build(deps): bump github.com/google/go-containerregistry from 0.20.7 to 0.21.2 (#1026)

dependabot[bot] · rdimitrov · web-flow · commit c0ecfd5a650d · 2026-03-07T15:31:08.000+02:00
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.20.7 to 0.21.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-containerregistry/releases">github.com/google/go-containerregistry's releases</a>.</em></p> <blockquote> <h2>v0.21.2</h2> <h2>What's Changed</h2> <ul> <li>Better handle redirects to https in ping by <a href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/2225">google/go-containerregistry#2225</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google/go-containerregistry/compare/v0.21.1...v0.21.2">https://github.com/google/go-containerregistry/compare/v0.21.1...v0.21.2</a></p> <h2>v0.21.1</h2> <p>This release fixes a regression in <code>crane</code> introduced in the previous release.</p> <h2>What's Changed</h2> <ul> <li>Add WithFileBufferedOpener for file-backed daemon image buffering by <a href="https://github.com/twdamhore"><code>@​twdamhore</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/2214">google/go-containerregistry#2214</a></li> <li>crane: fix case in auth response json by <a href="https://github.com/aelindeman"><code>@​aelindeman</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/2218">google/go-containerregistry#2218</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/twdamhore"><code>@​twdamhore</code></a> made their first contribution in <a href="https://redirect.github.com/google/go-containerregistry/pull/2214">google/go-containerregistry#2214</a></li> <li><a href="https://github.com/aelindeman"><code>@​aelindeman</code></a> made their first contribution in <a href="https://redirect.github.com/google/go-containerregistry/pull/2218">google/go-containerregistry#2218</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google/go-containerregistry/compare/v0.21.0...v0.21.1">https://github.com/google/go-containerregistry/compare/v0.21.0...v0.21.1</a></p> <h2>v0.21.0</h2> <p>This release updates the minimum Go version to <code>1.25.6</code>.</p> <h2>What's Changed</h2> <ul> <li>fix(mutate): don't skip dir replacements via whiteout in export by <a href="https://github.com/r4f4"><code>@​r4f4</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/2191">google/go-containerregistry#2191</a></li> <li>Improve performance of v1.NewHash by <a href="https://github.com/bmoylan"><code>@​bmoylan</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/2194">google/go-containerregistry#2194</a></li> <li>Bump the actions group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/google/go-containerregistry/pull/2207">google/go-containerregistry#2207</a></li> <li>Bump the root-deps group across 1 directory with 7 updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/google/go-containerregistry/pull/2195">google/go-containerregistry#2195</a></li> <li>Fix error messages in crane_test.go by <a href="https://github.com/jammie-jelly"><code>@​jammie-jelly</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/2189">google/go-containerregistry#2189</a></li> <li>Bump go version across packages to 1.25.6 by <a href="https://github.com/Subserial"><code>@​Subserial</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/2211">google/go-containerregistry#2211</a></li> <li>Join go.mod dependency updates by <a href="https://github.com/Subserial"><code>@​Subserial</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/2212">google/go-containerregistry#2212</a></li> <li>Bump the go-deps group across 3 directories with 3 updates by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/google/go-containerregistry/pull/2213">google/go-containerregistry#2213</a></li> <li>Disable taint gosec lints by <a href="https://github.com/Subserial"><code>@​Subserial</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/2215">google/go-containerregistry#2215</a></li> <li>Update go version used in goreleaser by <a href="https://github.com/Subserial"><code>@​Subserial</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/2216">google/go-containerregistry#2216</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/r4f4"><code>@​r4f4</code></a> made their first contribution in <a href="https://redirect.github.com/google/go-containerregistry/pull/2191">google/go-containerregistry#2191</a></li> <li><a href="https://github.com/jammie-jelly"><code>@​jammie-jelly</code></a> made their first contribution in <a href="https://redirect.github.com/google/go-containerregistry/pull/2189">google/go-containerregistry#2189</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google/go-containerregistry/compare/v0.20.7...v0.21.0">https://github.com/google/go-containerregistry/compare/v0.20.7...v0.21.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/google/go-containerregistry/commit/9e0ccb0a7240fe7cc820f0fc78e2e2b1ef8b7e71"><code>9e0ccb0</code></a> Better handle redirects to https in ping (<a href="https://redirect.github.com/google/go-containerregistry/issues/2225">#2225</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/85f2bf5f7303fc95161f334e4fc2e66c36e12b1e"><code>85f2bf5</code></a> crane: fix case in auth response json (<a href="https://redirect.github.com/google/go-containerregistry/issues/2218">#2218</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/e971d630dc417fd583bbd65f45e73abb1393cadf"><code>e971d63</code></a> Add WithFileBufferedOpener for file-backed daemon image buffering (<a href="https://redirect.github.com/google/go-containerregistry/issues/2214">#2214</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/8e2d6a68179f6f0feaf249b922bdc4d892ab273b"><code>8e2d6a6</code></a> Update go version used in goreleaser (<a href="https://redirect.github.com/google/go-containerregistry/issues/2216">#2216</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/b58334f7618a2cd1fbf7409c750aef475d20ad94"><code>b58334f</code></a> Disable taint gosec lints (<a href="https://redirect.github.com/google/go-containerregistry/issues/2215">#2215</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/88b39ed90627ce7518c13c6b83c450e34da77b42"><code>88b39ed</code></a> Bump the go-deps group across 3 directories with 3 updates (<a href="https://redirect.github.com/google/go-containerregistry/issues/2213">#2213</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/102ac75dde6d0ffb017d12f5347c5dbbf15de782"><code>102ac75</code></a> join go.mod dependency updates (<a href="https://redirect.github.com/google/go-containerregistry/issues/2212">#2212</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/d5817d559e57f5dcc3131ec9d7015b1f265a711c"><code>d5817d5</code></a> Bump go version across packages to 1.25.6 (<a href="https://redirect.github.com/google/go-containerregistry/issues/2211">#2211</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/23f0632fa33e14155daecee2c105953c68bb2166"><code>23f0632</code></a> Fix error messages in crane_test.go (<a href="https://redirect.github.com/google/go-containerregistry/issues/2189">#2189</a>)</li> <li><a href="https://github.com/google/go-containerregistry/commit/438abde5e7acdcc5ce768f2f2cd5c20f01163679"><code>438abde</code></a> Bump the root-deps group across 1 directory with 7 updates (<a href="https://redirect.github.com/google/go-containerregistry/issues/2195">#2195</a>)</li> <li>Additional commits viewable in <a href="https://github.com/google/go-containerregistry/compare/v0.20.7...v0.21.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/go-containerregistry&package-manager=go_modules&previous-version=0.20.7&new-version=0.21.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Radoslav Dimitrov <radoslav@stacklok.com>
diff --git a/go.mod b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/coreos/go-oidc/v3 v3.17.0
 	github.com/danielgtaylor/huma/v2 v2.35.0
 	github.com/golang-jwt/jwt/v5 v5.3.1
-	github.com/google/go-containerregistry v0.20.7
+	github.com/google/go-containerregistry v0.21.2
 	github.com/jackc/pgx/v5 v5.8.0
 	github.com/prometheus/client_golang v1.23.2
 	github.com/rs/cors v1.11.1
@@ -39,9 +39,9 @@ require (
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/containerd/stargz-snapshotter/estargz v0.18.1 // indirect
+	github.com/containerd/stargz-snapshotter/estargz v0.18.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/cli v29.2.0+incompatible // indirect
+	github.com/docker/cli v29.2.1+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.9.3 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
@@ -55,7 +55,7 @@ require (
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
-	github.com/klauspost/compress v1.18.1 // indirect
+	github.com/klauspost/compress v1.18.4 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
@@ -76,7 +76,7 @@ require (
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	golang.org/x/crypto v0.47.0 // indirect
 	golang.org/x/net v0.49.0 // indirect
-	golang.org/x/oauth2 v0.34.0 // indirect
+	golang.org/x/oauth2 v0.35.0 // indirect
 	golang.org/x/sync v0.19.0 // indirect
 	golang.org/x/sys v0.41.0 // indirect
 	golang.org/x/text v0.33.0 // indirect
diff --git a/go.sum b/go.sum
@@ -36,17 +36,17 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cncf/xds/go v0.0.0-20251022180443-0feb69152e9f h1:Y8xYupdHxryycyPlc9Y+bSQAYZnetRJ70VMVKm5CKI0=
 github.com/cncf/xds/go v0.0.0-20251022180443-0feb69152e9f/go.mod h1:HlzOvOjVBOfTGSRXRyY0OiCS/3J1akRGQQpRO/7zyF4=
-github.com/containerd/stargz-snapshotter/estargz v0.18.1 h1:cy2/lpgBXDA3cDKSyEfNOFMA/c10O1axL69EU7iirO8=
-github.com/containerd/stargz-snapshotter/estargz v0.18.1/go.mod h1:ALIEqa7B6oVDsrF37GkGN20SuvG/pIMm7FwP7ZmRb0Q=
+github.com/containerd/stargz-snapshotter/estargz v0.18.2 h1:yXkZFYIzz3eoLwlTUZKz2iQ4MrckBxJjkmD16ynUTrw=
+github.com/containerd/stargz-snapshotter/estargz v0.18.2/go.mod h1:XyVU5tcJ3PRpkA9XS2T5us6Eg35yM0214Y+wvrZTBrY=
 github.com/coreos/go-oidc/v3 v3.17.0 h1:hWBGaQfbi0iVviX4ibC7bk8OKT5qNr4klBaCHVNvehc=
 github.com/coreos/go-oidc/v3 v3.17.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8=
 github.com/danielgtaylor/huma/v2 v2.35.0 h1:FRg3FgVKcMogVhbNY7FjyTwk+p/orLBR3hQBvXXg7dw=
 github.com/danielgtaylor/huma/v2 v2.35.0/go.mod h1:3elp5brzdyyZsPlDVvf6w8RLnklKp3abolr+5op3fP0=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/docker/cli v29.2.0+incompatible h1:9oBd9+YM7rxjZLfyMGxjraKBKE4/nVyvVfN4qNl9XRM=
-github.com/docker/cli v29.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v29.2.1+incompatible h1:n3Jt0QVCN65eiVBoUTZQM9mcQICCJt3akW4pKAbKdJg=
+github.com/docker/cli v29.2.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8=
@@ -71,8 +71,8 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/go-containerregistry v0.20.7 h1:24VGNpS0IwrOZ2ms2P1QE3Xa5X9p4phx0aUgzYzHW6I=
-github.com/google/go-containerregistry v0.20.7/go.mod h1:Lx5LCZQjLH1QBaMPeGwsME9biPeo1lPx6lbGj/UmzgM=
+github.com/google/go-containerregistry v0.21.2 h1:vYaMU4nU55JJGFC9JR/s8NZcTjbE9DBBbvusTW9NeS0=
+github.com/google/go-containerregistry v0.21.2/go.mod h1:ctO5aCaewH4AK1AumSF5DPW+0+R+d2FmylMJdp5G7p0=
 github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0=
 github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
@@ -91,8 +91,8 @@ github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo
 github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU=
 github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k=
-github.com/klauspost/compress v1.18.1 h1:bcSGx7UbpBqMChDtsF28Lw6v/G94LPrrbMbdC3JH2co=
-github.com/klauspost/compress v1.18.1/go.mod h1:ZQFFVG+MdnR0P+l6wpXgIL4NTtwiKIdBnrBd8Nrxr+0=
+github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c=
+github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -170,8 +170,8 @@ golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
 golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
 golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
 golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
-golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
-golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ=
+golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
 golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
