Sourced from github.com/google/go-containerregistry's releases.

v0.20.5

What's Changed

• build(deps): bump docker/docker to v28.0.0+incompatible by @​luhring in google/go-containerregistry#2071
• Migrate linter to v2 by @​Subserial in google/go-containerregistry#2096
• bump go version + bump deps by @​Subserial in google/go-containerregistry#2093
• implement TextMarshaler/JSONMarshaler more consistently by @​imjasonh in google/go-containerregistry#2097
• Update CodeQL permissions by @​Subserial in google/go-containerregistry#2103
• Update goreleaser permissions by @​Subserial in google/go-containerregistry#2104
• Update provenance action in release by @​Subserial in google/go-containerregistry#2105
• Update validator action by @​Subserial in google/go-containerregistry#2106

New Contributors

• @​luhring made their first contribution in google/go-containerregistry#2071
• @​Subserial made their first contribution in google/go-containerregistry#2096

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.20.3...v0.20.5

v0.20.4 - Not usable as a go module

🚨 This release was published to the Go module proxy and then re-tagged with a different commit. This means it's not usable as a Go module (google/go-containerregistry#2107) -- please us v0.20.5 instead.

What's Changed

• build(deps): bump docker/docker to v28.0.0+incompatible by @​luhring in google/go-containerregistry#2071
• Migrate linter to v2 by @​Subserial in google/go-containerregistry#2096
• bump go version + bump deps by @​Subserial in google/go-containerregistry#2093
• implement TextMarshaler/JSONMarshaler more consistently by @​imjasonh in google/go-containerregistry#2097
• Update CodeQL permissions by @​Subserial in google/go-containerregistry#2103
• Update goreleaser permissions by @​Subserial in google/go-containerregistry#2104
• Update provenance action in release by @​Subserial in google/go-containerregistry#2105
• Update validator action by @​Subserial in google/go-containerregistry#2106

New Contributors

• @​luhring made their first contribution in google/go-containerregistry#2071
• @​Subserial made their first contribution in google/go-containerregistry#2096

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.20.3...v0.20.4

v0.20.3

What's Changed

• remote/transport: Make bearer transport go-routine-safe by @​2opremio in google/go-containerregistry#1806
• Expose compare package by @​jonjohnsonjr in google/go-containerregistry#2001
• fix: redact.URL uses (*URL).Redacted to omit basic-auth password by @​bmoylan in google/go-containerregistry#1947
• bump actions to latest by @​ajayk in google/go-containerregistry#2011
• don't pin chainguard-dev/actions by @​imjasonh in google/go-containerregistry#2025
• Check for 406 status code when handling referrers API endpoint response by @​malancas in google/go-containerregistry#2026
• mutate: Create a defensive annotations copy by @​jonjohnsonjr in google/go-containerregistry#2030
• Detect zstd in crane append by @​jonjohnsonjr in google/go-containerregistry#2023
• bump deps using hack/bump-deps.sh by @​imjasonh in google/go-containerregistry#2042

New Contributors

• @​bmoylan made their first contribution in google/go-containerregistry#1947

... (truncated)

• 4eb8c4d Update validator action (#2106)
• 78d4a6e Update provenance action (#2105)
• 33840ff Update goreleaser permissions (#2104)
• 8d47c37 Update CodeQL permissions (#2103)
• a61de15 implement TextMarshaler/JSONMarshaler more consistently (#2097)
• 1d5b256 bump go version + bump deps (#2093)
• ccaa0d6 Migrate linter to v2 (#2096)
• 098045d build(deps): bump docker/docker to v28.0.0+incompatible (#2071)
• c4dd792 bump deps using hack/bump-deps.sh (#2042)
• 6bce25e Detect zstd in crane append (#2023)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)