e\u003ccode\u003e9639b9625\u003c/code\u003e\u003c/a\u003e validate uid/gid\u003c/li\u003e\n\u003cli\u003ePrepare release notes for v1.6.38 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11539\"\u003e#11539\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/eee34bac2c401b3e4381594e99f6220bf8258c9c\"\u003e\u003ccode\u003eeee34bac2\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.6.38\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate build to go1.23.7, test go1.24.1 (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11421\"\u003e#11421\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/b67a35baf0a97c87033f1a6c9bdf97630fe4e9e8\"\u003e\u003ccode\u003eb67a35baf\u003c/code\u003e\u003c/a\u003e move exclude-dirs to issues.exclude-dirs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2104a41efece4a12a34e03f00d780e905b95b5a5\"\u003e\u003ccode\u003e2104a41ef\u003c/code\u003e\u003c/a\u003e update golangci-lint to 1.60.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/820e81adccbf3819d282a6597db98bd4df49c12c\"\u003e\u003ccode\u003e820e81adc\u003c/code\u003e\u003c/a\u003e update build to go1.23.7, test go1.24.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove hashicorp/go-multierror dependency and fix CI (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11500\"\u003e#11500\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7cc3b3dcec509f1ce2e5d52887520baa48201c54\"\u003e\u003ccode\u003e7cc3b3dce\u003c/code\u003e\u003c/a\u003e e2e: use the shim bundled with containerd artifact\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/0733895f3de3df51fe4e14563ee94a98df1be8dd\"\u003e\u003ccode\u003e0733895f3\u003c/code\u003e\u003c/a\u003e Remove unnecessary joinError unwrap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/054c4cc79c929eecfb9724fd1c3e9f13a4cd5701\"\u003e\u003ccode\u003e054c4cc79\u003c/code\u003e\u003c/a\u003e Remove hashicorp/go-multierror\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/ff21be0ee8b274c05a542a096c1042ef63857f09\"\u003e\u003ccode\u003eff21be0ee\u003c/code\u003e\u003c/a\u003e Update go to 1.20 to use its multi error support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/f63b5fd3f9b4b809d94d4a3053c4d76a7753072c\"\u003e\u003ccode\u003ef63b5fd3f\u003c/code\u003e\u003c/a\u003e update containerd/project-checks to 1.2.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix fatal map concurrency error in httpstream (\u003ca href=\"https://redirect.github.com/containerd/containerd/pull/11319\"\u003e#11319\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/abd1692cf27bcff4590207bdd8a827b06657c446\"\u003e\u003ccode\u003eabd1692cf\u003c/code\u003e\u003c/a\u003e fix fatal error: concurrent map iteration and map write\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a\"\u003e\u003ccode\u003ecf158e8\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/e0c4dd99038f01a6dbc4befbfb1fd6aae428a07e\"\u003e\u003ccode\u003ee0c4dd9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/11539\"\u003e#11539\u003c/a\u003e from dmcgowan/prepare-1.6.38\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/eee34bac2c401b3e4381594e99f6220bf8258c9c\"\u003e\u003ccode\u003eeee34ba\u003c/code\u003e\u003c/a\u003e Prepare release notes for v1.6.38\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f\"\u003e\u003ccode\u003e9639b96\u003c/code\u003e\u003c/a\u003e validate uid/gid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7b54421bc71c5d3787ba56d7617fcc13a3f213a7\"\u003e\u003ccode\u003e7b54421\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/11421\"\u003e#11421\u003c/a\u003e from akhilerm/1.6-update-go1.24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/b67a35baf0a97c87033f1a6c9bdf97630fe4e9e8\"\u003e\u003ccode\u003eb67a35b\u003c/code\u003e\u003c/a\u003e move exclude-dirs to issues.exclude-dirs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/2104a41efece4a12a34e03f00d780e905b95b5a5\"\u003e\u003ccode\u003e2104a41\u003c/code\u003e\u003c/a\u003e update golangci-lint to 1.60.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/820e81adccbf3819d282a6597db98bd4df49c12c\"\u003e\u003ccode\u003e820e81a\u003c/code\u003e\u003c/a\u003e update build to go1.23.7, test go1.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/176129f846a6ac4c238a752699d2cfbcf72dcdff\"\u003e\u003ccode\u003e176129f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/containerd/containerd/issues/11500\"\u003e#11500\u003c/a\u003e from djdongjin/1-6-remove-hashi-multierror\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/containerd/containerd/commit/7cc3b3dcec509f1ce2e5d52887520baa48201c54\"\u003e\u003ccode\u003e7cc3b3d\u003c/code\u003e\u003c/a\u003e e2e: use the shim bundled with containerd artifact\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/containerd/containerd/compare/v1.5.0-beta.4...v1.6.38\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker` from 20.10.7+incompatible to 28.0.0+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/docker/releases\"\u003egithub.com/docker/docker's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev28.0.0\u003c/h2\u003e\n\u003ch1\u003e28.0.0\u003c/h1\u003e\n\u003cp\u003eFor a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.0.0\"\u003edocker/cli, 28.0.0 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.0.0\"\u003emoby/moby, 28.0.0 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecated and removed features, see \u003ca href=\"https://github.com/docker/cli/blob/v28.0.0/docs/deprecated.md\"\u003eDeprecated Features\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eChanges to the Engine API, see \u003ca href=\"https://github.com/moby/moby/blob/v28.0.0/docs/api/version-history.md\"\u003eAPI version history\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ability to mount an image inside a container via \u003ccode\u003e--mount type=image\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48798\"\u003emoby/moby#48798\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eYou can also specify \u003ccode\u003e--mount type=image,image-subpath=[subpath],...\u003c/code\u003e option to mount a specific path from the image. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5755\"\u003edocker/cli#5755\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker images --tree\u003c/code\u003e now shows metadata badges. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5744\"\u003edocker/cli#5744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker load\u003c/code\u003e, \u003ccode\u003edocker save\u003c/code\u003e, and \u003ccode\u003edocker history\u003c/code\u003e now support a \u003ccode\u003e--platform\u003c/code\u003e flag allowing you to choose a specific platform for single-platform operations on multi-platform images. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5331\"\u003edocker/cli#5331\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eOOMScoreAdj\u003c/code\u003e to \u003ccode\u003edocker service create\u003c/code\u003e and \u003ccode\u003edocker stack\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5145\"\u003edocker/cli#5145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker buildx prune\u003c/code\u003e now supports \u003ccode\u003ereserved-space\u003c/code\u003e, \u003ccode\u003emax-used-space\u003c/code\u003e, \u003ccode\u003emin-free-space\u003c/code\u003e and \u003ccode\u003ekeep-bytes\u003c/code\u003e filters. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48720\"\u003emoby/moby#48720\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWindows: Add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47955\"\u003emoby/moby#47955\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNetworking\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edocker-proxy\u003c/code\u003e binary has been updated, older versions will not work with the updated \u003ccode\u003edockerd\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48132\"\u003emoby/moby#48132\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eClose a window in which the userland proxy (\u003ccode\u003edocker-proxy\u003c/code\u003e) could accept TCP connections, that would then fail after \u003ccode\u003eiptables\u003c/code\u003e NAT rules were set up.\u003c/li\u003e\n\u003cli\u003eThe executable \u003ccode\u003erootlesskit-docker-proxy\u003c/code\u003e is no longer used, it has been removed from the build and distribution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDNS nameservers read from the host's \u003ccode\u003e/etc/resolv.conf\u003c/code\u003e are now always accessed from the host's network namespace. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48290\"\u003emoby/moby#48290\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eWhen the host's \u003ccode\u003e/etc/resolv.conf\u003c/code\u003e contains no nameservers and there are no \u003ccode\u003e--dns\u003c/code\u003e overrides, Google's DNS servers are no longer used, apart from by the default bridge network and in build containers.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eContainer interfaces in bridge and macvlan networks now use randomly generated MAC addresses. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48808\"\u003emoby/moby#48808\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eGratuitous ARP / Neighbour Advertisement messages will be sent when the interfaces are started so that, when IP addresses are reused, they're associated with the newly generated MAC address.\u003c/li\u003e\n\u003cli\u003eIPv6 addresses in the default bridge network are now IPAM-assigned, rather than being derived from the MAC address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eThe deprecated OCI \u003ccode\u003eprestart\u003c/code\u003e hook is now only used by build containers. For other containers, network interfaces are added to the network namespace after task creation is complete, before the container task is started. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47406\"\u003emoby/moby#47406\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a new \u003ccode\u003egw-priority\u003c/code\u003e option to \u003ccode\u003edocker run\u003c/code\u003e, \u003ccode\u003edocker container create\u003c/code\u003e, and \u003ccode\u003edocker network connect\u003c/code\u003e. This option will be used by the Engine to determine which network provides the default gateway for a container. On \u003ccode\u003edocker run\u003c/code\u003e, this option is only available through the extended \u003ccode\u003e--network\u003c/code\u003e syntax. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5664\"\u003edocker/cli#5664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a new netlabel \u003ccode\u003ecom.docker.network.endpoint.ifname\u003c/code\u003e to customize the interface name used when connecting a container to a network. It's supported by all built-in network drivers on Linux. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49155\"\u003emoby/moby#49155\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eWhen a container is created with multiple networks specified, there's no guarantee on the order networks will be connected to the container. So, if a custom interface name uses the same prefix as the auto-generated names, for example \u003ccode\u003eeth\u003c/code\u003e, the container might fail to start.\u003c/li\u003e\n\u003cli\u003eThe recommended practice is to use a different prefix, for example \u003ccode\u003een0\u003c/code\u003e, or a numerical suffix high enough to never collide, for example \u003ccode\u003eeth100\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThis label can be specified on \u003ccode\u003edocker network connect\u003c/code\u003e via the \u003ccode\u003e--driver-opt\u003c/code\u003e flag, for example \u003ccode\u003edocker network connect --driver-opt=com.docker.network.endpoint.ifname=foobar …\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eOr via the long-form \u003ccode\u003e--network\u003c/code\u003e flag on \u003ccode\u003edocker run\u003c/code\u003e, for example \u003ccode\u003edocker run --network=name=bridge,driver-opt=com.docker.network.endpoint.ifname=foobar …\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eIf a custom network driver reports capability \u003ccode\u003eGwAllocChecker\u003c/code\u003e then, before a network is created, it will get a \u003ccode\u003eGwAllocCheckerRequest\u003c/code\u003e with the network's options. The custom driver may then reply that no gateway IP address should be allocated. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49372\"\u003emoby/moby#49372\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePort publishing in bridge networks\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003edockerd\u003c/code\u003e now requires \u003ccode\u003eipset\u003c/code\u003e support in the Linux kernel. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48596\"\u003emoby/moby#48596\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eiptables\u003c/code\u003e and \u003ccode\u003eip6tables\u003c/code\u003e rules used to implement port publishing and network isolation have been extensively modified. This enables some of the following functional changes, and is a first step in refactoring to enable native \u003ccode\u003enftables\u003c/code\u003e support in a future release. \u003ca href=\"https://redirect.github.com/moby/moby/issues/48815\"\u003emoby/moby#48815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf it becomes necessary to downgrade to an earlier version of the daemon, some manual cleanup of the new rules will be necessary. The simplest and surest approach is to reboot the host, or use \u003ccode\u003eiptables -F\u003c/code\u003e and \u003ccode\u003eip6tables -F\u003c/code\u003e to flush all existing \u003ccode\u003eiptables\u003c/code\u003e rules from the \u003ccode\u003efilter\u003c/code\u003e table before starting the older version of the daemon. When that is not possible, run the following commands as root:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eiptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eiptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -j DOCKER; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -j DOCKER\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eIf you were previously running with the iptables filter-FORWARD policy set to \u003ccode\u003eACCEPT\u003c/code\u003e and need to restore access to unpublished ports, also delete per-bridge-network rules from the \u003ccode\u003eDOCKER\u003c/code\u003e chains. For example, \u003ccode\u003eiptables -D DOCKER ! -i docker0 -o docker0 -j DROP\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix a security issue that was allowing remote hosts to connect directly to a container on its published ports. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49325\"\u003emoby/moby#49325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a security issue that was allowing neighbor hosts to connect to ports mapped on a loopback address. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49325\"\u003emoby/moby#49325\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/af898abe44662d9554fb15ee4d4a7307f1b8e315\"\u003e\u003ccode\u003eaf898ab\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49495\"\u003e#49495\u003c/a\u003e from vvoland/update-buildkit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/d67f035d31bab71be3ae7dcaacba41f5a98aad11\"\u003e\u003ccode\u003ed67f035\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/buildkit v0.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/00ab386b5a2ebcf85b6a03b800f593c3a140c6a8\"\u003e\u003ccode\u003e00ab386\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49491\"\u003e#49491\u003c/a\u003e from vvoland/update-buildkit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/1fde8c46159cb41f584c01551f83cc21ecf924d9\"\u003e\u003ccode\u003e1fde8c4\u003c/code\u003e\u003c/a\u003e builder-next: fix cdi manager\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/cde9f0752e9c9f63b459e0247ff7df0b35488af3\"\u003e\u003ccode\u003ecde9f07\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/buildkit v0.20.0-rc3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/89e1429b65f194b25fe2e31088a4c4e69a651a47\"\u003e\u003ccode\u003e89e1429\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49490\"\u003e#49490\u003c/a\u003e from thaJeztah/dockerfile_linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/b2b55903d0bb54e11bfe22204c1e0b73627943eb\"\u003e\u003ccode\u003eb2b5590\u003c/code\u003e\u003c/a\u003e Dockerfile: fix linting warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/62bc5979908f152a8929ce44927cbdd929bf53ea\"\u003e\u003ccode\u003e62bc597\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49480\"\u003e#49480\u003c/a\u003e from thaJeztah/docs_api_1.48\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/670cd81423932b3e9103f0893c5d5e63a079ae58\"\u003e\u003ccode\u003e670cd81\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49485\"\u003e#49485\u003c/a\u003e from vvoland/c8d-list-panic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/a3628f3f8e806ede250e2c95f6757070c9fb56e4\"\u003e\u003ccode\u003ea3628f3\u003c/code\u003e\u003c/a\u003e docs/api: add documentation for API v1.48\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker/compare/v20.10.7...v28.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/image-spec` from 1.0.1 to 1.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/image-spec/releases\"\u003egithub.com/opencontainers/image-spec's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.0\u003c/h2\u003e\n\u003cp\u003eVote Passed  \u003ccode\u003e[+7-0]\u003c/code\u003e  - \u003ca href=\"https://groups.google.com/a/opencontainers.org/g/dev/c/Cnk6H9C4aag\"\u003ehttps://groups.google.com/a/opencontainers.org/g/dev/c/Cnk6H9C4aag\u003c/a\u003e\n\u003cstrong\u003eRelease PR\u003c/strong\u003e : \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/pull/1161\"\u003eopencontainers/image-spec#1161\u003c/a\u003e\n\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/opencontainers/image-spec/compare/v1.0.2...v1.1.0\"\u003ehttps://github.com/opencontainers/image-spec/compare/v1.0.2...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eAssociated Distribution Specification Release - \u003ca href=\"https://github.com/opencontainers/distribution-spec/releases/tag/v1.1.0\"\u003ehttps://github.com/opencontainers/distribution-spec/releases/tag/v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0-rc6\u003c/h2\u003e\n\u003cp\u003eVote passed [+6 -0] - \u003ca href=\"https://groups.google.com/a/opencontainers.org/g/dev/c/HOxZlfhr9-o\"\u003ehttps://groups.google.com/a/opencontainers.org/g/dev/c/HOxZlfhr9-o\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eFor changeset and diff please see - \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/pull/1157\"\u003eopencontainers/image-spec#1157\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0-rc5\u003c/h2\u003e\n\u003cp\u003eFor changeset and diff please see - \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/pull/1109\"\u003eopencontainers/image-spec#1109\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eVote - \u003ca href=\"https://groups.google.com/a/opencontainers.org/g/dev/c/KIwyzExcjZ8\"\u003ehttps://groups.google.com/a/opencontainers.org/g/dev/c/KIwyzExcjZ8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0-rc4\u003c/h2\u003e\n\u003cp\u003eVote passed [+6 -0]: \u003ca href=\"https://groups.google.com/a/opencontainers.org/g/dev/c/gPgzESGb7xs\"\u003ehttps://groups.google.com/a/opencontainers.org/g/dev/c/gPgzESGb7xs\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eFor changeset and diff please see  - \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/pull/1080\"\u003eopencontainers/image-spec#1080\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.0-rc3\u003c/h2\u003e\n\u003cp\u003eVote passed [+6 -0]: \u003ca href=\"https://groups.google.com/a/opencontainers.org/g/dev/c/ZUza21145X0\"\u003ehttps://groups.google.com/a/opencontainers.org/g/dev/c/ZUza21145X0\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/opencontainers/image-spec/pull/1049\"\u003eopencontainers/image-spec#1049\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eNote: This is a duplicate of v1.1.0-rc.3 because of semver ordering (rc.3 \u0026lt; rc1 \u0026lt; rc2).\u003c/p\u003e\n\u003ch2\u003ev1.1.0-rc2\u003c/h2\u003e\n\u003cp\u003eVote PASSED [+5 -0 \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/2\"\u003e#2\u003c/a\u003e]: \u003ca href=\"https://groups.google.com/a/opencontainers.org/g/dev/c/0CIPCfr4TCk\"\u003ehttps://groups.google.com/a/opencontainers.org/g/dev/c/0CIPCfr4TCk\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eFull Changeset since v1.1.0-rc2: \u003ca href=\"https://github.com/opencontainers/image-spec/compare/v1.1.0-rc1...19a74bcb54ba211005a68d85c6b359c2947721ce\"\u003e\u003ccode\u003ev1.1.0-rc1...19a74bcb\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003ePRs included since \u003ccode\u003ev1.1.0-rc1\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/956\"\u003e#956\u003c/a\u003e docs: Update release process docs with checklist\n\u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/953\"\u003e#953\u003c/a\u003e Release 1.1.0 rc1\n\u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/950\"\u003e#950\u003c/a\u003e Rename refers field to subject\n\u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/945\"\u003e#945\u003c/a\u003e Fix whitespace consistency in config.md\u003c/p\u003e\n\u003ch2\u003ev1.1.0-rc1\u003c/h2\u003e\n\u003cp\u003eVote PASSED [+5 -0 \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/2\"\u003e#2\u003c/a\u003e]: \u003ca href=\"https://groups.google.com/a/opencontainers.org/g/dev/c/O5L0lkhblkc\"\u003ehttps://groups.google.com/a/opencontainers.org/g/dev/c/O5L0lkhblkc\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eFull Changeset since v1.0.2: \u003ca href=\"https://github.com/opencontainers/image-spec/compare/67d2d56..4728b6e\"\u003e\u003ccode\u003e67d2d56..4728b6e\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/e7f7c0ca69b21688c3cea7c87a04e4503e6099e2\"\u003e\u003ccode\u003ee7f7c0c\u003c/code\u003e\u003c/a\u003e version: release v1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/365fa41472a19107b0b4cbc17e141a9b97f9b66e\"\u003e\u003ccode\u003e365fa41\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/1160\"\u003e#1160\u003c/a\u003e from sudo-bmitch/pr-subject-dag-association\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/d0f90e68158b19ec241969d87200a1ec268c4df6\"\u003e\u003ccode\u003ed0f90e6\u003c/code\u003e\u003c/a\u003e Clarify that subject references a separate DAG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/970322241ad9c8868d15e6859c9b446ad06b944d\"\u003e\u003ccode\u003e9703222\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/1157\"\u003e#1157\u003c/a\u003e from sudo-bmitch/pr-v1.1.0-rc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/8b1e95119ad3e65671a5a83fdd655d39d20ee258\"\u003e\u003ccode\u003e8b1e951\u003c/code\u003e\u003c/a\u003e version: bump back to +dev\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/6c2b5fafa0731a97aad0c2a68bac238d6c98c690\"\u003e\u003ccode\u003e6c2b5fa\u003c/code\u003e\u003c/a\u003e version: release v1.1.0-rc6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/56fb7838abe52ee259e37ece4b314c08bd45997f\"\u003e\u003ccode\u003e56fb783\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/1107\"\u003e#1107\u003c/a\u003e from sudo-bmitch/pr-release-notice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/a6d741a9fbd300ab2bce113d410e0352f3cccae5\"\u003e\u003ccode\u003ea6d741a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/1148\"\u003e#1148\u003c/a\u003e from dejanu/update_oci_implementations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/53d9855e2a6ab3259cecee5c65fc89299eaaf8f1\"\u003e\u003ccode\u003e53d9855\u003c/code\u003e\u003c/a\u003e new section for projects no longer maintained\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/ceeb2eba078e8b630f5ee62df2e92323fb521f0e\"\u003e\u003ccode\u003eceeb2eb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/1114\"\u003e#1114\u003c/a\u003e from sudo-bmitch/pr-go-1.21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/opencontainers/image-spec/compare/v1.0.1...v1.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.0.0-20221002022538-bcab6841153b to 0.26.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/commits/v0.26.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.3.7 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/9c2f3a21352d1ff4e47776534e3f334b39ec0183\"\u003e\u003ccode\u003e9c2f3a2\u003c/code\u003e\u003c/a\u003e cmd/gotext: fix segfault in extract \u0026amp; rewrite commands\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/59e1219a5f3786e7011dc4816d0dbb09fee91bc8\"\u003e\u003ccode\u003e59e1219\u003c/code\u003e\u003c/a\u003e message: optimize lookupAndFormat function for better performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/a20a3e249605cda389f7039e0fccaabf709c47b3\"\u003e\u003ccode\u003ea20a3e2\u003c/code\u003e\u003c/a\u003e x/text: update x/tools for go/ssa range-over-func fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/8d533a0c40adec778a7d09ac6c8aa640d3c883f4\"\u003e\u003ccode\u003e8d533a0\u003c/code\u003e\u003c/a\u003e encoding/charmap: update UCM spec file URL prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/6c97a165dd661335ff7bce6104a008558123c353\"\u003e\u003ccode\u003e6c97a16\u003c/code\u003e\u003c/a\u003e all: update go directive to 1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f488e191e67ed95a5b9b7b39024e5a5f5f1ffd02\"\u003e\u003ccode\u003ef488e19\u003c/code\u003e\u003c/a\u003e unicode/norm: fix function name on comment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/fb697c0580b4b6ab0a21ca17e64788b981fb6018\"\u003e\u003ccode\u003efb697c0\u003c/code\u003e\u003c/a\u003e cmd/gotext: actually use -dir flag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f3e69ed4a8ab60c16ae76f4ddb08f2726b0a9428\"\u003e\u003ccode\u003ef3e69ed\u003c/code\u003e\u003c/a\u003e cmd/gotext: fix misbehaviors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/ab07ad1b65bc4cdc738e747f7569a3795d2e60ec\"\u003e\u003ccode\u003eab07ad1\u003c/code\u003e\u003c/a\u003e all: remove repetitive words\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e50348080f29449bcd6808c11400b3d45f08b09d\"\u003e\u003ccode\u003ee503480\u003c/code\u003e\u003c/a\u003e encoding/japanese, language: shorten very long sub-test names\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/text/compare/v0.3.7...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.50.0 to 1.59.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.59.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer: grpc will switch to case-sensitive balancer names soon; log a warning if a capital letter is encountered in an LB policy name (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6647\"\u003e#6647\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eserver: allow applications to send arbitrary data in the \u003ccode\u003egrpc-status-details-bin\u003c/code\u003e trailer (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6662\"\u003e#6662\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: validate \u003ccode\u003egrpc-status-details-bin\u003c/code\u003e trailer and pass through the trailer to the application directly (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6662\"\u003e#6662\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003etap (experimental): Add Header metadata to tap handler (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6652\"\u003e#6652\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/pstibrany\"\u003e\u003ccode\u003e@​pstibrany\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003egrpc: channel idleness enabled by default with an \u003ccode\u003eidle_timeout\u003c/code\u003e of \u003ccode\u003e30m\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6585\"\u003e#6585\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eDocumentation\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eexamples: add an example of flow control behavior (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6648\"\u003e#6648\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: fix hash policy header to skip \u0026quot;-bin\u0026quot; headers and read content-type header as expected (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6609\"\u003e#6609\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.58.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eserver: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)\u003c/p\u003e\n\u003cp\u003eIn addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.58.2\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ebalancer/weighted_round_robin: fix ticker leak on update\u003c/p\u003e\n\u003cp\u003eA new ticker is created every time there is an update of addresses or configuration, but was not properly stopped.  This change stops the ticker when it is no longer needed.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.58.1\u003c/h2\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003egrpc: fix a bug that was decrementing active RPC count too early for streaming RPCs; leading to channel moving to IDLE even though it had open streams\u003c/li\u003e\n\u003cli\u003egrpc: fix a bug where transports were not being closed upon channel entering IDLE\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.58.0\u003c/h2\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cp\u003eSee \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6472\"\u003e#6472\u003c/a\u003e for details about these changes.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebalancer: add \u003ccode\u003eStateListener\u003c/code\u003e to \u003ccode\u003eNewSubConnOptions\u003c/code\u003e for \u003ccode\u003eSubConn\u003c/code\u003e state updates and deprecate \u003ccode\u003eBalancer.UpdateSubConnState\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6481\"\u003e#6481\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eUpdateSubConnState\u003c/code\u003e will be deleted in the future.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003ebalancer: add \u003ccode\u003eSubConn.Shutdown\u003c/code\u003e and deprecate \u003ccode\u003eBalancer.RemoveSubConn\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6493\"\u003e#6493\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eRemoveSubConn\u003c/code\u003e will be deleted in the future.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/7765221f4bf6104973db7946d56936cf838cad46\"\u003e\u003ccode\u003e7765221\u003c/code\u003e\u003c/a\u003e Change version to 1.59.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6695\"\u003e#6695\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e88f12e0517d465cb892ef58e1debf10b4e5607f\"\u003e\u003ccode\u003ee88f12e\u003c/code\u003e\u003c/a\u003e server: prohibit more than MaxConcurrentStreams handlers from running at once...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/be7919c3dc3c26f54489c778af7bbfea608ad9bc\"\u003e\u003ccode\u003ebe7919c\u003c/code\u003e\u003c/a\u003e transport: Pass Header metadata to tap handle. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6652\"\u003e#6652\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/e3f1514cdb8fcbcacc30b53473042dbb40a54791\"\u003e\u003ccode\u003ee3f1514\u003c/code\u003e\u003c/a\u003e Reapply \u0026quot;status: fix/improve status handling (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6662\"\u003e#6662\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6673\"\u003e#6673\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6688\"\u003e#6688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/696faa982cdc0914929a64848a8ff3bf7a924166\"\u003e\u003ccode\u003e696faa9\u003c/code\u003e\u003c/a\u003e client: add a test for NewSubConn / StateListener / cc.Close racing (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6678\"\u003e#6678\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/318c717a659ec55a2f92e1c84313153dd278bf55\"\u003e\u003ccode\u003e318c717\u003c/code\u003e\u003c/a\u003e readme: fix badges (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6687\"\u003e#6687\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/39972fdd744873a2b829ab98962ab0e85800d591\"\u003e\u003ccode\u003e39972fd\u003c/code\u003e\u003c/a\u003e github: add code coverage with codecov.io (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6676\"\u003e#6676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/93dbc059f561340a14aeb96ea2925b9a669c5673\"\u003e\u003ccode\u003e93dbc05\u003c/code\u003e\u003c/a\u003e xds: move virtual host matcher test to the xdsresource package (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6680\"\u003e#6680\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/2c00469782f1dd8c7456dcc7238a957781246e84\"\u003e\u003ccode\u003e2c00469\u003c/code\u003e\u003c/a\u003e github: update actions/setup-go and actions/checkout (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6675\"\u003e#6675\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/1f73ed5fcf75b3e464c83ab17fc73144e2161620\"\u003e\u003ccode\u003e1f73ed5\u003c/code\u003e\u003c/a\u003e Replace the gRFC pull request with the permanent link. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6674\"\u003e#6674\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.50.0...v1.59.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/protobuf` from 1.28.1 to 1.33.0\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/DarkWanderer/jaeger-clickhouse/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/DarkWanderer/jaeger-clickhouse/pull/32","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/DarkWanderer%2Fjaeger-clickhouse/issues/32","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/32/packages"}},{"old_version":"2.6.0-rc.1.0.20170726174610-edc3ab29cdff+incompatible","new_version":"2.8.2-beta.1+incompatible","update_type":"minor","path":null,"pr_created_at":"2025-08-28T14:08:57.000Z","version_change":"2.6.0-rc.1.0.20170726174610-edc3ab29cdff+incompatible → 2.8.2-beta.1+incompatible","issue":{"uuid":"2781917214","node_id":"PR_kwDONAkL-c6l0LAe","number":1,"state":"open","title":"Bump the go_modules group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-28T14:08:57.000Z","updated_at":"2025-08-28T14:08:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":3,"packages":[{"name":"github.com/docker/distribution","old_version":"2.6.0-rc.1.0.20170726174610-edc3ab29cdff+incompatible","new_version":"2.8.2-beta.1+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/prometheus/client_golang","old_version":"1.10.0","new_version":"1.11.1","repository_url":"https://github.com/prometheus/client_golang"},{"name":"google.golang.org/grpc","old_version":"1.38.0","new_version":"1.56.3","repository_url":"https://github.com/grpc/grpc-go"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 3 updates in the / directory: [github.com/docker/distribution](https://github.com/docker/distribution), [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) and [google.golang.org/grpc](https://github.com/grpc/grpc-go).\n\nUpdates `github.com/docker/distribution` from 2.6.0-rc.1.0.20170726174610-edc3ab29cdff+incompatible to 2.8.2-beta.1+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003cp\u003eThere have been no changes made in the released binaries other than the bump of the Go runtime.\u003c/p\u003e\n\u003cp\u003eSee the changelog below for a full list of changes.\u003c/p\u003e\n\u003ch3\u003eCI\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eci: use proper git ref for versioning \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3595\"\u003e#3595\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGo: make Go version explicit and pin it to the latest 1.16 release \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3604\"\u003e#3604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eContributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCrazyMax\u003c/li\u003e\n\u003cli\u003eMilos Gajdos\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/96cc1fdb3cab99df352d6cea3d87e104f0ad8520\"\u003e\u003ccode\u003e96cc1fdb\u003c/code\u003e\u003c/a\u003e FIx typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e744906f090d3fd828984253a3dda07db307e7ca\"\u003e\u003ccode\u003ee744906f\u003c/code\u003e\u003c/a\u003e Update 2.8.1. release notes\u003c/li\u003e\n\u003cli\u003ePrepare for v2.8.1 release (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3596\"\u003e#3596\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/6736d1881aefeea97d0ed7330721821c7cae37a8\"\u003e\u003ccode\u003e6736d188\u003c/code\u003e\u003c/a\u003e Prepare for v2.8.1 release\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e[2.8 backport] ci: use proper git ref for versioning (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3595\"\u003e#3595\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/80acbdf0a2e282750c608e452ce4ceb5dfe0b5b6\"\u003e\u003ccode\u003e80acbdf0\u003c/code\u003e\u003c/a\u003e ci: use proper git ref for versioning\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch3\u003eDependency Changes\u003c/h3\u003e\n\u003cp\u003eThis release has no dependency changes\u003c/p\u003e\n\u003cp\u003eThe previous release can be found at \u003ca href=\"https://github.com/distribution/distribution/releases/tag/v2.8.0\"\u003ev2.8.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/docker/distribution/commits/v2.8.2-beta.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/prometheus/client_golang` from 1.10.0 to 1.11.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/releases\"\u003egithub.com/prometheus/client_golang's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.11.1 / 2022-02-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[SECURITY FIX] promhttp: Check validity of method and code label values \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/987\"\u003eprometheus/client_golang#987\u003c/a\u003e (Addressed \u003ca href=\"https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p\"\u003e\u003ccode\u003eCVE-2022-21698\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epromhttp: Check validity of method and code label values by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/kakkoyun\"\u003e\u003ccode\u003e@​kakkoyun\u003c/code\u003e\u003c/a\u003e in  \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/987\"\u003eprometheus/client_golang#987\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1\"\u003ehttps://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.11.0 / 2021-06-07\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Add new collectors package. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/862\"\u003e#862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] \u003ccode\u003eprometheus.NewExpvarCollector\u003c/code\u003e is deprecated, use \u003ccode\u003ecollectors.NewExpvarCollector\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/862\"\u003e#862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] \u003ccode\u003eprometheus.NewGoCollector\u003c/code\u003e is deprecated, use \u003ccode\u003ecollectors.NewGoCollector\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/862\"\u003e#862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] \u003ccode\u003eprometheus.NewBuildInfoCollector\u003c/code\u003e is deprecated, use \u003ccode\u003ecollectors.NewBuildInfoCollector\u003c/code\u003e instead. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/862\"\u003e#862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add new collector for database/sql#DBStats. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/866\"\u003e#866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] API client: Add exemplars API support. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/861\"\u003e#861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] API client: Add newer fields to Rules API. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/855\"\u003e#855\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] API client: Add missing fields to Targets API. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/856\"\u003e#856\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSynchronize common files from prometheus/prometheus by \u003ca href=\"https://github.com/prombot\"\u003e\u003ccode\u003e@​prombot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/846\"\u003eprometheus/client_golang#846\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSynchronize common files from prometheus/prometheus by \u003ca href=\"https://github.com/prombot\"\u003e\u003ccode\u003e@​prombot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/849\"\u003eprometheus/client_golang#849\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSynchronize common files from prometheus/prometheus by \u003ca href=\"https://github.com/prombot\"\u003e\u003ccode\u003e@​prombot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/853\"\u003eprometheus/client_golang#853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd newer fields to Rules API by \u003ca href=\"https://github.com/gouthamve\"\u003e\u003ccode\u003e@​gouthamve\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/855\"\u003eprometheus/client_golang#855\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd missing fields to targets API by \u003ca href=\"https://github.com/yeya24\"\u003e\u003ccode\u003e@​yeya24\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/856\"\u003eprometheus/client_golang#856\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSynchronize common files from prometheus/prometheus by \u003ca href=\"https://github.com/prombot\"\u003e\u003ccode\u003e@​prombot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/857\"\u003eprometheus/client_golang#857\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd exemplars API support by \u003ca href=\"https://github.com/yeya24\"\u003e\u003ccode\u003e@​yeya24\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/861\"\u003eprometheus/client_golang#861\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImprove description of MaxAge in summary docs by \u003ca href=\"https://github.com/Dean-Coakley\"\u003e\u003ccode\u003e@​Dean-Coakley\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/864\"\u003eprometheus/client_golang#864\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd new collectors package by \u003ca href=\"https://github.com/johejo\"\u003e\u003ccode\u003e@​johejo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/862\"\u003eprometheus/client_golang#862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd collector for database/sql#DBStats by \u003ca href=\"https://github.com/johejo\"\u003e\u003ccode\u003e@​johejo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/866\"\u003eprometheus/client_golang#866\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake dbStatsCollector more DRY by \u003ca href=\"https://github.com/beorn7\"\u003e\u003ccode\u003e@​beorn7\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/867\"\u003eprometheus/client_golang#867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eChange maintainers from \u003ca href=\"https://github.com/beorn7\"\u003e\u003ccode\u003e@​beorn7\u003c/code\u003e\u003c/a\u003e to @bwplotka/\u003ca href=\"https://github.com/kakkoyun\"\u003e\u003ccode\u003e@​kakkoyun\u003c/code\u003e\u003c/a\u003e by \u003ca href=\"https://github.com/beorn7\"\u003e\u003ccode\u003e@​beorn7\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/873\"\u003eprometheus/client_golang#873\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocument implications of negative observations by \u003ca href=\"https://github.com/beorn7\"\u003e\u003ccode\u003e@​beorn7\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/871\"\u003eprometheus/client_golang#871\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Go modules by \u003ca href=\"https://github.com/SuperQ\"\u003e\u003ccode\u003e@​SuperQ\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/875\"\u003eprometheus/client_golang#875\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gouthamve\"\u003e\u003ccode\u003e@​gouthamve\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/855\"\u003eprometheus/client_golang#855\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.10.0...v1.11.0\"\u003ehttps://github.com/prometheus/client_golang/compare/v1.10.0...v1.11.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md\"\u003egithub.com/prometheus/client_golang's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch2\u003e1.23.0 / 2025-07-30\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1812\"\u003e#1812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1766\"\u003e#1766\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add exemplars for native histograms \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1686\"\u003e#1686\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] exp/api: Bubble up status code from writeResponse \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1823\"\u003e#1823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1833\"\u003e#1833\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] exp/api: client prompt return on context cancellation \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1729\"\u003e#1729\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.22.0 / 2025-04-07\u003c/h2\u003e\n\u003cp\u003e:warning: This release contains potential breaking change if you use experimental \u003ccode\u003ezstd\u003c/code\u003e support introduce in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1496\"\u003e#1496\u003c/a\u003e :warning:\u003c/p\u003e\n\u003cp\u003eExperimental support for \u003ccode\u003ezstd\u003c/code\u003e on scrape was added, controlled by the request \u003ccode\u003eAccept-Encoding\u003c/code\u003e header.\nIt was enabled by default since version 1.20, but now you need to add a blank import to enable it.\nThe decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon,\n\u003ca href=\"https://redirect.github.com/golang/go/issues/62513\"\u003egolang/go#62513\u003c/a\u003e however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.\u003c/p\u003e\n\u003cp\u003ee.g.:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003eimport (\n  _ \u0026quot;github.com/prometheus/client_golang/prometheus/promhttp/zstd\u0026quot;\n)\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003e[FEATURE] prometheus: Add new CollectorFunc utility \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1724\"\u003e#1724\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1738\"\u003e#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] api: \u003ccode\u003eWithLookbackDelta\u003c/code\u003e and \u003ccode\u003eWithStats\u003c/code\u003e options have been added to API client. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1743\"\u003e#1743\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] :warning: promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1765\"\u003e#1765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.1 / 2025-03-04\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] prometheus: Revert of \u003ccode\u003eInc\u003c/code\u003e, \u003ccode\u003eAdd\u003c/code\u003e and \u003ccode\u003eObserve\u003c/code\u003e cumulative metric CAS optimizations (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1661\"\u003e#1661\u003c/a\u003e), causing regressions on low contention cases.\u003c/li\u003e\n\u003cli\u003e[BUGFIX] prometheus: Fix GOOS=ios build, broken due to process_collector_* wrong build tags.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.0 / 2025-02-17\u003c/h2\u003e\n\u003cp\u003e:warning: This release contains potential breaking change if you upgrade \u003ccode\u003egithub.com/prometheus/common\u003c/code\u003e to 0.62+ together with client_golang. :warning:\u003c/p\u003e\n\u003cp\u003eNew common version \u003ca href=\"https://redirect.github.com/prometheus/common/pull/724\"\u003echanges \u003ccode\u003emodel.NameValidationScheme\u003c/code\u003e global variable\u003c/a\u003e, which relaxes the validation of label names and metric name, allowing all UTF-8 characters. Typically, this should not break any user, unless your test or usage expects strict certain names to panic/fail on client_golang metric registration, gathering or scrape. In case of problems change \u003ccode\u003emodel.NameValidationScheme\u003c/code\u003e to old \u003ccode\u003emodel.LegacyValidation\u003c/code\u003e value in your project \u003ccode\u003einit\u003c/code\u003e function.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] gocollector: Fix help message for runtime/metric metrics. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1583\"\u003e#1583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] prometheus: Fix \u003ccode\u003eDesc.String()\u003c/code\u003e method for no labels case. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1687\"\u003e#1687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] prometheus: Optimize popular \u003ccode\u003eprometheus.BuildFQName\u003c/code\u003e function; now up to 30% faster. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1665\"\u003e#1665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] prometheus: Optimize \u003ccode\u003eInc\u003c/code\u003e, \u003ccode\u003eAdd\u003c/code\u003e and \u003ccode\u003eObserve\u003c/code\u003e cumulative metrics; now up to 50% faster under high concurrent contention. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Upgrade prometheus/common to 0.62.0 which changes \u003ccode\u003emodel.NameValidationScheme\u003c/code\u003e global variable. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1712\"\u003e#1712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Add support for Go 1.23. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1602\"\u003e#1602\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/989baa30fe956631907493ccee1f8e7708660d96\"\u003e\u003ccode\u003e989baa3\u003c/code\u003e\u003c/a\u003e promhttp: Check validity of method and code label values (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/962\"\u003e#962\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/987\"\u003e#987\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/8184d76b3b0bd3b01ed903690431ccb6826bf3e0\"\u003e\u003ccode\u003e8184d76\u003c/code\u003e\u003c/a\u003e Cut v1.11.0 (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/877\"\u003e#877\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/253906201bda760621fa671fa1541a4ac3df29bd\"\u003e\u003ccode\u003e2539062\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/875\"\u003e#875\u003c/a\u003e from prometheus/superq/update_mods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/68cd1e9262e2fe03a79c9a8bab6737f04995e8a5\"\u003e\u003ccode\u003e68cd1e9\u003c/code\u003e\u003c/a\u003e Update Go modules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/f22935db759faadc48285fee37718436d5b9cb67\"\u003e\u003ccode\u003ef22935d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/871\"\u003e#871\u003c/a\u003e from prometheus/beorn7/doc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/11aba26a91c3ea0581eef96f8ec9fc5cdce204f9\"\u003e\u003ccode\u003e11aba26\u003c/code\u003e\u003c/a\u003e Change maintainers from \u003ca href=\"https://github.com/beorn7\"\u003e\u003ccode\u003e@​beorn7\u003c/code\u003e\u003c/a\u003e to @bwplotka/\u003ca href=\"https://github.com/kakkoyun\"\u003e\u003ccode\u003e@​kakkoyun\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/873\"\u003e#873\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/f34145a85eaff9d42ff629a2975e8118ab41773c\"\u003e\u003ccode\u003ef34145a\u003c/code\u003e\u003c/a\u003e Document implications of negative observations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/a7515ca7c9c6388a5ab84ea336faef795bbf866f\"\u003e\u003ccode\u003ea7515ca\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/867\"\u003e#867\u003c/a\u003e from prometheus/beorn7/collectors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/81a9556c8b4ffac3dd75f7aedf720b3ae73e1276\"\u003e\u003ccode\u003e81a9556\u003c/code\u003e\u003c/a\u003e Make dbStatsCollector more DRY\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/a66da1df4a7e12cb9f84cf5ae3c7adec4539ed27\"\u003e\u003ccode\u003ea66da1d\u003c/code\u003e\u003c/a\u003e Add collector for database/sql#DBStats (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/866\"\u003e#866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.10.0...v1.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.38.0 to 1.56.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.56.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eserver: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)\u003c/p\u003e\n\u003cp\u003eIn addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.56.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003estatus: To fix a panic, \u003ccode\u003estatus.FromError\u003c/code\u003e now returns an error with \u003ccode\u003ecodes.Unknown\u003c/code\u003e when the error implements the \u003ccode\u003eGRPCStatus()\u003c/code\u003e method, and calling \u003ccode\u003eGRPCStatus()\u003c/code\u003e returns \u003ccode\u003enil\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6374\"\u003e#6374\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.56.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eclient: handle empty address lists correctly in addrConn.updateAddrs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.56.0\u003c/h2\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: support channel idleness using \u003ccode\u003eWithIdleTimeout\u003c/code\u003e dial option (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6263\"\u003e#6263\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis feature is currently disabled by default, but will be enabled with a 30 minute default in the future.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eclient: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A62-pick-first.md\"\u003egRFC A62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6306\"\u003e#6306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support for Custom LB Policies (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A52-xds-custom-lb-policies.md\"\u003egRFC A52\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6224\"\u003e#6224\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: support pick_first Custom LB policy (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A62-pick-first.md\"\u003egRFC A62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6314\"\u003e#6314\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6317\"\u003e#6317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: add support for pickfirst address shuffling (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A62-pick-first.md\"\u003egRFC A62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6311\"\u003e#6311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support for String Matcher Header Matcher in RDS (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6313\"\u003e#6313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds/outlierdetection: Add Channelz Logger to Outlier Detection LB (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6145\"\u003e#6145\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/s-matyukevich\"\u003e\u003ccode\u003e@​s-matyukevich\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: enable RLS in xDS by default (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6343\"\u003e#6343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eorca: add support for application_utilization field and missing range checks on several metrics setters\u003c/li\u003e\n\u003cli\u003ebalancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A58-client-side-weighted-round-robin-lb-policy.md\"\u003egRFC A58\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6241\"\u003e#6241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eauthz: add conversion of json to RBAC Audit Logging config (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6192\"\u003e#6192\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eauthz: add support for stdout logger (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6230\"\u003e#6230\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6298\"\u003e#6298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eauthz: support customizable audit functionality for authorization policy (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6192\"\u003e#6192\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6230\"\u003e#6230\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6298\"\u003e#6298\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6158\"\u003e#6158\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6304\"\u003e#6304\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6225\"\u003e#6225\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eorca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6245\"\u003e#6245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6361\"\u003e#6361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6361\"\u003e#6361\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eorca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6223\"\u003e#6223\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.55.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003estatus: To fix a panic, \u003ccode\u003estatus.FromError\u003c/code\u003e now returns an error with \u003ccode\u003ecodes.Unknown\u003c/code\u003e when the error implements the \u003ccode\u003eGRPCStatus()\u003c/code\u003e method, and calling \u003ccode\u003eGRPCStatus()\u003c/code\u003e returns \u003ccode\u003enil\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6374\"\u003e#6374\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.55.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: enable federation support by default (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6151\"\u003e#6151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estatus: \u003ccode\u003estatus.Code\u003c/code\u003e and \u003ccode\u003estatus.FromError\u003c/code\u003e handle wrapped errors (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6031\"\u003e#6031\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6150\"\u003e#6150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/1055b481ed2204a29d233286b9b50c42b63f8825\"\u003e\u003ccode\u003e1055b48\u003c/code\u003e\u003c/a\u003e Update version.go to 1.56.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6713\"\u003e#6713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/5efd7bd73e11fea58d1c7f1c110902e78a286299\"\u003e\u003ccode\u003e5efd7bd\u003c/code\u003e\u003c/a\u003e server: prohibit more than MaxConcurrentStreams handlers from running at once...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/bd1f038e7234580c2694e433bec5cd97e7b7f662\"\u003e\u003ccode\u003ebd1f038\u003c/code\u003e\u003c/a\u003e Upgrade version.go to 1.56.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6434\"\u003e#6434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/faab8736bf73291f92b867d5dae31c927d53d508\"\u003e\u003ccode\u003efaab873\u003c/code\u003e\u003c/a\u003e Update version.go to v1.56.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6432\"\u003e#6432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6b0b291d79831b1c8caafceec268b82c92253f96\"\u003e\u003ccode\u003e6b0b291\u003c/code\u003e\u003c/a\u003e status: fix panic when servers return a wrapped error with status OK (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6374\"\u003e#6374\u003c/a\u003e) ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/ed56401aa514462d5371713b8ec5c889da33953c\"\u003e\u003ccode\u003eed56401\u003c/code\u003e\u003c/a\u003e [PSM interop] Don't fail target if sub-target already failed (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6390\"\u003e#6390\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6405\"\u003e#6405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/cd6a794f0bdcf9a216e8f4d3c5717faf96d9fd78\"\u003e\u003ccode\u003ecd6a794\u003c/code\u003e\u003c/a\u003e Update version.go to v1.56.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6387\"\u003e#6387\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/5b67e5ea449ef0686a0c0b6de48cd4cb63e3db2a\"\u003e\u003ccode\u003e5b67e5e\u003c/code\u003e\u003c/a\u003e Update version.go to v1.56.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6386\"\u003e#6386\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d0f5150384a87f9fcac488a9c18727a55b7354c1\"\u003e\u003ccode\u003ed0f5150\u003c/code\u003e\u003c/a\u003e client: handle empty address lists correctly in addrConn.updateAddrs (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6354\"\u003e#6354\u003c/a\u003e) ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/997c1ea101cc5d496d2b148388f1df49632a9171\"\u003e\u003ccode\u003e997c1ea\u003c/code\u003e\u003c/a\u003e Change version to 1.56.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6345\"\u003e#6345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.38.0...v1.56.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jevans3/cron-hpa/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/jevans3/cron-hpa/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jevans3%2Fcron-hpa/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","update_type":"minor","path":null,"pr_created_at":"2025-08-21T14:57:20.000Z","version_change":"2.7.1+incompatible → 2.8.2+incompatible","issue":{"uuid":"2763300614","node_id":"PR_kwDOPGiqKc6ktJ8G","number":13,"state":"open","title":"Bump the go_modules group across 2 directories with 6 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-21T14:57:20.000Z","updated_at":"2025-08-21T14:57:21.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":6,"packages":[{"name":"golang.org/x/crypto","old_version":"0.32.0","new_version":"0.35.0","repository_url":"https://github.com/golang/crypto"},{"name":"golang.org/x/net","old_version":"0.34.0","new_version":"0.38.0","repository_url":"https://github.com/golang/net"},{"name":"golang.org/x/sys","old_version":"0.29.0","new_version":"0.31.0","repository_url":"https://github.com/golang/sys"},{"name":"github.com/go-viper/mapstructure/v2","old_version":"2.2.1","new_version":"2.4.0","repository_url":"https://github.com/go-viper/mapstructure"},{"name":"golang.org/x/sys","old_version":"0.0.0-20190507160741-ecd444e8653b","new_version":"0.1.0","repository_url":"https://github.com/golang/sys"},{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/opencontainers/image-spec","old_version":"1.0.1","new_version":"1.0.2","repository_url":"https://github.com/opencontainers/image-spec"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 3 updates in the /go directory: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/net](https://github.com/golang/net) and [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure).\nBumps the go_modules group with 3 updates in the /packaging/linux/tuxbot/bot directory: [golang.org/x/sys](https://github.com/golang/sys), [github.com/docker/distribution](https://github.com/docker/distribution) and [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec).\n\nUpdates `golang.org/x/crypto` from 0.32.0 to 0.35.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22\"\u003e\u003ccode\u003e7292932\u003c/code\u003e\u003c/a\u003e ssh: limit the size of the internal packet queue while waiting for KEX\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/f66f74b0a406b5f6909183531ace593857f1646c\"\u003e\u003ccode\u003ef66f74b\u003c/code\u003e\u003c/a\u003e acme/autocert: check host policy before probing the cache\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/b0784b7bfbe0b2c9a59afc1248ed3cb4b6652e85\"\u003e\u003ccode\u003eb0784b7\u003c/code\u003e\u003c/a\u003e x509roots/fallback: drop obsolete build constraint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/911360c8a4f464342b9fe7c23632be57fca87b20\"\u003e\u003ccode\u003e911360c\u003c/code\u003e\u003c/a\u003e all: bump golang.org/x/crypto dependencies of asm generators\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/89ff08d67c4d79f9ac619aaf1f7388888798651f\"\u003e\u003ccode\u003e89ff08d\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.23.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/e47973b1c1089f6c67ab89261f7aa067b3d611d2\"\u003e\u003ccode\u003ee47973b\u003c/code\u003e\u003c/a\u003e all: update certs for go1.24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/9290511cd23ab9813a307b7f2615325e3ca98902\"\u003e\u003ccode\u003e9290511\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/fa5273e461966728f91f33da62c0cf511a404c2a\"\u003e\u003ccode\u003efa5273e\u003c/code\u003e\u003c/a\u003e x509roots/fallback: update bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/a8ea4be81f0769fd5857e087083cbb6d3cb9f196\"\u003e\u003ccode\u003ea8ea4be\u003c/code\u003e\u003c/a\u003e ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner) interface\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/crypto/commit/71d3a4cfdb0360795ce5f2d7041e01823fd22eb6\"\u003e\u003ccode\u003e71d3a4c\u003c/code\u003e\u003c/a\u003e acme: support challenges that require the ACME client to send a non-empty JSO...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/compare/v0.32.0...v0.35.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.34.0 to 0.38.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9\"\u003e\u003ccode\u003ee1fcd82\u003c/code\u003e\u003c/a\u003e html: properly handle trailing solidus in unquoted attribute value in foreign...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ebed060e8f30f20235f74808c22125fd86b15edd\"\u003e\u003ccode\u003eebed060\u003c/code\u003e\u003c/a\u003e internal/http3: fix build of tests with GOEXPERIMENT=nosynctest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/1f1fa29e0a46fffe18c43a9da8daa5a0b180dfa9\"\u003e\u003ccode\u003e1f1fa29\u003c/code\u003e\u003c/a\u003e publicsuffix: regenerate table\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/12150816f701c912a32a376754ab28dd3878833a\"\u003e\u003ccode\u003e1215081\u003c/code\u003e\u003c/a\u003e http2: improve error when server sends HTTP/1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/312450e473eae9f9e6173ad895c80bc5ea2f79ad\"\u003e\u003ccode\u003e312450e\u003c/code\u003e\u003c/a\u003e html: ensure \u0026lt;search\u0026gt; tag closes \u0026lt;p\u0026gt; and update tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/09731f9bf919b00b344c763894cd1920b3d96d90\"\u003e\u003ccode\u003e09731f9\u003c/code\u003e\u003c/a\u003e http2: improve handling of lost PING in Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/55989e24b972a90ab99308fdc7ea1fb58a96fef1\"\u003e\u003ccode\u003e55989e2\u003c/code\u003e\u003c/a\u003e http2/h2c: use ResponseController for hijacking connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/2914f46773171f4fa13e276df1135bafef677801\"\u003e\u003ccode\u003e2914f46\u003c/code\u003e\u003c/a\u003e websocket: re-recommend gorilla/websocket\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/99b3ae0643f9a2f9d820fcbba5f9e4c83b23bd48\"\u003e\u003ccode\u003e99b3ae0\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/85d1d54551b68719346cb9fec24b911da4e452a1\"\u003e\u003ccode\u003e85d1d54\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.34.0...v0.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.29.0 to 0.31.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sys/commits/v0.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/go-viper/mapstructure/v2` from 2.2.1 to 2.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/go-viper/mapstructure/releases\"\u003egithub.com/go-viper/mapstructure/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erefactor: replace interface{} with any by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/115\"\u003ego-viper/mapstructure#115\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/114\"\u003ego-viper/mapstructure#114\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGeneric tests by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/118\"\u003ego-viper/mapstructure#118\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix godoc reference link in README.md by \u003ca href=\"https://github.com/peczenyj\"\u003e\u003ccode\u003e@​peczenyj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/107\"\u003ego-viper/mapstructure#107\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add StringToTimeLocationHookFunc to convert strings to *time.Location by \u003ca href=\"https://github.com/ErfanMomeniii\"\u003e\u003ccode\u003e@​ErfanMomeniii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/117\"\u003ego-viper/mapstructure#117\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add back previous StringToSlice as a weak function by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/119\"\u003ego-viper/mapstructure#119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ErfanMomeniii\"\u003e\u003ccode\u003e@​ErfanMomeniii\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/117\"\u003ego-viper/mapstructure#117\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0\"\u003ehttps://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.1.7 to 4.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/46\"\u003ego-viper/mapstructure#46\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/47\"\u003ego-viper/mapstructure#47\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[enhancement] Add check for \u003ccode\u003ereflect.Value\u003c/code\u003e in \u003ccode\u003eComposeDecodeHookFunc\u003c/code\u003e by \u003ca href=\"https://github.com/mahadzaryab1\"\u003e\u003ccode\u003e@​mahadzaryab1\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/52\"\u003ego-viper/mapstructure#52\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/51\"\u003ego-viper/mapstructure#51\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4.2.0 to 4.2.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/50\"\u003ego-viper/mapstructure#50\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/55\"\u003ego-viper/mapstructure#55\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/58\"\u003ego-viper/mapstructure#58\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add Go 1.24 to the test matrix by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/74\"\u003ego-viper/mapstructure#74\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/72\"\u003ego-viper/mapstructure#72\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump golangci/golangci-lint-action from 6.5.0 to 6.5.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/76\"\u003ego-viper/mapstructure#76\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/78\"\u003ego-viper/mapstructure#78\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add decode hook for netip.Prefix by \u003ca href=\"https://github.com/tklauser\"\u003e\u003ccode\u003e@​tklauser\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/85\"\u003ego-viper/mapstructure#85\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/86\"\u003ego-viper/mapstructure#86\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 2.13.4 to 3.28.15 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/87\"\u003ego-viper/mapstructure#87\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/93\"\u003ego-viper/mapstructure#93\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.15 to 3.28.17 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/92\"\u003ego-viper/mapstructure#92\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.17 to 3.28.19 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/97\"\u003ego-viper/mapstructure#97\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/96\"\u003ego-viper/mapstructure#96\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/peczenyj\"\u003e\u003ccode\u003e@​peczenyj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/90\"\u003ego-viper/mapstructure#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd omitzero tag. by \u003ca href=\"https://github.com/Crystalix007\"\u003e\u003ccode\u003e@​Crystalix007\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/98\"\u003ego-viper/mapstructure#98\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse error structs instead of duplicated strings by \u003ca href=\"https://github.com/m1k1o\"\u003e\u003ccode\u003e@​m1k1o\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/102\"\u003ego-viper/mapstructure#102\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/101\"\u003ego-viper/mapstructure#101\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add common error interface by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/105\"\u003ego-viper/mapstructure#105\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate linter by \u003ca href=\"https://github.com/sagikazarmark\"\u003e\u003ccode\u003e@​sagikazarmark\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/106\"\u003ego-viper/mapstructure#106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFeature allow unset pointer by \u003ca href=\"https://github.com/rostislaved\"\u003e\u003ccode\u003e@​rostislaved\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/80\"\u003ego-viper/mapstructure#80\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/tklauser\"\u003e\u003ccode\u003e@​tklauser\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/85\"\u003ego-viper/mapstructure#85\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/peczenyj\"\u003e\u003ccode\u003e@​peczenyj\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/90\"\u003ego-viper/mapstructure#90\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Crystalix007\"\u003e\u003ccode\u003e@​Crystalix007\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/98\"\u003ego-viper/mapstructure#98\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rostislaved\"\u003e\u003ccode\u003e@​rostislaved\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/pull/80\"\u003ego-viper/mapstructure#80\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0\"\u003ehttps://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/b9794a5f0e73d425210d6614ed833067029155f5\"\u003e\u003ccode\u003eb9794a5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/119\"\u003e#119\u003c/a\u003e from go-viper/string-to-weak-slice\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/17cdcb0741054e2a33938adf6bd1f2a5c0aa8f30\"\u003e\u003ccode\u003e17cdcb0\u003c/code\u003e\u003c/a\u003e feat: add back previous StringToSlice as a weak function\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/3caca3614c3ab2c5b5d359c44fdcd72058887b19\"\u003e\u003ccode\u003e3caca36\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/117\"\u003e#117\u003c/a\u003e from ErfanMomeniii/main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/9a861bc115f2b54ed4e494662f29c172d9ef046a\"\u003e\u003ccode\u003e9a861bc\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/107\"\u003e#107\u003c/a\u003e from peczenyj/patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/86ed5b59da0615fb8c3a413f401cdf0231f1234c\"\u003e\u003ccode\u003e86ed5b5\u003c/code\u003e\u003c/a\u003e refactor: update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/ace5b4e8b3dec99468ffa9498e42fb09d177b0a6\"\u003e\u003ccode\u003eace5b4e\u003c/code\u003e\u003c/a\u003e chore: add interface any linter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/1a4f1aef38bfa8549762aaf42c7c18a5d268e76e\"\u003e\u003ccode\u003e1a4f1ae\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/go-viper/mapstructure/issues/118\"\u003e#118\u003c/a\u003e from go-viper/generic-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/a2689090ed4348033c36724d866faf1f911a9f63\"\u003e\u003ccode\u003ea268909\u003c/code\u003e\u003c/a\u003e fix: lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/17f1fd44eb7606b109c9bb017c0a1c6d3e93b5cd\"\u003e\u003ccode\u003e17f1fd4\u003c/code\u003e\u003c/a\u003e test: add more comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/go-viper/mapstructure/commit/b48c8566836bf291bfee2b217d51fc36e8e61f6f\"\u003e\u003ccode\u003eb48c856\u003c/code\u003e\u003c/a\u003e test: expand tests\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/sys` from 0.0.0-20190507160741-ecd444e8653b to 0.1.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/sys/commits/v0.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/opencontainers/image-spec` from 1.0.1 to 1.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/opencontainers/image-spec/releases\"\u003egithub.com/opencontainers/image-spec's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.0.2\u003c/h2\u003e\n\u003cp\u003eThis release was voted on by the maintainers and PASSED (+5 -0 \u003ca href=\"https://redirect.github.com/opencontainers/image-spec/issues/2\"\u003e#2\u003c/a\u003e), to mitigate the CVE-2021-41190 advisory.\u003c/p\u003e\n\u003cp\u003eThis release is rebased directly on the prior tagged release (not including the commits that have occurred on main). Corresponding commits have been added to main, such that main is ready for a future next release.\u003c/p\u003e\n\u003cp\u003e\u003cimg src=\"https://user-images.githubusercontent.com/67049/142260429-9da17e3d-c6dd-4721-89bb-0ef72ef69c22.gif\" alt=\"R\" /\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/67d2d5658fe0476ab9bf414cec164077ebff3920\"\u003e\u003ccode\u003e67d2d56\u003c/code\u003e\u003c/a\u003e version: release 1.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/dcdcb7f2cf08641d03189e5b09be32de5dcfe459\"\u003e\u003ccode\u003edcdcb7f\u003c/code\u003e\u003c/a\u003e specs-go: adding \u003ccode\u003emediaType\u003c/code\u003e to the index and manifest structures\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/opencontainers/image-spec/commit/5f3148525b82017cb470ff5f54b37aae4003eb07\"\u003e\u003ccode\u003e5f31485\u003c/code\u003e\u003c/a\u003e *.md: bring mediaType out of reserved status\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/opencontainers/image-spec/compare/v1.0.1...v1.0.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/NACHAPHON-PHONTREE/client/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/NACHAPHON-PHONTREE/client/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NACHAPHON-PHONTREE%2Fclient/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"}},{"old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","update_type":"minor","path":null,"pr_created_at":"2025-08-14T17:19:06.000Z","version_change":"2.7.1+incompatible → 2.8.2+incompatible","issue":{"uuid":"2746833832","node_id":"PR_kwDOHscbzc6juVuo","number":33,"state":"closed","title":"Bump the go_modules group across 1 directory with 12 updates","user":"dependabot[bot]","labels":["wontfix","dependencies","go"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2025-09-05T05:05:13.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-08-14T17:19:06.000Z","updated_at":"2025-09-05T05:05:13.000Z","time_to_close":1856767,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":12,"packages":[{"name":"filippo.io/age","old_version":"1.0.0-beta7","new_version":"1.2.1","repository_url":"https://github.com/FiloSottile/age"},{"name":"github.com/golang-jwt/jwt/v4","old_version":"4.0.0","new_version":"4.5.2","repository_url":"https://github.com/golang-jwt/jwt"},{"name":"github.com/hashicorp/go-slug","old_version":"0.8.1","new_version":"0.16.3","repository_url":"https://github.com/hashicorp/go-slug"},{"name":"golang.org/x/oauth2","old_version":"0.0.0-20211104180415-d3ed0bb246c8","new_version":"0.27.0","repository_url":"https://github.com/golang/oauth2"},{"name":"google.golang.org/protobuf","old_version":"1.27.1","new_version":"1.33.0"},{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/docker/docker","old_version":"20.10.12+incompatible","new_version":"28.0.0+incompatible","repository_url":"https://github.com/docker/docker"},{"name":"github.com/hashicorp/go-retryablehttp","old_version":"0.7.1","new_version":"0.7.7","repository_url":"https://github.com/hashicorp/go-retryablehttp"},{"name":"github.com/prometheus/client_golang","old_version":"1.11.0","new_version":"1.11.1","repository_url":"https://github.com/prometheus/client_golang"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [filippo.io/age](https://github.com/FiloSottile/age) | `1.0.0-beta7` | `1.2.1` |\n| [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) | `4.0.0` | `4.5.2` |\n| [github.com/hashicorp/go-slug](https://github.com/hashicorp/go-slug) | `0.8.1` | `0.16.3` |\n| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.0.0-20211104180415-d3ed0bb246c8` | `0.27.0` |\n| google.golang.org/protobuf | `1.27.1` | `1.33.0` |\n| [github.com/docker/distribution](https://github.com/docker/distribution) | `2.7.1+incompatible` | `2.8.2+incompatible` |\n| [github.com/docker/docker](https://github.com/docker/docker) | `20.10.12+incompatible` | `28.0.0+incompatible` |\n| [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) | `0.7.1` | `0.7.7` |\n| [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) | `1.11.0` | `1.11.1` |\n\n\nUpdates `filippo.io/age` from 1.0.0-beta7 to 1.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/FiloSottile/age/releases\"\u003efilippo.io/age's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eage v1.2.1: security fix\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability that could allow an attacker to execute an arbitrary binary under certain conditions.\u003c/p\u003e\n\u003cp\u003eSee GHSA-32gq-x56h-299c.\u003c/p\u003e\n\u003cp\u003ePlugin names may now only contain alphanumeric characters or the four special characters \u003ccode\u003e+-._\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eThanks to ⬡-49016 for reporting this issue.\u003c/p\u003e\n\u003ch2\u003eage v1.2.0\u003c/h2\u003e\n\u003cp\u003eA small release to build the release binaries with a more recent Go toolchain, and to fix a couple CLI edge cases (\u003ca href=\"https://redirect.github.com/FiloSottile/age/issues/491\"\u003eFiloSottile/age#491\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/FiloSottile/age/issues/555\"\u003eFiloSottile/age#555\u003c/a\u003e).\u003c/p\u003e\n\u003cp\u003eThe Go module now exposes a plugin package that provides an age plugin client. That is, Recipient and Identity implementations that invoke a plugin binary, allowing the use of age plugins in Go programs.\u003c/p\u003e\n\u003cp\u003eFinally, Recipients can now return a set of \u0026quot;labels\u0026quot; by implementing RecipientWithLabels. This allows replicating the special behavior of the scrypt Recipient in third-party Recipients, or applying policy useful for authenticated or post-quantum Recipients.\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e// RecipientWithLabels can be optionally implemented by a Recipient, in which\n// case Encrypt will use WrapWithLabels instead of Wrap.\n//\n// Encrypt will succeed only if the labels returned by all the recipients\n// (assuming the empty set for those that don't implement RecipientWithLabels)\n// are the same.\n//\n// This can be used to ensure a recipient is only used with other recipients\n// with equivalent properties (for example by setting a \u0026quot;postquantum\u0026quot; label) or\n// to ensure a recipient is always used alone (by returning a random label, for\n// example to preserve its authentication properties).\ntype RecipientWithLabels interface {\n\tWrapWithLabels(fileKey []byte) (s []*Stanza, labels []string, err error)\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eage v1.1.1 is a patch release to fix \u003ccode\u003ego install filippo.io/age/...@latest\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/FiloSottile/age/releases/tag/v1.1.0\"\u003ethe release notes for v1.1.0 for changes since v1.0.0\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003eage v1.1.0: plugin and YubiKeys support\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eage is a simple, modern and secure file encryption tool, format, and Go library. It features small explicit keys, no config options, and UNIX-style composability. Learn more by reading the \u003ca href=\"https://github.com/FiloSottile/age/blob/main/README.md\"\u003eREADME\u003c/a\u003e, the \u003ca href=\"https://filippo.io/age/age.1\"\u003eage(1) man page\u003c/a\u003e, the \u003ca href=\"https://pkg.go.dev/filippo.io/age\"\u003eGo API reference\u003c/a\u003e, the \u003ca href=\"https://age-encryption.org/v1\"\u003eformat specification\u003c/a\u003e, or the \u003ca href=\"https://github.com/FiloSottile/age/compare/v1.0.0...v1.1.0\"\u003efull release changelog\u003c/a\u003e. Watch the repository or \u003ca href=\"https://abyssdomain.expert/@filippo\"\u003e\u003ccode\u003efollow @​filippo@abyssdomain.expert\u003c/code\u003e\u003c/a\u003e to be notified of new releases.\u003c/p\u003e\n\u003cp\u003e🛠️ FYI, age now has an extensive \u003ca href=\"https://c2sp.org/CCTV/age\"\u003etest suite\u003c/a\u003e which all age implementations are encouraged to adopt.\u003c/p\u003e\n\u003ch2\u003ePlugin support\u003c/h2\u003e\n\u003cp\u003eThe age CLI now supports plugins, such as \u003ca href=\"https://github.com/str4d/age-plugin-yubikey\"\u003eage-plugin-yubikey\u003c/a\u003e by \u003ca href=\"https://github.com/str4d\"\u003e\u003ccode\u003e@​str4d\u003c/code\u003e\u003c/a\u003e. To try it on macOS with Homebrew:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e$ brew upgrade age\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/482cf6fc9babd3ab06f6606762aac10447222201\"\u003e\u003ccode\u003e482cf6f\u003c/code\u003e\u003c/a\u003e plugin: restrict characters in plugin names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/cda3988cc76a139426281a1d812914b71435bd18\"\u003e\u003ccode\u003ecda3988\u003c/code\u003e\u003c/a\u003e all: fix staticcheck warnings (\u003ca href=\"https://redirect.github.com/FiloSottile/age/issues/589\"\u003e#589\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/176e245b3cb3ada322c21eef0bce166dc5a5e4c7\"\u003e\u003ccode\u003e176e245\u003c/code\u003e\u003c/a\u003e README: rotate Sigsum keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/faefdc3c81efa89fd41998b77c62234ca56be10b\"\u003e\u003ccode\u003efaefdc3\u003c/code\u003e\u003c/a\u003e README: document Sigsum proofs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/bbe6ce5eeb1bb70cfc705d0961c943f0dd637ffd\"\u003e\u003ccode\u003ebbe6ce5\u003c/code\u003e\u003c/a\u003e .github/workflows: update artifacts Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/1e1badabf74064ee800d19817a725f4803fa4e94\"\u003e\u003ccode\u003e1e1bada\u003c/code\u003e\u003c/a\u003e .github/workflows: go-version stable, not latest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/2293a9afef6984915cb28d2a7264b145604d61e9\"\u003e\u003ccode\u003e2293a9a\u003c/code\u003e\u003c/a\u003e .github/workflows: use latest Go for bootstrap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/01fe9cd84aa5380cd09b8761af919e5d0a1386ad\"\u003e\u003ccode\u003e01fe9cd\u003c/code\u003e\u003c/a\u003e README: add pkgx installation instructions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/bd0511b415355bf84a3861c77d47d9337ab367b1\"\u003e\u003ccode\u003ebd0511b\u003c/code\u003e\u003c/a\u003e cmd/age: detect output/input file reuse when possible\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FiloSottile/age/commit/febaaded8756511fd12b7aea122e44be80c35862\"\u003e\u003ccode\u003efebaade\u003c/code\u003e\u003c/a\u003e cmd/age: create file for empty decryptions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FiloSottile/age/compare/v1.0.0-beta7...v1.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/golang-jwt/jwt/v4` from 4.0.0 to 4.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/golang-jwt/jwt/releases\"\u003egithub.com/golang-jwt/jwt/v4's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.5.2\u003c/h2\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.5.1...v4.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.5.1\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cp\u003eUnclear documentation of the error behavior in \u003ccode\u003eParseWithClaims\u003c/code\u003e in \u0026lt;= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by \u003ccode\u003eParseWithClaims\u003c/code\u003e return both error codes. If users only check for the \u003ccode\u003ejwt.ErrTokenExpired \u003c/code\u003e using \u003ccode\u003eerror.Is\u003c/code\u003e, they will ignore the embedded \u003ccode\u003ejwt.ErrTokenSignatureInvalid\u003c/code\u003e and thus potentially accept invalid tokens.\u003c/p\u003e\n\u003cp\u003eThis issue was documented in \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\u003c/a\u003e and fixed in this release.\u003c/p\u003e\n\u003cp\u003eNote: \u003ccode\u003ev5\u003c/code\u003e was not affected by this issue. So upgrading to this release version is also recommended.\u003c/p\u003e\n\u003ch1\u003eWhat's Changed\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBack-ported error-handling logic in \u003ccode\u003eParseWithClaims\u003c/code\u003e from \u003ccode\u003ev5\u003c/code\u003e branch. This fixes \u003ca href=\"https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\"\u003ehttps://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.5.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow strict base64 decoding by \u003ca href=\"https://github.com/AlexanderYastrebov\"\u003e\u003ccode\u003e@​AlexanderYastrebov\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/259\"\u003egolang-jwt/jwt#259\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.4.3...v4.5.0\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.4.3...v4.5.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.4.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: link update for README.md for v4 by \u003ca href=\"https://github.com/krokite\"\u003e\u003ccode\u003e@​krokite\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/217\"\u003egolang-jwt/jwt#217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eImplement a BearerExtractor by \u003ca href=\"https://github.com/WhyNotHugo\"\u003e\u003ccode\u003e@​WhyNotHugo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/226\"\u003egolang-jwt/jwt#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump matrix to support latest go version (go1.19) by \u003ca href=\"https://github.com/mfridman\"\u003e\u003ccode\u003e@​mfridman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/231\"\u003egolang-jwt/jwt#231\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude \u003ca href=\"https://github.com/golang-jwt/jwe\"\u003ehttps://github.com/golang-jwt/jwe\u003c/a\u003e in README by \u003ca href=\"https://github.com/oxisto\"\u003e\u003ccode\u003e@​oxisto\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/229\"\u003egolang-jwt/jwt#229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd doc comment to ParseWithClaims by \u003ca href=\"https://github.com/jkopczyn\"\u003e\u003ccode\u003e@​jkopczyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/232\"\u003egolang-jwt/jwt#232\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRefactor: removed the unneeded if statement by \u003ca href=\"https://github.com/Krout0n\"\u003e\u003ccode\u003e@​Krout0n\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/241\"\u003egolang-jwt/jwt#241\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNo pointer embedding in the example by \u003ca href=\"https://github.com/oxisto\"\u003e\u003ccode\u003e@​oxisto\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/255\"\u003egolang-jwt/jwt#255\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/krokite\"\u003e\u003ccode\u003e@​krokite\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/217\"\u003egolang-jwt/jwt#217\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WhyNotHugo\"\u003e\u003ccode\u003e@​WhyNotHugo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/226\"\u003egolang-jwt/jwt#226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jkopczyn\"\u003e\u003ccode\u003e@​jkopczyn\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/232\"\u003egolang-jwt/jwt#232\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Krout0n\"\u003e\u003ccode\u003e@​Krout0n\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/241\"\u003egolang-jwt/jwt#241\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.4.2...v4.4.3\"\u003ehttps://github.com/golang-jwt/jwt/compare/v4.4.2...v4.4.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.4.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded MicahParks/keyfunc to extensions by \u003ca href=\"https://github.com/oxisto\"\u003e\u003ccode\u003e@​oxisto\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/194\"\u003egolang-jwt/jwt#194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate link to v4 on pkg.go.dev page by \u003ca href=\"https://github.com/polRk\"\u003e\u003ccode\u003e@​polRk\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/golang-jwt/jwt/pull/195\"\u003egolang-jwt/jwt#195\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md\"\u003egithub.com/golang-jwt/jwt/v4's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ccode\u003ejwt-go\u003c/code\u003e Version History\u003c/h1\u003e\n\u003cp\u003eThe following version history is kept for historic purposes. To retrieve the current changes of each version, please refer to the change-log of the specific release versions on \u003ca href=\"https://github.com/golang-jwt/jwt/releases\"\u003ehttps://github.com/golang-jwt/jwt/releases\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/2f0e9add62078527821828c76865661aa7718a84\"\u003e\u003ccode\u003e2f0e9ad\u003c/code\u003e\u003c/a\u003e Backporting 0951d18 to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c\"\u003e\u003ccode\u003e7b1c1c0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/9358574a7a1a2c8d644f22b6e8de627ba85c58d0\"\u003e\u003ccode\u003e9358574\u003c/code\u003e\u003c/a\u003e Allow strict base64 decoding (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/2f0984a28be854685a0b59b71d597f10f2c49cff\"\u003e\u003ccode\u003e2f0984a\u003c/code\u003e\u003c/a\u003e Using \u003ccode\u003etparse\u003c/code\u003e for nicer CI test display (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/251\"\u003e#251\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/2101c1f4bc589dcef71b5f750191a8db07c82431\"\u003e\u003ccode\u003e2101c1f\u003c/code\u003e\u003c/a\u003e No pointer embedding in the example (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/255\"\u003e#255\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/35053d4e202c7cffd7ecc96ce2b247e2117f838e\"\u003e\u003ccode\u003e35053d4\u003c/code\u003e\u003c/a\u003e Removed unneeded if statement (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/241\"\u003e#241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/0c4e3879854669acd15ea435f2c8aada6c73810a\"\u003e\u003ccode\u003e0c4e387\u003c/code\u003e\u003c/a\u003e Add doc comment to ParseWithClaims (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/bfea432b1a9da383509086a2141c06dc103e82f9\"\u003e\u003ccode\u003ebfea432\u003c/code\u003e\u003c/a\u003e Include \u003ca href=\"https://github.com/golang-jwt/jwe\"\u003ehttps://github.com/golang-jwt/jwe\u003c/a\u003e in README (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/229\"\u003e#229\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/d81acbf7f30f11e5ef65030008b876e46a3ca7d0\"\u003e\u003ccode\u003ed81acbf\u003c/code\u003e\u003c/a\u003e Bump matrix to support latest go version (go1.19) (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/231\"\u003e#231\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang-jwt/jwt/commit/fdaf0eb0e0c1f33ca4bc05ce761d931fc236007f\"\u003e\u003ccode\u003efdaf0eb\u003c/code\u003e\u003c/a\u003e Implement a BearerExtractor (\u003ca href=\"https://redirect.github.com/golang-jwt/jwt/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang-jwt/jwt/compare/v4.0.0...v4.5.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/hashicorp/go-slug` from 0.8.1 to 0.16.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hashicorp/go-slug/releases\"\u003egithub.com/hashicorp/go-slug's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.16.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdjust destination path check by \u003ca href=\"https://github.com/NodyHub\"\u003e\u003ccode\u003e@​NodyHub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/76\"\u003ehashicorp/go-slug#76\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: This release may have issues when unpacking a tarball, we recommend using 0.16.4 or later.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hashicorp/go-slug/compare/v0.16.2...v0.16.3\"\u003ehttps://github.com/hashicorp/go-slug/compare/v0.16.2...v0.16.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.16.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd CODEOWNERS file in .github/CODEOWNERS by \u003ca href=\"https://github.com/mukeshjc\"\u003e\u003ccode\u003e@​mukeshjc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/72\"\u003ehashicorp/go-slug#72\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate unused pack/unpack option \u003ccode\u003eAllowSymlinkTarget\u003c/code\u003e by \u003ca href=\"https://github.com/NodyHub\"\u003e\u003ccode\u003e@​NodyHub\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/74\"\u003ehashicorp/go-slug#74\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mukeshjc\"\u003e\u003ccode\u003e@​mukeshjc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/72\"\u003ehashicorp/go-slug#72\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NodyHub\"\u003e\u003ccode\u003e@​NodyHub\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/74\"\u003ehashicorp/go-slug#74\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hashicorp/go-slug/compare/v0.16.1...v0.16.2\"\u003ehttps://github.com/hashicorp/go-slug/compare/v0.16.1...v0.16.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.16.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/68\"\u003e#68\u003c/a\u003e: Fix panic in \u003ccode\u003esourcebundle\u003c/code\u003e package when RegistryMeta and Packages aren't the same size.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/hashicorp/go-slug/compare/v0.16.0...v0.16.1\"\u003ehttps://github.com/hashicorp/go-slug/compare/v0.16.0...v0.16.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.16.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/64\"\u003e#64\u003c/a\u003e: Remove the \u003ccode\u003e.Append(...)\u003c/code\u003e function from the \u003ccode\u003esourcebundle\u003c/code\u003e diagnostics API. Consumers should instead use the built-in golang \u003ccode\u003eappend()\u003c/code\u003e function. This ensures type-safety as you can't attempt to insert an invalid object into the diagnostics using the built-in function.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: this is technically a breaking change for consumers of the \u003ccode\u003esourcebundle\u003c/code\u003e package since it removes a method, but we had previously marked it as experimental in the v0.12.0 release and warned that its API is subject to change. The package continues to be experimental and may change further before stabilizing.\u003c/p\u003e\n\u003ch2\u003ev0.15.2\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003esourcebundle\u003c/code\u003e: Fixed a bug in the PackageMeta receiver method \u003ccode\u003eGetCommitMessage() string\u003c/code\u003e that caused it to return an empty string instead of the git commit message.  (\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/61\"\u003e#61\u003c/a\u003e)\u003c/p\u003e\n\u003ch2\u003ev0.15.1\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/59\"\u003e#59\u003c/a\u003e: expose registry module version deprecation data in \u003ccode\u003esourcebundle\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003ev0.15.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/pull/56/files\"\u003e#56\u003c/a\u003e: collect commit messages in package meta struct.\u003c/p\u003e\n\u003cp\u003eNote: this is technically a breaking change for consumers of the sourcebundle package since it removes a method, but we had previously marked it as experimental in the v0.12.0 release and warned that its API is subject to change. The package continues to be experimental and may change further before stabilizing.\u003c/p\u003e\n\u003ch2\u003ev0.14.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/55\"\u003e#55\u003c/a\u003e: revise the experimental \u003ccode\u003esourcebundle\u003c/code\u003e package fetcher and registry client interfaces to improve future extensibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote: this is technically a breaking change for consumers of the \u003ccode\u003esourcebundle\u003c/code\u003e package, but we had previously marked it as experimental in the v0.12.0 release and warned that its API is subject to change. The package continues to be experimental and may change further before stabilizing.\u003c/p\u003e\n\u003ch2\u003ev0.13.4\u003c/h2\u003e\n\u003cp\u003eFixed a bug with default exclusion rules for .terraformignore which caused the \u003ccode\u003e.terraform/modules\u003c/code\u003e directory to be excluded\u003c/p\u003e\n\u003ch2\u003ev0.13.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/9a9315589124e21b01ffe8a7816f4f2bea7da8b4\"\u003e\u003ccode\u003e9a93155\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/76\"\u003e#76\u003c/a\u003e from hashicorp/nodyhub/adjust-path-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/fbb041690f076f8e983a0f5f0d7406545a41359a\"\u003e\u003ccode\u003efbb0416\u003c/code\u003e\u003c/a\u003e improve sanitization checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/53c172a3e00fc1ac280365255b56af57846abdb4\"\u003e\u003ccode\u003e53c172a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/74\"\u003e#74\u003c/a\u003e from hashicorp/nodyhub/depricate-option-allow-symlink-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/a6204cf5b83cac1430fb575f48423e3bd2e8a3ac\"\u003e\u003ccode\u003ea6204cf\u003c/code\u003e\u003c/a\u003e depricate unused pack/unpack option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/82d53eadfab53add56dd3fc6a2141d65579c20b6\"\u003e\u003ccode\u003e82d53ea\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/72\"\u003e#72\u003c/a\u003e from hashicorp/add-codeowners\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/1030616226cb2437f1780d11cebbdacb5c8f2ae0\"\u003e\u003ccode\u003e1030616\u003c/code\u003e\u003c/a\u003e Add CODEOWNERS file in .github/CODEOWNERS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/6004eb1bc5144a120f3e780aeb63e1582b9b72d7\"\u003e\u003ccode\u003e6004eb1\u003c/code\u003e\u003c/a\u003e Pin action refs to latest trusted by TSCCR (\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/69\"\u003e#69\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/82b71b9ba81f90d84bb8bff8a2f6b6cda5bd46ad\"\u003e\u003ccode\u003e82b71b9\u003c/code\u003e\u003c/a\u003e sourcebundle: Fix panic when RegistryMeta and Packages aren't the same size (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/bb15d99c98c0941f30301a31ca39673a1f5bada0\"\u003e\u003ccode\u003ebb15d99\u003c/code\u003e\u003c/a\u003e Pin action refs to latest trusted by TSCCR (\u003ca href=\"https://redirect.github.com/hashicorp/go-slug/issues/66\"\u003e#66\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-slug/commit/18b3ddeef74292c53b2cc237a16a243ca2fc544d\"\u003e\u003ccode\u003e18b3dde\u003c/code\u003e\u003c/a\u003e sourcebundle: remove the option to append anything into a diagnostic that wil...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hashicorp/go-slug/compare/v0.8.1...v0.16.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/net` from 0.0.0-20220127200216-cd36cc0744dd to 0.21.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/net/commits/v0.21.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.0.0-20211104180415-d3ed0bb246c8 to 0.27.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/oauth2/commits/v0.27.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.3.7 to 0.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/9c2f3a21352d1ff4e47776534e3f334b39ec0183\"\u003e\u003ccode\u003e9c2f3a2\u003c/code\u003e\u003c/a\u003e cmd/gotext: fix segfault in extract \u0026amp; rewrite commands\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/59e1219a5f3786e7011dc4816d0dbb09fee91bc8\"\u003e\u003ccode\u003e59e1219\u003c/code\u003e\u003c/a\u003e message: optimize lookupAndFormat function for better performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/a20a3e249605cda389f7039e0fccaabf709c47b3\"\u003e\u003ccode\u003ea20a3e2\u003c/code\u003e\u003c/a\u003e x/text: update x/tools for go/ssa range-over-func fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/8d533a0c40adec778a7d09ac6c8aa640d3c883f4\"\u003e\u003ccode\u003e8d533a0\u003c/code\u003e\u003c/a\u003e encoding/charmap: update UCM spec file URL prefix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/6c97a165dd661335ff7bce6104a008558123c353\"\u003e\u003ccode\u003e6c97a16\u003c/code\u003e\u003c/a\u003e all: update go directive to 1.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f488e191e67ed95a5b9b7b39024e5a5f5f1ffd02\"\u003e\u003ccode\u003ef488e19\u003c/code\u003e\u003c/a\u003e unicode/norm: fix function name on comment\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/fb697c0580b4b6ab0a21ca17e64788b981fb6018\"\u003e\u003ccode\u003efb697c0\u003c/code\u003e\u003c/a\u003e cmd/gotext: actually use -dir flag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/f3e69ed4a8ab60c16ae76f4ddb08f2726b0a9428\"\u003e\u003ccode\u003ef3e69ed\u003c/code\u003e\u003c/a\u003e cmd/gotext: fix misbehaviors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/ab07ad1b65bc4cdc738e747f7569a3795d2e60ec\"\u003e\u003ccode\u003eab07ad1\u003c/code\u003e\u003c/a\u003e all: remove repetitive words\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/e50348080f29449bcd6808c11400b3d45f08b09d\"\u003e\u003ccode\u003ee503480\u003c/code\u003e\u003c/a\u003e encoding/japanese, language: shorten very long sub-test names\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/text/compare/v0.3.7...v0.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/protobuf` from 1.27.1 to 1.33.0\n\nUpdates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker` from 20.10.12+incompatible to 28.0.0+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/docker/releases\"\u003egithub.com/docker/docker's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev28.0.0\u003c/h2\u003e\n\u003ch1\u003e28.0.0\u003c/h1\u003e\n\u003cp\u003eFor a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.0.0\"\u003edocker/cli, 28.0.0 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.0.0\"\u003emoby/moby, 28.0.0 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecated and removed features, see \u003ca href=\"https://github.com/docker/cli/blob/v28.0.0/docs/deprecated.md\"\u003eDeprecated Features\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eChanges to the Engine API, see \u003ca href=\"https://github.com/moby/moby/blob/v28.0.0/docs/api/version-history.md\"\u003eAPI version history\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ability to mount an image inside a container via \u003ccode\u003e--mount type=image\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48798\"\u003emoby/moby#48798\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eYou can also specify \u003ccode\u003e--mount type=image,image-subpath=[subpath],...\u003c/code\u003e option to mount a specific path from the image. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5755\"\u003edocker/cli#5755\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker images --tree\u003c/code\u003e now shows metadata badges. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5744\"\u003edocker/cli#5744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker load\u003c/code\u003e, \u003ccode\u003edocker save\u003c/code\u003e, and \u003ccode\u003edocker history\u003c/code\u003e now support a \u003ccode\u003e--platform\u003c/code\u003e flag allowing you to choose a specific platform for single-platform operations on multi-platform images. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5331\"\u003edocker/cli#5331\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eOOMScoreAdj\u003c/code\u003e to \u003ccode\u003edocker service create\u003c/code\u003e and \u003ccode\u003edocker stack\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5145\"\u003edocker/cli#5145\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edocker buildx prune\u003c/code\u003e now supports \u003ccode\u003ereserved-space\u003c/code\u003e, \u003ccode\u003emax-used-space\u003c/code\u003e, \u003ccode\u003emin-free-space\u003c/code\u003e and \u003ccode\u003ekeep-bytes\u003c/code\u003e filters. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48720\"\u003emoby/moby#48720\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWindows: Add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47955\"\u003emoby/moby#47955\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNetworking\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003edocker-proxy\u003c/code\u003e binary has been updated, older versions will not work with the updated \u003ccode\u003edockerd\u003c/code\u003e. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48132\"\u003emoby/moby#48132\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eClose a window in which the userland proxy (\u003ccode\u003edocker-proxy\u003c/code\u003e) could accept TCP connections, that would then fail after \u003ccode\u003eiptables\u003c/code\u003e NAT rules were set up.\u003c/li\u003e\n\u003cli\u003eThe executable \u003ccode\u003erootlesskit-docker-proxy\u003c/code\u003e is no longer used, it has been removed from the build and distribution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eDNS nameservers read from the host's \u003ccode\u003e/etc/resolv.conf\u003c/code\u003e are now always accessed from the host's network namespace. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48290\"\u003emoby/moby#48290\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eWhen the host's \u003ccode\u003e/etc/resolv.conf\u003c/code\u003e contains no nameservers and there are no \u003ccode\u003e--dns\u003c/code\u003e overrides, Google's DNS servers are no longer used, apart from by the default bridge network and in build containers.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eContainer interfaces in bridge and macvlan networks now use randomly generated MAC addresses. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48808\"\u003emoby/moby#48808\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eGratuitous ARP / Neighbour Advertisement messages will be sent when the interfaces are started so that, when IP addresses are reused, they're associated with the newly generated MAC address.\u003c/li\u003e\n\u003cli\u003eIPv6 addresses in the default bridge network are now IPAM-assigned, rather than being derived from the MAC address.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eThe deprecated OCI \u003ccode\u003eprestart\u003c/code\u003e hook is now only used by build containers. For other containers, network interfaces are added to the network namespace after task creation is complete, before the container task is started. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47406\"\u003emoby/moby#47406\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a new \u003ccode\u003egw-priority\u003c/code\u003e option to \u003ccode\u003edocker run\u003c/code\u003e, \u003ccode\u003edocker container create\u003c/code\u003e, and \u003ccode\u003edocker network connect\u003c/code\u003e. This option will be used by the Engine to determine which network provides the default gateway for a container. On \u003ccode\u003edocker run\u003c/code\u003e, this option is only available through the extended \u003ccode\u003e--network\u003c/code\u003e syntax. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5664\"\u003edocker/cli#5664\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a new netlabel \u003ccode\u003ecom.docker.network.endpoint.ifname\u003c/code\u003e to customize the interface name used when connecting a container to a network. It's supported by all built-in network drivers on Linux. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49155\"\u003emoby/moby#49155\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eWhen a container is created with multiple networks specified, there's no guarantee on the order networks will be connected to the container. So, if a custom interface name uses the same prefix as the auto-generated names, for example \u003ccode\u003eeth\u003c/code\u003e, the container might fail to start.\u003c/li\u003e\n\u003cli\u003eThe recommended practice is to use a different prefix, for example \u003ccode\u003een0\u003c/code\u003e, or a numerical suffix high enough to never collide, for example \u003ccode\u003eeth100\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThis label can be specified on \u003ccode\u003edocker network connect\u003c/code\u003e via the \u003ccode\u003e--driver-opt\u003c/code\u003e flag, for example \u003ccode\u003edocker network connect --driver-opt=com.docker.network.endpoint.ifname=foobar …\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eOr via the long-form \u003ccode\u003e--network\u003c/code\u003e flag on \u003ccode\u003edocker run\u003c/code\u003e, for example \u003ccode\u003edocker run --network=name=bridge,driver-opt=com.docker.network.endpoint.ifname=foobar …\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eIf a custom network driver reports capability \u003ccode\u003eGwAllocChecker\u003c/code\u003e then, before a network is created, it will get a \u003ccode\u003eGwAllocCheckerRequest\u003c/code\u003e with the network's options. The custom driver may then reply that no gateway IP address should be allocated. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49372\"\u003emoby/moby#49372\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePort publishing in bridge networks\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003edockerd\u003c/code\u003e now requires \u003ccode\u003eipset\u003c/code\u003e support in the Linux kernel. \u003ca href=\"https://redirect.github.com/moby/moby/pull/48596\"\u003emoby/moby#48596\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eiptables\u003c/code\u003e and \u003ccode\u003eip6tables\u003c/code\u003e rules used to implement port publishing and network isolation have been extensively modified. This enables some of the following functional changes, and is a first step in refactoring to enable native \u003ccode\u003enftables\u003c/code\u003e support in a future release. \u003ca href=\"https://redirect.github.com/moby/moby/issues/48815\"\u003emoby/moby#48815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf it becomes necessary to downgrade to an earlier version of the daemon, some manual cleanup of the new rules will be necessary. The simplest and surest approach is to reboot the host, or use \u003ccode\u003eiptables -F\u003c/code\u003e and \u003ccode\u003eip6tables -F\u003c/code\u003e to flush all existing \u003ccode\u003eiptables\u003c/code\u003e rules from the \u003ccode\u003efilter\u003c/code\u003e table before starting the older version of the daemon. When that is not possible, run the following commands as root:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eiptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eiptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -j DOCKER; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -j DOCKER\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eIf you were previously running with the iptables filter-FORWARD policy set to \u003ccode\u003eACCEPT\u003c/code\u003e and need to restore access to unpublished ports, also delete per-bridge-network rules from the \u003ccode\u003eDOCKER\u003c/code\u003e chains. For example, \u003ccode\u003eiptables -D DOCKER ! -i docker0 -o docker0 -j DROP\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eFix a security issue that was allowing remote hosts to connect directly to a container on its published ports. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49325\"\u003emoby/moby#49325\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a security issue that was allowing neighbor hosts to connect to ports mapped on a loopback address. \u003ca href=\"https://redirect.github.com/moby/moby/pull/49325\"\u003emoby/moby#49325\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/af898abe44662d9554fb15ee4d4a7307f1b8e315\"\u003e\u003ccode\u003eaf898ab\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49495\"\u003e#49495\u003c/a\u003e from vvoland/update-buildkit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/d67f035d31bab71be3ae7dcaacba41f5a98aad11\"\u003e\u003ccode\u003ed67f035\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/buildkit v0.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/00ab386b5a2ebcf85b6a03b800f593c3a140c6a8\"\u003e\u003ccode\u003e00ab386\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49491\"\u003e#49491\u003c/a\u003e from vvoland/update-buildkit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/1fde8c46159cb41f584c01551f83cc21ecf924d9\"\u003e\u003ccode\u003e1fde8c4\u003c/code\u003e\u003c/a\u003e builder-next: fix cdi manager\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/cde9f0752e9c9f63b459e0247ff7df0b35488af3\"\u003e\u003ccode\u003ecde9f07\u003c/code\u003e\u003c/a\u003e vendor: github.com/moby/buildkit v0.20.0-rc3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/89e1429b65f194b25fe2e31088a4c4e69a651a47\"\u003e\u003ccode\u003e89e1429\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49490\"\u003e#49490\u003c/a\u003e from thaJeztah/dockerfile_linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/b2b55903d0bb54e11bfe22204c1e0b73627943eb\"\u003e\u003ccode\u003eb2b5590\u003c/code\u003e\u003c/a\u003e Dockerfile: fix linting warnings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/62bc5979908f152a8929ce44927cbdd929bf53ea\"\u003e\u003ccode\u003e62bc597\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49480\"\u003e#49480\u003c/a\u003e from thaJeztah/docs_api_1.48\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/670cd81423932b3e9103f0893c5d5e63a079ae58\"\u003e\u003ccode\u003e670cd81\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/49485\"\u003e#49485\u003c/a\u003e from vvoland/c8d-list-panic\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/a3628f3f8e806ede250e2c95f6757070c9fb56e4\"\u003e\u003ccode\u003ea3628f3\u003c/code\u003e\u003c/a\u003e docs/api: add documentation for API v1.48\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker/compare/v20.10.12...v28.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/hashicorp/go-retryablehttp` from 0.7.1 to 0.7.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md\"\u003egithub.com/hashicorp/go-retryablehttp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.7.7 (May 30, 2024)\u003c/h2\u003e\n\u003cp\u003eBUG FIXES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: avoid potentially leaking URL-embedded basic authentication credentials in logs (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.7.6 (May 9, 2024)\u003c/h2\u003e\n\u003cp\u003eENHANCEMENTS:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: support a \u003ccode\u003eRetryPrepare\u003c/code\u003e function for modifying the request before retrying (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/216\"\u003e#216\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: support HTTP-date values for \u003ccode\u003eRetry-After\u003c/code\u003e header value (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: avoid reading entire body when the body is a \u003ccode\u003e*bytes.Reader\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/197\"\u003e#197\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eBUG FIXES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: fix a broken check for invalid server certificate in go 1.20+ (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/210\"\u003e#210\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.7.5 (Nov 8, 2023)\u003c/h2\u003e\n\u003cp\u003eBUG FIXES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: fixes an issue where the request body is not preserved on temporary redirects or re-established HTTP/2 connections (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/207\"\u003e#207\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.7.4 (Jun 6, 2023)\u003c/h2\u003e\n\u003cp\u003eBUG FIXES:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eclient: fixing an issue where the Content-Type header wouldn't be sent with an empty payload when using HTTP/2 (\u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/194\"\u003e#194\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.7.3 (May 15, 2023)\u003c/h2\u003e\n\u003cp\u003eInitial release\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/1542b31176d3973a6ecbc06c05a2d0df89b59afb\"\u003e\u003ccode\u003e1542b31\u003c/code\u003e\u003c/a\u003e v0.7.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/defb9f441dcf67a2a56fae733482836ea83349ac\"\u003e\u003ccode\u003edefb9f4\u003c/code\u003e\u003c/a\u003e v0.7.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a\"\u003e\u003ccode\u003ea99f07b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/158\"\u003e#158\u003c/a\u003e from dany74q/danny/redacted-url-in-logs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/8a28c574da4098c0612fe1c7135f1f6de113d411\"\u003e\u003ccode\u003e8a28c57\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into danny/redacted-url-in-logs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/86e852df43aa0d94150c4629d74e5116d1ff3348\"\u003e\u003ccode\u003e86e852d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/227\"\u003e#227\u003c/a\u003e from hashicorp/dependabot/github_actions/actions/chec...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/47fe99e6460cddc5f433aad2b54dcf32281f8a53\"\u003e\u003ccode\u003e47fe99e\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 4.1.5 to 4.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/490fc06be0931548d3523a4245d15e9dc5d9214d\"\u003e\u003ccode\u003e490fc06\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/226\"\u003e#226\u003c/a\u003e from testwill/ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/f3e9417dbfcd0dc2b4a02a1dfdeb75f1e636b692\"\u003e\u003ccode\u003ef3e9417\u003c/code\u003e\u003c/a\u003e chore: remove refs to deprecated io/ioutil\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/d969eaa9c97860482749df718a35b4a269361055\"\u003e\u003ccode\u003ed969eaa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/hashicorp/go-retryablehttp/issues/225\"\u003e#225\u003c/a\u003e from hashicorp/manicminer-patch-2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hashicorp/go-retryablehttp/commit/2ad8ed4a1d9e632284f6937e91b2f9a1d30e8298\"\u003e\u003ccode\u003e2ad8ed4\u003c/code\u003e\u003c/a\u003e v0.7.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/hashicorp/go-retryablehttp/compare/v0.7.1...v0.7.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/prometheus/client_golang` from 1.11.0 to 1.11.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/releases\"\u003egithub.com/prometheus/client_golang's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.11.1 / 2022-02-15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[SECURITY FIX] promhttp: Check validity of method and code label values \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/987\"\u003eprometheus/client_golang#987\u003c/a\u003e (Addressed \u003ca href=\"https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p\"\u003e\u003ccode\u003eCVE-2022-21698\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epromhttp: Check validity of method and code label values by \u003ca href=\"https://github.com/bwplotka\"\u003e\u003ccode\u003e@​bwplotka\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/kakkoyun\"\u003e\u003ccode\u003e@​kakkoyun\u003c/code\u003e\u003c/a\u003e in  \u003ca href=\"https://redirect.github.com/prometheus/client_golang/pull/987\"\u003eprometheus/client_golang#987\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1\"\u003ehttps://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md\"\u003egithub.com/prometheus/client_golang's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch2\u003e1.23.0 / 2025-07-30\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[CHANGE] Minimum required Go version is now 1.23, only the two latest Go versions are supported from now on. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1812\"\u003e#1812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add WrapCollectorWith and WrapCollectorWithPrefix \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1766\"\u003e#1766\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] Add exemplars for native histograms \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1686\"\u003e#1686\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] exp/api: Bubble up status code from writeResponse \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1823\"\u003e#1823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] collector/go: Update runtime metrics for Go v1.23 and v1.24 \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1833\"\u003e#1833\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] exp/api: client prompt return on context cancellation \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1729\"\u003e#1729\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.22.0 / 2025-04-07\u003c/h2\u003e\n\u003cp\u003e:warning: This release contains potential breaking change if you use experimental \u003ccode\u003ezstd\u003c/code\u003e support introduce in \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1496\"\u003e#1496\u003c/a\u003e :warning:\u003c/p\u003e\n\u003cp\u003eExperimental support for \u003ccode\u003ezstd\u003c/code\u003e on scrape was added, controlled by the request \u003ccode\u003eAccept-Encoding\u003c/code\u003e header.\nIt was enabled by default since version 1.20, but now you need to add a blank import to enable it.\nThe decision to make it opt-in by default was originally made because the Go standard library was expected to have default zstd support added soon,\n\u003ca href=\"https://redirect.github.com/golang/go/issues/62513\"\u003egolang/go#62513\u003c/a\u003e however, the work took longer than anticipated and it will be postponed to upcoming major Go versions.\u003c/p\u003e\n\u003cp\u003ee.g.:\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cpre lang=\"go\"\u003e\u003ccode\u003eimport (\n  _ \u0026quot;github.com/prometheus/client_golang/prometheus/promhttp/zstd\u0026quot;\n)\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cul\u003e\n\u003cli\u003e[FEATURE] prometheus: Add new CollectorFunc utility \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1724\"\u003e#1724\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Minimum required Go version is now 1.22 (we also test client_golang against latest go version - 1.24) \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1738\"\u003e#1738\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[FEATURE] api: \u003ccode\u003eWithLookbackDelta\u003c/code\u003e and \u003ccode\u003eWithStats\u003c/code\u003e options have been added to API client. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1743\"\u003e#1743\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] :warning: promhttp: Isolate zstd support and klauspost/compress library use to promhttp/zstd package. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1765\"\u003e#1765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.1 / 2025-03-04\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] prometheus: Revert of \u003ccode\u003eInc\u003c/code\u003e, \u003ccode\u003eAdd\u003c/code\u003e and \u003ccode\u003eObserve\u003c/code\u003e cumulative metric CAS optimizations (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1661\"\u003e#1661\u003c/a\u003e), causing regressions on low contention cases.\u003c/li\u003e\n\u003cli\u003e[BUGFIX] prometheus: Fix GOOS=ios build, broken due to process_collector_* wrong build tags.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.21.0 / 2025-02-17\u003c/h2\u003e\n\u003cp\u003e:warning: This release contains potential breaking change if you upgrade \u003ccode\u003egithub.com/prometheus/common\u003c/code\u003e to 0.62+ together with client_golang. :warning:\u003c/p\u003e\n\u003cp\u003eNew common version \u003ca href=\"https://redirect.github.com/prometheus/common/pull/724\"\u003echanges \u003ccode\u003emodel.NameValidationScheme\u003c/code\u003e global variable\u003c/a\u003e, which relaxes the validation of label names and metric name, allowing all UTF-8 characters. Typically, this should not break any user, unless your test or usage expects strict certain names to panic/fail on client_golang metric registration, gathering or scrape. In case of problems change \u003ccode\u003emodel.NameValidationScheme\u003c/code\u003e to old \u003ccode\u003emodel.LegacyValidation\u003c/code\u003e value in your project \u003ccode\u003einit\u003c/code\u003e function.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e[BUGFIX] gocollector: Fix help message for runtime/metric metrics. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1583\"\u003e#1583\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[BUGFIX] prometheus: Fix \u003ccode\u003eDesc.String()\u003c/code\u003e method for no labels case. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1687\"\u003e#1687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] prometheus: Optimize popular \u003ccode\u003eprometheus.BuildFQName\u003c/code\u003e function; now up to 30% faster. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1665\"\u003e#1665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[ENHANCEMENT] prometheus: Optimize \u003ccode\u003eInc\u003c/code\u003e, \u003ccode\u003eAdd\u003c/code\u003e and \u003ccode\u003eObserve\u003c/code\u003e cumulative metrics; now up to 50% faster under high concurrent contention. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1661\"\u003e#1661\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Upgrade prometheus/common to 0.62.0 which changes \u003ccode\u003emodel.NameValidationScheme\u003c/code\u003e global variable. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1712\"\u003e#1712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[CHANGE] Add support for Go 1.23. \u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/1602\"\u003e#1602\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prometheus/client_golang/commit/989baa30fe956631907493ccee1f8e7708660d96\"\u003e\u003ccode\u003e989baa3\u003c/code\u003e\u003c/a\u003e promhttp: Check validity of method and code label values (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/962\"\u003e#962\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/prometheus/client_golang/issues/987\"\u003e#987\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/prometheus/client_golang/compare/v1.11.0...v1.11.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/crypto` from 0.0.0-20211117183948-ae814b36b871 to 0.24.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/crypto/commits/v0.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/spring-financial-group/helmfile/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/spring-financial-group/helmfile/pull/33","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/spring-financial-group%2Fhelmfile/issues/33","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/33/packages"}},{"old_version":"2.8.1+incompatible","new_version":"2.8.2+incompatible","update_type":"patch","path":null,"pr_created_at":"2025-08-08T13:47:13.000Z","version_change":"2.8.1+incompatible → 2.8.2+incompatible","issue":{"uuid":"2730838209","node_id":"PR_kwDOFO1xFM6ixUjB","number":229,"state":"closed","title":"Bump the go_modules group with 4 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":"2025-09-05T17:52:23.000Z","author_association":"NONE","state_reason":null,"created_at":"2025-08-08T13:47:13.000Z","updated_at":"2025-09-05T17:52:23.000Z","time_to_close":2433910,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"go_modules","update_count":4,"packages":[{"name":"golang.org/x/net","old_version":"0.34.0","new_version":"0.38.0","repository_url":"https://github.com/golang/net"},{"name":"github.com/cloudflare/circl","old_version":"1.3.7","new_version":"1.6.1","repository_url":"https://github.com/cloudflare/circl"},{"name":"github.com/docker/distribution","old_version":"2.8.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"golang.org/x/oauth2","old_version":"0.25.0","new_version":"0.27.0","repository_url":"https://github.com/golang/oauth2"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 4 updates: [golang.org/x/net](https://github.com/golang/net), [github.com/cloudflare/circl](https://github.com/cloudflare/circl), [github.com/docker/distribution](https://github.com/docker/distribution) and [golang.org/x/oauth2](https://github.com/golang/oauth2).\n\nUpdates `golang.org/x/net` from 0.34.0 to 0.38.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9\"\u003e\u003ccode\u003ee1fcd82\u003c/code\u003e\u003c/a\u003e html: properly handle trailing solidus in unquoted attribute value in foreign...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/ebed060e8f30f20235f74808c22125fd86b15edd\"\u003e\u003ccode\u003eebed060\u003c/code\u003e\u003c/a\u003e internal/http3: fix build of tests with GOEXPERIMENT=nosynctest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/1f1fa29e0a46fffe18c43a9da8daa5a0b180dfa9\"\u003e\u003ccode\u003e1f1fa29\u003c/code\u003e\u003c/a\u003e publicsuffix: regenerate table\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/12150816f701c912a32a376754ab28dd3878833a\"\u003e\u003ccode\u003e1215081\u003c/code\u003e\u003c/a\u003e http2: improve error when server sends HTTP/1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/312450e473eae9f9e6173ad895c80bc5ea2f79ad\"\u003e\u003ccode\u003e312450e\u003c/code\u003e\u003c/a\u003e html: ensure \u0026lt;search\u0026gt; tag closes \u0026lt;p\u0026gt; and update tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/09731f9bf919b00b344c763894cd1920b3d96d90\"\u003e\u003ccode\u003e09731f9\u003c/code\u003e\u003c/a\u003e http2: improve handling of lost PING in Server\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/55989e24b972a90ab99308fdc7ea1fb58a96fef1\"\u003e\u003ccode\u003e55989e2\u003c/code\u003e\u003c/a\u003e http2/h2c: use ResponseController for hijacking connections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/2914f46773171f4fa13e276df1135bafef677801\"\u003e\u003ccode\u003e2914f46\u003c/code\u003e\u003c/a\u003e websocket: re-recommend gorilla/websocket\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/99b3ae0643f9a2f9d820fcbba5f9e4c83b23bd48\"\u003e\u003ccode\u003e99b3ae0\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/net/commit/85d1d54551b68719346cb9fec24b911da4e452a1\"\u003e\u003ccode\u003e85d1d54\u003c/code\u003e\u003c/a\u003e go.mod: update golang.org/x dependencies\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/net/compare/v0.34.0...v0.38.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/cloudflare/circl` from 1.3.7 to 1.6.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cloudflare/circl/releases\"\u003egithub.com/cloudflare/circl's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eCIRCL v1.6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixes some point checks on the FourQ curve.\u003c/li\u003e\n\u003cli\u003eHybrid KEM fails on low-order points.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ekem/hybrid: ensure X25519 hybrids fails with low order points by \u003ca href=\"https://github.com/Lekensteyn\"\u003e\u003ccode\u003e@​Lekensteyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/541\"\u003ecloudflare/circl#541\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e.github: Use native ARM64 builders instead of QEMU by \u003ca href=\"https://github.com/Lekensteyn\"\u003e\u003ccode\u003e@​Lekensteyn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/542\"\u003ecloudflare/circl#542\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixes several errors on twisted Edwards curves. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/545\"\u003ecloudflare/circl#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease v1.6.1 by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/546\"\u003ecloudflare/circl#546\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\"\u003ehttps://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eCIRCL v1.6.0\u003c/h2\u003e\n\u003ch3\u003eNew!\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/blob/main/vdaf/prio3\"\u003ePrio3\u003c/a\u003e Verifiable Distributed Aggregation Function (\u003ca href=\"https://datatracker.ietf.org/doc/draft-irtf-cfrg-vdaf/\"\u003edraft-irtf-cfrg-vdaf\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/blob/main/kem/xwing\"\u003eX-Wing\u003c/a\u003e: general-purpose hybrid post-quantum KEM (\u003ca href=\"https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/\"\u003edraft-connolly-cfrg-xwing-kem\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd OIDs to ML-DSA by \u003ca href=\"https://github.com/bwesterb\"\u003e\u003ccode\u003e@​bwesterb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/519\"\u003ecloudflare/circl#519\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdds Prio3 a set of verifiable distributed aggregation functions. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/522\"\u003ecloudflare/circl#522\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRun semgrep cronjob only in upstream repository. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/526\"\u003ecloudflare/circl#526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eX-Wing PQ/T hybrid by \u003ca href=\"https://github.com/bwesterb\"\u003e\u003ccode\u003e@​bwesterb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/471\"\u003ecloudflare/circl#471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eckem: move crypto/elliptic to crypto/ecdh by \u003ca href=\"https://github.com/MingLLuo\"\u003e\u003ccode\u003e@​MingLLuo\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/529\"\u003ecloudflare/circl#529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ehpke: Update HPKE code to use ecdh stdlib package. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/530\"\u003ecloudflare/circl#530\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprio3: Adds polynomial multiplication using NTT by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/532\"\u003ecloudflare/circl#532\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Prio3 in readme. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/527\"\u003ecloudflare/circl#527\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/MingLLuo\"\u003e\u003ccode\u003e@​MingLLuo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/529\"\u003ecloudflare/circl#529\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.5.0...v1.6.0\"\u003ehttps://github.com/cloudflare/circl/compare/v1.5.0...v1.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch1\u003eCIRCL v1.5.0\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNew:\u003c/strong\u003e ML-DSA, Module-Lattice-based Digital Signature Algorithm.\u003c/p\u003e\n\u003ch3\u003eWhat's Changed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ekem: add X25519MLKEM768 TLS hybrid KEM by \u003ca href=\"https://github.com/bwesterb\"\u003e\u003ccode\u003e@​bwesterb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/510\"\u003ecloudflare/circl#510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCreate semgrep.yml by \u003ca href=\"https://github.com/hrushikeshdeshpande\"\u003e\u003ccode\u003e@​hrushikeshdeshpande\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/514\"\u003ecloudflare/circl#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erepo: Some fixes reported by CodeQL by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/515\"\u003ecloudflare/circl#515\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd ML-DSA (FIPS204) by \u003ca href=\"https://github.com/bwesterb\"\u003e\u003ccode\u003e@​bwesterb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/480\"\u003ecloudflare/circl#480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esign/mldsa: Add test for ML-DSA signature verification. by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/517\"\u003ecloudflare/circl#517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease v1.5.0 by \u003ca href=\"https://github.com/armfazh\"\u003e\u003ccode\u003e@​armfazh\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/518\"\u003ecloudflare/circl#518\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eNew Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hrushikeshdeshpande\"\u003e\u003ccode\u003e@​hrushikeshdeshpande\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/cloudflare/circl/pull/514\"\u003ecloudflare/circl#514\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.4.0...v1.5.0\"\u003ehttps://github.com/cloudflare/circl/compare/v1.4.0...v1.5.0\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/c6d33e35234ebf5c4319d12ae7d77d7d17053e56\"\u003e\u003ccode\u003ec6d33e3\u003c/code\u003e\u003c/a\u003e Release v1.6.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/0c3868ef6fc8ce864bc4104863186afdd2947f14\"\u003e\u003ccode\u003e0c3868e\u003c/code\u003e\u003c/a\u003e curve4q: Shared must fail with low order points.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/9fd570dd508eef941d3f42fb94413a899b96d52e\"\u003e\u003ccode\u003e9fd570d\u003c/code\u003e\u003c/a\u003e curve4q: Test showing DH does not fails on identity point.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/c988ceba827fe09896e770c152646dded447903d\"\u003e\u003ccode\u003ec988ceb\u003c/code\u003e\u003c/a\u003e fourq: Correctly unmarshalling point.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/ef2611dcde7f6d25e31082412bbb30f2a870d133\"\u003e\u003ccode\u003eef2611d\u003c/code\u003e\u003c/a\u003e fourq: Test showing point unmarshal fails.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/05eba44d1a35f979c5f3ac914bcc50c1122e8ced\"\u003e\u003ccode\u003e05eba44\u003c/code\u003e\u003c/a\u003e fourq: Handle the case of Z=0 for IsOnCurve and IsEqual.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/eef08780cc3cb9befa20014e65f731391103be6b\"\u003e\u003ccode\u003eeef0878\u003c/code\u003e\u003c/a\u003e fourq: Test showing isEqual and IsOnCurve fail.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/2298474ef688938e4a81ca14990b9a11a8677e2a\"\u003e\u003ccode\u003e2298474\u003c/code\u003e\u003c/a\u003e goldilocks; Handling points with z=0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/5a940a111507232035d0b753fbf3068c52d6b8ac\"\u003e\u003ccode\u003e5a940a1\u003c/code\u003e\u003c/a\u003e goldilocks: Test for IsEqual must fail with Z=0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cloudflare/circl/commit/48c3b6a2746a18db4d8b675ab296980514359340\"\u003e\u003ccode\u003e48c3b6a\u003c/code\u003e\u003c/a\u003e ed25519: Fix isEqual to handle points with Z=0.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cloudflare/circl/compare/v1.3.7...v1.6.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/distribution` from 2.8.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/oauth2` from 0.25.0 to 0.27.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/681b4d8edca1bcfea5bce685d77ea7b82ed3e7b3\"\u003e\u003ccode\u003e681b4d8\u003c/code\u003e\u003c/a\u003e jws: split token into fixed number of parts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/3f78298beea38fb76a3fbca33e3056f4b7eb5502\"\u003e\u003ccode\u003e3f78298\u003c/code\u003e\u003c/a\u003e all: upgrade go directive to at least 1.23.0 [generated]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/109dabf9017129171d1807e485ca5633ecd095ac\"\u003e\u003ccode\u003e109dabf\u003c/code\u003e\u003c/a\u003e endpoints: add links/provider for Discord\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/ac571fa341c2a2b979d2b2c8341fd24767ef5d47\"\u003e\u003ccode\u003eac571fa\u003c/code\u003e\u003c/a\u003e oauth2: fix docs for Config.DeviceAuth\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/314ee5b92bf23c4973aa8e61eba3ff458e80eef2\"\u003e\u003ccode\u003e314ee5b\u003c/code\u003e\u003c/a\u003e endpoints: add patreon endpoint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/oauth2/commit/b9c813be7d0ec3262d46deb8677ba5cda93d95ec\"\u003e\u003ccode\u003eb9c813b\u003c/code\u003e\u003c/a\u003e google: add warning about externally-provided credentials\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/golang/oauth2/compare/v0.25.0...v0.27.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nullstone-io/nullstone/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/nullstone-io/nullstone/pull/229","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/nullstone-io%2Fnullstone/issues/229","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/229/packages"}},{"old_version":"2.8.1+incompatible","new_version":"2.8.2+incompatible","update_type":"patch","path":"the go_modules group","pr_created_at":"2025-08-08T12:17:05.000Z","version_change":"2.8.1+incompatible → 2.8.2+incompatible","issue":{"uuid":"2730593256","node_id":"PR_kwDOHp13GM6iwYvo","number":56,"state":"open","title":"Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible in the go_modules group","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-08-08T12:17:05.000Z","updated_at":"2025-08-08T12:17:06.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/docker/distribution","old_version":"2.8.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"}],"path":"the go_modules group","ecosystem":"go"},"body":"Bumps the go_modules group with 1 update: [github.com/docker/distribution](https://github.com/docker/distribution).\n\nUpdates `github.com/docker/distribution` from 2.8.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.8.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution\u0026package-manager=go_modules\u0026previous-version=2.8.1+incompatible\u0026new-version=2.8.2+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nullstone-io/deployment-sdk/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/nullstone-io/deployment-sdk/pull/56","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/nullstone-io%2Fdeployment-sdk/issues/56","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/56/packages"}},{"old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","update_type":"minor","path":null,"pr_created_at":"2025-07-30T20:02:02.000Z","version_change":"2.7.1+incompatible → 2.8.2+incompatible","issue":{"uuid":"2708253080","node_id":"PR_kwDOONfVbM6hbKmY","number":3,"state":"open","title":"Bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.2+incompatible","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-07-30T20:02:02.000Z","updated_at":"2025-07-30T20:02:02.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"}],"path":null,"ecosystem":"go"},"body":"Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.7.1+incompatible to 2.8.2+incompatible.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution\u0026package-manager=go_modules\u0026previous-version=2.7.1+incompatible\u0026new-version=2.8.2+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AKJUS/loki/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/AKJUS/loki/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Floki/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","update_type":"minor","path":"/remediation-service","pr_created_at":"2025-07-29T20:13:37.000Z","version_change":"2.7.1+incompatible → 2.8.2+incompatible","issue":{"uuid":"2705210615","node_id":"PR_kwDODlrT586hPjz3","number":2,"state":"open","title":"Bump github.com/docker/distribution from 2.7.1+incompatible to 2.8.2+incompatible in /remediation-service","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-07-29T20:13:37.000Z","updated_at":"2025-07-29T20:13:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"}],"path":"/remediation-service","ecosystem":"go"},"body":"Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.7.1+incompatible to 2.8.2+incompatible.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution\u0026package-manager=go_modules\u0026previous-version=2.7.1+incompatible\u0026new-version=2.8.2+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/SVilgelm/keptn/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/SVilgelm/keptn/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SVilgelm%2Fkeptn/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","update_type":"minor","path":null,"pr_created_at":"2025-07-29T20:13:28.000Z","version_change":"2.7.1+incompatible → 2.8.2+incompatible","issue":{"uuid":"2705210247","node_id":"PR_kwDOH4HH986hPjuH","number":1,"state":"open","title":"build(deps): bump the go_modules group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","go"],"assignees":[],"locked":false,"comments_count":0,"pull_request":true,"closed_at":null,"author_association":"NONE","state_reason":null,"created_at":"2025-07-29T20:13:28.000Z","updated_at":"2025-07-29T20:13:29.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"go_modules","update_count":6,"packages":[{"name":"github.com/vektah/gqlparser/v2","old_version":"2.4.6","new_version":"2.5.15","repository_url":"https://github.com/vektah/gqlparser"},{"name":"google.golang.org/grpc","old_version":"1.48.0","new_version":"1.56.3","repository_url":"https://github.com/grpc/grpc-go"},{"name":"github.com/docker/distribution","old_version":"2.7.1+incompatible","new_version":"2.8.2+incompatible","repository_url":"https://github.com/docker/distribution"},{"name":"github.com/docker/docker","old_version":"20.10.17+incompatible","new_version":"26.1.5+incompatible","repository_url":"https://github.com/docker/docker"},{"name":"golang.org/x/text","old_version":"0.3.7","new_version":"0.9.0"},{"name":"google.golang.org/protobuf","old_version":"1.28.1","new_version":"1.30.0"}],"path":null,"ecosystem":"go"},"body":"Bumps the go_modules group with 4 updates in the / directory: [github.com/vektah/gqlparser/v2](https://github.com/vektah/gqlparser), [google.golang.org/grpc](https://github.com/grpc/grpc-go), [github.com/docker/distribution](https://github.com/docker/distribution) and [github.com/docker/docker](https://github.com/docker/docker).\n\nUpdates `github.com/vektah/gqlparser/v2` from 2.4.6 to 2.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vektah/gqlparser/releases\"\u003egithub.com/vektah/gqlparser/v2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.5.15\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert ParseSchema default token limit of 1500, add ParseSchemaWithLimit, ParseSchemasWithLimit by \u003ca href=\"https://github.com/StevenACoffman\"\u003e\u003ccode\u003e@​StevenACoffman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/306\"\u003evektah/gqlparser#306\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/vektah/gqlparser/compare/v2.5.14...v2.5.15\"\u003ehttps://github.com/vektah/gqlparser/compare/v2.5.14...v2.5.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.5.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ParseQueryWithLimit by \u003ca href=\"https://github.com/StevenACoffman\"\u003e\u003ccode\u003e@​StevenACoffman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/304\"\u003evektah/gqlparser#304\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/vektah/gqlparser/compare/v2.5.13...v2.5.14\"\u003ehttps://github.com/vektah/gqlparser/compare/v2.5.13...v2.5.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.5.13\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the actions-deps group in /validator/imported with 6 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/298\"\u003evektah/gqlparser#298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump prettier from 3.2.5 to 3.3.0 in /validator/imported in the actions-deps group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/299\"\u003evektah/gqlparser#299\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the actions-deps group in /validator/imported with 7 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/301\"\u003evektah/gqlparser#301\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in /validator/imported by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/302\"\u003evektah/gqlparser#302\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eToken limit fix CVE-2023-49559 by \u003ca href=\"https://github.com/uvzz\"\u003e\u003ccode\u003e@​uvzz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/291\"\u003evektah/gqlparser#291\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uvzz\"\u003e\u003ccode\u003e@​uvzz\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/291\"\u003evektah/gqlparser#291\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/vektah/gqlparser/compare/v2.5.12...v2.5.13\"\u003ehttps://github.com/vektah/gqlparser/compare/v2.5.12...v2.5.13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.5.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDisallow empty parens (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/292\"\u003e#292\u003c/a\u003e). by \u003ca href=\"https://github.com/yuchenshi\"\u003e\u003ccode\u003e@​yuchenshi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/293\"\u003evektah/gqlparser#293\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWithBuiltin FormatterOption added by \u003ca href=\"https://github.com/atzedus\"\u003e\u003ccode\u003e@​atzedus\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/294\"\u003evektah/gqlparser#294\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRedo github actions by \u003ca href=\"https://github.com/StevenACoffman\"\u003e\u003ccode\u003e@​StevenACoffman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/295\"\u003evektah/gqlparser#295\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump github.com/stretchr/testify from 1.4.0 to 1.9.0 in the actions-deps group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/296\"\u003evektah/gqlparser#296\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump the actions-deps group in /validator/imported with 8 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/297\"\u003evektah/gqlparser#297\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yuchenshi\"\u003e\u003ccode\u003e@​yuchenshi\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/293\"\u003evektah/gqlparser#293\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/vektah/gqlparser/compare/v2.5.11...v2.5.12\"\u003ehttps://github.com/vektah/gqlparser/compare/v2.5.11...v2.5.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.5.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump get-func-name from 2.0.0 to 2.0.2 in /validator/imported by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/284\"\u003evektah/gqlparser#284\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​babel/traverse\u003c/code\u003e from 7.22.6 to 7.23.2 in /validator/imported by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/285\"\u003evektah/gqlparser#285\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix description formatting (possible \u0026quot; character) by \u003ca href=\"https://github.com/blmhemu\"\u003e\u003ccode\u003e@​blmhemu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/289\"\u003evektah/gqlparser#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003egqlerror: implement List.Unwrap by \u003ca href=\"https://github.com/emersion\"\u003e\u003ccode\u003e@​emersion\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/290\"\u003evektah/gqlparser#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/blmhemu\"\u003e\u003ccode\u003e@​blmhemu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/289\"\u003evektah/gqlparser#289\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/emersion\"\u003e\u003ccode\u003e@​emersion\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/vektah/gqlparser/pull/290\"\u003evektah/gqlparser#290\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/55a3c47d27e03c2a995f0a20e3e059e75d3858d2\"\u003e\u003ccode\u003e55a3c47\u003c/code\u003e\u003c/a\u003e Revert ParseSchema default token limit of 1500, add ParseSchemaWithLimit, Par...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/36a3658873bf5a107f42488dfc392949cdd02977\"\u003e\u003ccode\u003e36a3658\u003c/code\u003e\u003c/a\u003e Add ParseQueryWithLimit (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/304\"\u003e#304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/d457fc08189db3b7bee997060cfcb01717cdbbec\"\u003e\u003ccode\u003ed457fc0\u003c/code\u003e\u003c/a\u003e Token limit fix CVE-2023-49559 (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/291\"\u003e#291\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/6db1bd39a01415cc19e47ef078bf15c5a7d3cd5f\"\u003e\u003ccode\u003e6db1bd3\u003c/code\u003e\u003c/a\u003e Bump braces from 3.0.2 to 3.0.3 in /validator/imported (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/302\"\u003e#302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/39004142c4d3e4afee047257162835819d9c4789\"\u003e\u003ccode\u003e3900414\u003c/code\u003e\u003c/a\u003e Bump the actions-deps group in /validator/imported with 7 updates (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/301\"\u003e#301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/7c770f6a27ba16dafaf92e18161615de92c73363\"\u003e\u003ccode\u003e7c770f6\u003c/code\u003e\u003c/a\u003e Bump prettier in /validator/imported in the actions-deps group (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/0ed49739e85d437cbc1cb91fb640c030d1e65338\"\u003e\u003ccode\u003e0ed4973\u003c/code\u003e\u003c/a\u003e Bump the actions-deps group in /validator/imported with 6 updates (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/298\"\u003e#298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/00fd36f5cfc7bbb5fad59678e4026c980326bc3b\"\u003e\u003ccode\u003e00fd36f\u003c/code\u003e\u003c/a\u003e Bump the actions-deps group in /validator/imported with 8 updates (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/297\"\u003e#297\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/9638a21e21cb32c1add5e2dc2a092575c0605e74\"\u003e\u003ccode\u003e9638a21\u003c/code\u003e\u003c/a\u003e Bump github.com/stretchr/testify in the actions-deps group (\u003ca href=\"https://redirect.github.com/vektah/gqlparser/issues/296\"\u003e#296\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vektah/gqlparser/commit/55ebe371e7d4a2d7fcb1cbcf444b661a77f1c3bb\"\u003e\u003ccode\u003e55ebe37\u003c/code\u003e\u003c/a\u003e Add Dependabot.yml\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vektah/gqlparser/compare/v2.4.6...v2.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/grpc` from 1.48.0 to 1.56.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-go/releases\"\u003egoogle.golang.org/grpc's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease 1.56.3\u003c/h2\u003e\n\u003ch1\u003eSecurity\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eserver: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)\u003c/p\u003e\n\u003cp\u003eIn addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.56.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003estatus: To fix a panic, \u003ccode\u003estatus.FromError\u003c/code\u003e now returns an error with \u003ccode\u003ecodes.Unknown\u003c/code\u003e when the error implements the \u003ccode\u003eGRPCStatus()\u003c/code\u003e method, and calling \u003ccode\u003eGRPCStatus()\u003c/code\u003e returns \u003ccode\u003enil\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6374\"\u003e#6374\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.56.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eclient: handle empty address lists correctly in addrConn.updateAddrs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.56.0\u003c/h2\u003e\n\u003ch1\u003eNew Features\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eclient: support channel idleness using \u003ccode\u003eWithIdleTimeout\u003c/code\u003e dial option (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6263\"\u003e#6263\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis feature is currently disabled by default, but will be enabled with a 30 minute default in the future.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eclient: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A62-pick-first.md\"\u003egRFC A62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6306\"\u003e#6306\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support for Custom LB Policies (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A52-xds-custom-lb-policies.md\"\u003egRFC A52\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6224\"\u003e#6224\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: support pick_first Custom LB policy (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A62-pick-first.md\"\u003egRFC A62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6314\"\u003e#6314\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6317\"\u003e#6317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eclient: add support for pickfirst address shuffling (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A62-pick-first.md\"\u003egRFC A62\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6311\"\u003e#6311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds: Add support for String Matcher Header Matcher in RDS (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6313\"\u003e#6313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds/outlierdetection: Add Channelz Logger to Outlier Detection LB (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6145\"\u003e#6145\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eSpecial Thanks: \u003ca href=\"https://github.com/s-matyukevich\"\u003e\u003ccode\u003e@​s-matyukevich\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003exds: enable RLS in xDS by default (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6343\"\u003e#6343\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eorca: add support for application_utilization field and missing range checks on several metrics setters\u003c/li\u003e\n\u003cli\u003ebalancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (\u003ca href=\"https://github.com/grpc/proposal/blob/master/A58-client-side-weighted-round-robin-lb-policy.md\"\u003egRFC A58\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6241\"\u003e#6241\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eauthz: add conversion of json to RBAC Audit Logging config (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6192\"\u003e#6192\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eauthz: add support for stdout logger (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6230\"\u003e#6230\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6298\"\u003e#6298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eauthz: support customizable audit functionality for authorization policy (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6192\"\u003e#6192\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6230\"\u003e#6230\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6298\"\u003e#6298\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6158\"\u003e#6158\u003c/a\u003e \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6304\"\u003e#6304\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6225\"\u003e#6225\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug Fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eorca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6245\"\u003e#6245\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6361\"\u003e#6361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003exds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6361\"\u003e#6361\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eAPI Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eorca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6223\"\u003e#6223\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.55.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003estatus: To fix a panic, \u003ccode\u003estatus.FromError\u003c/code\u003e now returns an error with \u003ccode\u003ecodes.Unknown\u003c/code\u003e when the error implements the \u003ccode\u003eGRPCStatus()\u003c/code\u003e method, and calling \u003ccode\u003eGRPCStatus()\u003c/code\u003e returns \u003ccode\u003enil\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6374\"\u003e#6374\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eRelease 1.55.0\u003c/h2\u003e\n\u003ch1\u003eBehavior Changes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003exds: enable federation support by default (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6151\"\u003e#6151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003estatus: \u003ccode\u003estatus.Code\u003c/code\u003e and \u003ccode\u003estatus.FromError\u003c/code\u003e handle wrapped errors (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6031\"\u003e#6031\u003c/a\u003e and \u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6150\"\u003e#6150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/1055b481ed2204a29d233286b9b50c42b63f8825\"\u003e\u003ccode\u003e1055b48\u003c/code\u003e\u003c/a\u003e Update version.go to 1.56.3 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6713\"\u003e#6713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/5efd7bd73e11fea58d1c7f1c110902e78a286299\"\u003e\u003ccode\u003e5efd7bd\u003c/code\u003e\u003c/a\u003e server: prohibit more than MaxConcurrentStreams handlers from running at once...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/bd1f038e7234580c2694e433bec5cd97e7b7f662\"\u003e\u003ccode\u003ebd1f038\u003c/code\u003e\u003c/a\u003e Upgrade version.go to 1.56.3-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6434\"\u003e#6434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/faab8736bf73291f92b867d5dae31c927d53d508\"\u003e\u003ccode\u003efaab873\u003c/code\u003e\u003c/a\u003e Update version.go to v1.56.2 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6432\"\u003e#6432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/6b0b291d79831b1c8caafceec268b82c92253f96\"\u003e\u003ccode\u003e6b0b291\u003c/code\u003e\u003c/a\u003e status: fix panic when servers return a wrapped error with status OK (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6374\"\u003e#6374\u003c/a\u003e) ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/ed56401aa514462d5371713b8ec5c889da33953c\"\u003e\u003ccode\u003eed56401\u003c/code\u003e\u003c/a\u003e [PSM interop] Don't fail target if sub-target already failed (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6390\"\u003e#6390\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6405\"\u003e#6405\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/cd6a794f0bdcf9a216e8f4d3c5717faf96d9fd78\"\u003e\u003ccode\u003ecd6a794\u003c/code\u003e\u003c/a\u003e Update version.go to v1.56.2-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6387\"\u003e#6387\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/5b67e5ea449ef0686a0c0b6de48cd4cb63e3db2a\"\u003e\u003ccode\u003e5b67e5e\u003c/code\u003e\u003c/a\u003e Update version.go to v1.56.1 (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6386\"\u003e#6386\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/d0f5150384a87f9fcac488a9c18727a55b7354c1\"\u003e\u003ccode\u003ed0f5150\u003c/code\u003e\u003c/a\u003e client: handle empty address lists correctly in addrConn.updateAddrs (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6354\"\u003e#6354\u003c/a\u003e) ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-go/commit/997c1ea101cc5d496d2b148388f1df49632a9171\"\u003e\u003ccode\u003e997c1ea\u003c/code\u003e\u003c/a\u003e Change version to 1.56.1-dev (\u003ca href=\"https://redirect.github.com/grpc/grpc-go/issues/6345\"\u003e#6345\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-go/compare/v1.48.0...v1.56.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/distribution` from 2.7.1+incompatible to 2.8.2+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/distribution/releases\"\u003egithub.com/docker/distribution's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRevert registry/client: set \u003ccode\u003eAccept: identity\u003c/code\u003e header when getting layers by \u003ca href=\"https://github.com/ndeloof\"\u003e\u003ccode\u003e@​ndeloof\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3783\"\u003edistribution/distribution#3783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eParse \u003ccode\u003ehttp\u003c/code\u003e forbidden as denied by \u003ca href=\"https://github.com/vvoland\"\u003e\u003ccode\u003e@​vvoland\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3914\"\u003edistribution/distribution#3914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2022-28391\"\u003eCVE-2022-28391\u003c/a\u003e by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003e#3650\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2023-2253\"\u003eCVE-2023-2253\u003c/a\u003e runaway allocation on /v2/_catalog  by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: fix filenames of artifacts by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3911\"\u003edistribution/distribution#3911\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.2-beta.1\u003c/h2\u003e\n\u003ch3\u003e\u003cstrong\u003eNOTE: This is a pre-release that does not contain any artifacts!\u003c/strong\u003e\u003c/h3\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix runaway allocation on /v2/_catalog by \u003ca href=\"https://github.com/josegomezr\"\u003e\u003ccode\u003e@​josegomezr\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54\"\u003e\u003ccode\u003e521ea3d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3650\"\u003edistribution/distribution#3650\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix panic in inmemory driver by \u003ca href=\"https://github.com/wy65701436\"\u003e\u003ccode\u003e@​wy65701436\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3815\"\u003edistribution/distribution#3815\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump up golang version (alternative) by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3903\"\u003edistribution/distribution#3903\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDockerfile: update xx to v1.2.1 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3907\"\u003edistribution/distribution#3907\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate to go1.19.9 by \u003ca href=\"https://github.com/thaJeztah\"\u003e\u003ccode\u003e@​thaJeztah\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3908\"\u003edistribution/distribution#3908\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd code to handle pagination of parts. Fixes max layer size of 10GB bug by \u003ca href=\"https://github.com/DavidSpek\"\u003e\u003ccode\u003e@​DavidSpek\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/distribution/distribution/pull/3893\"\u003edistribution/distribution#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\"\u003ehttps://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cp\u003eWelcome to the v2.8.1 release of registry!\u003c/p\u003e\n\u003cp\u003eThe 2.8.1 registry release fixes the Go module issues that have popped up in the v2.8.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/7c354a4b40feeea21d7eeae4de91c8ff7951e672\"\u003e\u003ccode\u003e7c354a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3915\"\u003e#3915\u003c/a\u003e from distribution/2.8.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/a173a9c625cdc84498580e4f486b36d4c9859065\"\u003e\u003ccode\u003ea173a9c\u003c/code\u003e\u003c/a\u003e Add v2.8.2 release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/4894d35ecc831b114d86cd3795573e5f4f306ea7\"\u003e\u003ccode\u003e4894d35\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3914\"\u003e#3914\u003c/a\u003e from vvoland/handle-forbidden-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/f067f66d3de1fd82d6bf139d15130ff59d3db7e1\"\u003e\u003ccode\u003ef067f66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3783\"\u003e#3783\u003c/a\u003e from ndeloof/accept-encoding-28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/483ad69da3e3fb9ac885962d50834ff8619733a2\"\u003e\u003ccode\u003e483ad69\u003c/code\u003e\u003c/a\u003e registry/errors: Parse http forbidden as denied\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/2b0f84df21e062bd0cc3676557c6bee4cbb9e9bc\"\u003e\u003ccode\u003e2b0f84d\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;registry/client: set Accept: identity header when getting layers\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/320d6a141f17d11c44f98fd975b2368705e27971\"\u003e\u003ccode\u003e320d6a1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3912\"\u003e#3912\u003c/a\u003e from distribution/2.8.2-beta.2-release-notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/5f3ca1b2fb6109705d729816e7260a6966d2b42d\"\u003e\u003ccode\u003e5f3ca1b\u003c/code\u003e\u003c/a\u003e Add release notes for 2.8.2-beta.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/cb840f63b3b27cce503aee5e3291750f3cd90c1c\"\u003e\u003ccode\u003ecb840f6\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/distribution/issues/3911\"\u003e#3911\u003c/a\u003e from thaJeztah/2.8_backport_fix_releaser_filenames\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/distribution/distribution/commit/e884644fff38a5bf601a2272f434ee2b01dd2b17\"\u003e\u003ccode\u003ee884644\u003c/code\u003e\u003c/a\u003e Dockerfile: fix filenames of artifacts\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/distribution/compare/v2.7.1...v2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github.com/docker/docker` from 20.10.17+incompatible to 26.1.5+incompatible\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/docker/releases\"\u003egithub.com/docker/docker's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev26.1.5\u003c/h2\u003e\n\u003ch2\u003e26.1.5\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eThis release contains a fix for \u003ca href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110\"\u003eCVE-2024-41110\u003c/a\u003e / \u003ca href=\"https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq\"\u003eGHSA-v23v-6jw2-98fq\u003c/a\u003e\nthat impacted setups using \u003ca href=\"https://docs.docker.com/engine/extend/plugins_authorization/\"\u003eauthorization plugins (AuthZ)\u003c/a\u003e\nfor access control. No other changes are included in this release, and this\nrelease is otherwise identical for users not using AuthZ plugins.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/moby/moby/compare/v26.1.4...v26.1.5\"\u003ehttps://github.com/moby/moby/compare/v26.1.4...v26.1.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev26.1.4\u003c/h2\u003e\n\u003ch2\u003e26.1.4\u003c/h2\u003e\n\u003cp\u003eFor a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A26.1.4\"\u003edocker/cli, 26.1.4 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A26.1.4\"\u003emoby/moby, 26.1.4 milestone\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDeprecated and removed features, see \u003ca href=\"https://github.com/docker/cli/blob/v26.1.4/docs/deprecated.md\"\u003eDeprecated Features\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eChanges to the Engine API, see \u003ca href=\"https://github.com/moby/moby/blob/v26.1.4/docs/api/version-history.md\"\u003eAPI version history\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003eThis release updates the Go runtime to 1.21.11 which contains security fixes for:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/golang/go/issues/66869\"\u003eCVE-2024-24789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/golang/go/issues/67680\"\u003eCVE-2024-24790\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eA symlink time of check to time of use race condition during directory removal reported by Addison Crump (\u003ca href=\"https://github.com/addisoncrump\"\u003e\u003ccode\u003e@​addisoncrump\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug fixes and enhancements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where promoting a node immediately after another node was demoted could cause the promotion to fail. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47870\"\u003emoby/moby#47870\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrevent the daemon log from being spammed with \u003ccode\u003esuperfluous response.WriteHeader call ...\u003c/code\u003e messages.. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47843\"\u003emoby/moby#47843\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDon't show empty hints when plugins return an empty hook message. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5083\"\u003edocker/cli#5083\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eContextType: \u0026quot;moby\u0026quot;\u003c/code\u003e to the context list/inspect output to address a compatibility issue with Visual Studio Container Tools. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5095\"\u003edocker/cli#5095\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix a compatibility issue with Visual Studio Container Tools. \u003ca href=\"https://redirect.github.com/docker/cli/pull/5095\"\u003edocker/cli#5095\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePackaging updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate containerd (static binaries only) to \u003ca href=\"https://github.com/containerd/containerd/releases/tag/v1.7.17\"\u003ev1.7.17\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47841\"\u003emoby/moby#47841\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/golang/go/issues/66869\"\u003eCVE-2024-24789\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/golang/go/issues/67680\"\u003eCVE-2024-24790\u003c/a\u003e: Update Go runtime to 1.21.11. \u003ca href=\"https://redirect.github.com/moby/moby/pull/47904\"\u003emoby/moby#47904\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Compose to \u003ca href=\"https://github.com/docker/compose/releases/tag/v2.27.1\"\u003ev2.27.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/docker/docker-ce-packaging/pull/1022\"\u003edocker/docker-ce-packages#1022\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Buildx to \u003ca href=\"https://github.com/docker/buildx/releases/tag/v0.14.1\"\u003ev0.14.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/docker/docker-ce-packaging/pull/1021\"\u003edocker/docker-ce-packages#1021\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev26.1.3\u003c/h2\u003e\n\u003ch2\u003e26.1.3\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191\"\u003e\u003ccode\u003e411e817\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/9cc85eaef15739234909e9c1d4b9915b37bac4ab\"\u003e\u003ccode\u003e9cc85ea\u003c/code\u003e\u003c/a\u003e If url includes scheme, urlPath will drop hostname, which would not match the...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/820cab90bc2cfc6fadf9bf9f0f460e1f6d07434a\"\u003e\u003ccode\u003e820cab9\u003c/code\u003e\u003c/a\u003e Authz plugin security fixes for 0-length content and path validation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/6bc49067a6c7647db245d77e0660778c8f61f314\"\u003e\u003ccode\u003e6bc4906\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/48123\"\u003e#48123\u003c/a\u003e from vvoland/v26.1-48120\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/6fbdce4b94456b6aad2b83a661bbbbed4dafa583\"\u003e\u003ccode\u003e6fbdce4\u003c/code\u003e\u003c/a\u003e update to go1.21.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/f5334644ecc787861fef75c7f6d08756ffe8bbd7\"\u003e\u003ccode\u003ef533464\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/47986\"\u003e#47986\u003c/a\u003e from vvoland/v26.1-47985\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/c1d4587d769bae94305de974fcb97d614fa7b4ef\"\u003e\u003ccode\u003ec1d4587\u003c/code\u003e\u003c/a\u003e builder/mobyexporter: Add missing nil check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/d6428049a53212ee798fedd90b1328a381492d28\"\u003e\u003ccode\u003ed642804\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/47940\"\u003e#47940\u003c/a\u003e from thaJeztah/26.1_backport_api_remove_container_c...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/daba2462f545b155011e1f183a85f00a18926181\"\u003e\u003ccode\u003edaba246\u003c/code\u003e\u003c/a\u003e docs: api: image inspect: remove Container and ContainerConfig\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moby/moby/commit/de5c9cf0b96e4e172b96db54abababa4a328462f\"\u003e\u003ccode\u003ede5c9cf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/docker/issues/47912\"\u003e#47912\u003c/a\u003e from thaJeztah/26.1_backport_vendor_containerd_1.7.18\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/docker/compare/v20.10.17...v26.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `golang.org/x/text` from 0.3.7 to 0.9.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/48e4a4a957429d31328a685863b594ca9a06b552\"\u003e\u003ccode\u003e48e4a4a\u003c/code\u003e\u003c/a\u003e all: fix some comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/9db913aaf20ced01b7a130d9fb222d74a1339fa6\"\u003e\u003ccode\u003e9db913a\u003c/code\u003e\u003c/a\u003e go.mod: update to newer x/tools\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/30dadde3188b39150d373bac513a97df9d816a5b\"\u003e\u003ccode\u003e30dadde\u003c/code\u003e\u003c/a\u003e all: correct comment typos\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/71a9c9afc4cd710b9412f7f99f0d8e35b10e488a\"\u003e\u003ccode\u003e71a9c9a\u003c/code\u003e\u003c/a\u003e all: fix some comments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/ec5565b1b747ce5ca569aeefc09e737b479a12ac\"\u003e\u003ccode\u003eec5565b\u003c/code\u003e\u003c/a\u003e README.md: update documentation of module versioning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/c8236a6712b1b530895a7182a8a9fc06f1c5cf4e\"\u003e\u003ccode\u003ec8236a6\u003c/code\u003e\u003c/a\u003e unicode/bidi: remove unused global\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/ada7473102ad456072fb2ef01a115cb0adb8d9a8\"\u003e\u003ccode\u003eada7473\u003c/code\u003e\u003c/a\u003e all: remove redundant type conversion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/1bdb400fb39a45cc788ffe7e5d7a2a9719afc7e9\"\u003e\u003ccode\u003e1bdb400\u003c/code\u003e\u003c/a\u003e language: remove compatibility with go \u0026lt; 1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/252bee03417df7609718dd0885f25d37818cb5c1\"\u003e\u003ccode\u003e252bee0\u003c/code\u003e\u003c/a\u003e go.mod: ignore cyclic dependency for tagging\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/golang/text/commit/ecab6e5ab6ec037a966bd330f3c04322d09cb79e\"\u003e\u003ccode\u003eecab6e5\u003c/code\u003e\u003c/a\u003e go.mod: ignore cyclic dependency for tagging\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/golang/text/compare/v0.3.7...v0.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google.golang.org/protobuf` from 1.28.1 to 1.30.0\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/SVilgelm/opa/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/SVilgelm/opa/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SVilgelm%2Fopa/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}}]}