Commit Graph

135 Commits

Author SHA1 Message Date
dependabot[bot]
d58172c112
Bump github.com/tencentcloud/tencentcloud-sdk-go from 1.0.62 to 3.0.233+incompatible in /src (#20035)
Bump github.com/tencentcloud/tencentcloud-sdk-go in /src

Bumps [github.com/tencentcloud/tencentcloud-sdk-go](https://github.com/tencentcloud/tencentcloud-sdk-go) from 1.0.62 to 3.0.233+incompatible.
- [Commits](https://github.com/tencentcloud/tencentcloud-sdk-go/commits)

---
updated-dependencies:
- dependency-name: github.com/tencentcloud/tencentcloud-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-03-28 17:01:37 +08:00
MinerYang
a269b4f31c
Update support for artifactType for both manifest and index (#20030)
add artifact_type for artifact model to support artifactType filter

Signed-off-by: yminer <yminer@vmware.com>

add 2.11 sql schema & update index artifactType omitted

Signed-off-by: yminer <yminer@vmware.com>

update UT

update migrate sql for artifact_type

Signed-off-by: yminer <yminer@vmware.com>

remove debug line
2024-03-12 13:52:56 +00:00
Wang Yan
dbe9790147
add generate sbom object utility (#20097)
* add generate sbom object utility

Leverage the go-containerregistry to generate the oci object for sbom and add it as an accessory of the subject artifact.

Signed-off-by: wang yan <wangyan@vmware.com>

* remove vendor

Signed-off-by: wang yan <wangyan@vmware.com>

* resolve comments

Signed-off-by: wang yan <wangyan@vmware.com>

* fix ut

Signed-off-by: wang yan <wangyan@vmware.com>

* resolve comments

Signed-off-by: wang yan <wangyan@vmware.com>

* remove the todo comments

Signed-off-by: wang yan <wangyan@vmware.com>

---------

Signed-off-by: wang yan <wangyan@vmware.com>
2024-03-12 12:27:34 +08:00
dependabot[bot]
c5790ced14
Bump github.com/aws/aws-sdk-go from 1.50.5 to 1.50.24 in /src (#20018)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.50.5 to 1.50.24.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.50.5...v1.50.24)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-02-26 12:05:17 +08:00
dependabot[bot]
2fd4588782
Bump helm.sh/helm/v3 from 3.11.3 to 3.14.2 in /src (#20017)
Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.11.3 to 3.14.2.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.11.3...v3.14.2)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-02-26 10:08:51 +08:00
dependabot[bot]
056c41fd80
Bump github.com/google/uuid from 1.3.1 to 1.6.0 in /src (#19954)
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.1 to 1.6.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-02-23 18:19:40 +08:00
dependabot[bot]
cb04005098
Bump github.com/go-openapi/strfmt from 0.21.8 to 0.22.0 in /src (#19955)
Bumps [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) from 0.21.8 to 0.22.0.
- [Commits](https://github.com/go-openapi/strfmt/compare/v0.21.8...v0.22.0)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/strfmt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-02-23 17:40:46 +08:00
dependabot[bot]
35f98344e6
Bump go.opentelemetry.io/otel from 1.21.0 to 1.23.1 in /src (#19972)
Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.21.0 to 1.23.1.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.21.0...v1.23.1)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-02-23 16:54:30 +08:00
Antoine Jouve
73c2884e58
[Token/JWT] Update to golang-jwt v5.2.0 (#19802)
* feat: update to golang-jwt v5.2.0

Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>

* fix: module issues and robot claims

Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>

* fix: add missing time import

Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>

* feat: set jwt validation leeway to 60s

Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>

* fix: update leeways that were still set to 10s

Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>

* feat: update go.sum

Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>

* feat: add two leeway related test cases

Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>

* fix: correct jwt audience validation

Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>

* fix: gofmt v2_token.go

Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>

* feat: take into account review comments

Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>

* feat: use a common constant to store JWT leeway

Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>

---------

Signed-off-by: Antoine Jouve <ant.jouve@gmail.com>
Signed-off-by: Antoine Jouve <an-toine@users.noreply.github.com>
Co-authored-by: MinerYang <yminer@vmware.com>
2024-02-23 11:30:13 +08:00
dependabot[bot]
db20b3b6ac
Bump github.com/go-ldap/ldap/v3 from 3.2.4 to 3.4.6 in /src (#19889)
Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap) from 3.2.4 to 3.4.6.
- [Release notes](https://github.com/go-ldap/ldap/releases)
- [Commits](https://github.com/go-ldap/ldap/compare/v3.2.4...v3.4.6)

---
updated-dependencies:
- dependency-name: github.com/go-ldap/ldap/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-02-04 20:08:50 +08:00
dependabot[bot]
7cfc685b7a
Bump github.com/go-openapi/errors from 0.20.4 to 0.21.0 in /src (#19890)
Bumps [github.com/go-openapi/errors](https://github.com/go-openapi/errors) from 0.20.4 to 0.21.0.
- [Commits](https://github.com/go-openapi/errors/compare/v0.20.4...v0.21.0)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/errors
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-02-04 19:27:48 +08:00
dependabot[bot]
f562c3016d
Bump github.com/aws/aws-sdk-go from 1.34.28 to 1.50.5 in /src (#19920)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.34.28 to 1.50.5.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.34.28...v1.50.5)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-02-04 18:32:12 +08:00
zycupup
ee6f61c502
feat: volc cr adapter (#19456)
feat: support volcEngine replication

Signed-off-by: zhuyuchen.1 <zhuyuchen.1@bytedance.com>
2024-01-19 14:15:49 +08:00
dependabot[bot]
6d854a5534
Bump github.com/go-openapi/swag from 0.22.4 to 0.22.7 in /src (#19809)
Bumps [github.com/go-openapi/swag](https://github.com/go-openapi/swag) from 0.22.4 to 0.22.7.
- [Commits](https://github.com/go-openapi/swag/compare/v0.22.4...v0.22.7)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/swag
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-01-18 14:14:44 +08:00
dependabot[bot]
6b1e5d2312
Bump github.com/vmihailenco/msgpack/v5 from 5.0.0-rc.2 to 5.4.1 in /src (#19810)
Bumps [github.com/vmihailenco/msgpack/v5](https://github.com/vmihailenco/msgpack) from 5.0.0-rc.2 to 5.4.1.
- [Release notes](https://github.com/vmihailenco/msgpack/releases)
- [Changelog](https://github.com/vmihailenco/msgpack/blob/v5/CHANGELOG.md)
- [Commits](https://github.com/vmihailenco/msgpack/compare/v5.0.0-rc.2...v5.4.1)

---
updated-dependencies:
- dependency-name: github.com/vmihailenco/msgpack/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-01-18 13:34:33 +08:00
dependabot[bot]
6f6e85863e
Bump k8s.io/client-go from 0.26.2 to 0.29.0 in /src (#19813)
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.26.2 to 0.29.0.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.26.2...v0.29.0)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-01-18 12:54:39 +08:00
dependabot[bot]
f8d2169712
Bump github.com/go-openapi/runtime from 0.19.20 to 0.26.2 in /src (#19763)
Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.19.20 to 0.26.2.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.19.20...v0.26.2)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shengwen YU <yshengwen@vmware.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-01-08 16:02:08 +08:00
dependabot[bot]
bb2581c669
Bump gopkg.in/h2non/gock.v1 from 1.0.16 to 1.1.2 in /src (#19765)
Bumps gopkg.in/h2non/gock.v1 from 1.0.16 to 1.1.2.

---
updated-dependencies:
- dependency-name: gopkg.in/h2non/gock.v1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-01-08 14:42:26 +08:00
dependabot[bot]
de7ea2849e
Bump github.com/cloudevents/sdk-go/v2 from 2.13.0 to 2.14.0 in /src (#19764)
Bumps [github.com/cloudevents/sdk-go/v2](https://github.com/cloudevents/sdk-go) from 2.13.0 to 2.14.0.
- [Release notes](https://github.com/cloudevents/sdk-go/releases)
- [Commits](https://github.com/cloudevents/sdk-go/compare/v2.13.0...v2.14.0)

---
updated-dependencies:
- dependency-name: github.com/cloudevents/sdk-go/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-01-08 09:46:21 +08:00
dependabot[bot]
88a4cabcaf
Bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.5.0 in /src (#19766)
Bumps [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) from 4.4.2 to 4.5.0.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v4.4.2...v4.5.0)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-05 17:20:40 +08:00
dependabot[bot]
378ff62350
Bump golang.org/x/time from 0.4.0 to 0.5.0 in /src (#19767)
Bumps [golang.org/x/time](https://github.com/golang/time) from 0.4.0 to 0.5.0.
- [Commits](https://github.com/golang/time/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/time
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2024-01-05 16:15:15 +08:00
dependabot[bot]
49ee3b7759
Bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux from 0.45.0 to 0.46.1 in /src (#19727)
Bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux

Bumps [go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux](https://github.com/open-telemetry/opentelemetry-go-contrib) from 0.45.0 to 0.46.1.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.45.0...zpages/v0.46.1)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2023-12-21 10:09:50 +08:00
dependabot[bot]
2f2a6462ad
Bump github.com/bmatcuk/doublestar from 1.1.1 to 1.3.4 in /src (#19698)
Bumps [github.com/bmatcuk/doublestar](https://github.com/bmatcuk/doublestar) from 1.1.1 to 1.3.4.
- [Release notes](https://github.com/bmatcuk/doublestar/releases)
- [Commits](https://github.com/bmatcuk/doublestar/compare/v1.1.1...v1.3.4)

---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2023-12-20 13:33:53 +08:00
dependabot[bot]
41adc7508a
Bump github.com/prometheus/client_golang from 1.14.0 to 1.17.0 in /src (#19699)
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.14.0 to 1.17.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.14.0...v1.17.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2023-12-20 10:48:20 +08:00
dependabot[bot]
dcd3c3dbfd
Bump github.com/coreos/go-oidc/v3 from 3.7.0 to 3.9.0 in /src (#19701)
Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.7.0 to 3.9.0.
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](https://github.com/coreos/go-oidc/compare/v3.7.0...v3.9.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2023-12-19 17:06:32 +08:00
dependabot[bot]
80b3ea5501
Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /src (#19729)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2023-12-19 14:19:48 +08:00
dependabot[bot]
5f828ea72f
Bump github.com/go-openapi/errors from 0.19.6 to 0.20.4 in /src (#19697)
Bumps [github.com/go-openapi/errors](https://github.com/go-openapi/errors) from 0.19.6 to 0.20.4.
- [Commits](https://github.com/go-openapi/errors/compare/v0.19.6...v0.20.4)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/errors
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2023-12-14 12:10:51 +08:00
dependabot[bot]
6b41277b03
Bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0 in /src (#19631)
Bumps [sigs.k8s.io/yaml](https://github.com/kubernetes-sigs/yaml) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/kubernetes-sigs/yaml/releases)
- [Changelog](https://github.com/kubernetes-sigs/yaml/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/yaml/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/yaml
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2023-12-08 15:11:38 +08:00
dependabot[bot]
8859f69668
Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 in /src (#19636)
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2023-12-08 13:20:20 +08:00
dependabot[bot]
af4c6b6f0f
Bump github.com/gorilla/handlers from 1.5.1 to 1.5.2 in /src (#19632)
Bumps [github.com/gorilla/handlers](https://github.com/gorilla/handlers) from 1.5.1 to 1.5.2.
- [Release notes](https://github.com/gorilla/handlers/releases)
- [Commits](https://github.com/gorilla/handlers/compare/v1.5.1...v1.5.2)

---
updated-dependencies:
- dependency-name: github.com/gorilla/handlers
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2023-12-08 09:59:06 +08:00
dependabot[bot]
2984c2e04b
Bump github.com/robfig/cron/v3 from 3.0.0 to 3.0.1 in /src (#19633)
Bumps [github.com/robfig/cron/v3](https://github.com/robfig/cron) from 3.0.0 to 3.0.1.
- [Commits](https://github.com/robfig/cron/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: github.com/robfig/cron/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2023-12-07 17:49:21 +08:00
Shengwen YU
1cbc901599
fix: upgrade google.golang.org/grpc (#19648)
fix: upgrade google.golang.org/grpc and go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp

Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
2023-12-05 16:22:39 +08:00
dependabot[bot]
bf251ef0aa
Bump github.com/coreos/go-oidc/v3 from 3.0.0 to 3.7.0 in /src (#19542)
Bumps [github.com/coreos/go-oidc/v3](https://github.com/coreos/go-oidc) from 3.0.0 to 3.7.0.
- [Release notes](https://github.com/coreos/go-oidc/releases)
- [Commits](https://github.com/coreos/go-oidc/compare/v3.0.0...v3.7.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-oidc/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2023-11-28 09:31:16 +08:00
dependabot[bot]
e1df9b0a73
Bump golang.org/x/time from 0.0.0-20220210224613-90d013bbcef8 to 0.4.0 in /src (#19541)
Bump golang.org/x/time in /src

Bumps [golang.org/x/time](https://github.com/golang/time) from 0.0.0-20220210224613-90d013bbcef8 to 0.4.0.
- [Commits](https://github.com/golang/time/commits/v0.4.0)

---
updated-dependencies:
- dependency-name: golang.org/x/time
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shengwen YU <yshengwen@vmware.com>
2023-11-27 16:58:28 +08:00
Chlins Zhang
43ccd2f09f
perf: optimize the performance of accessory query (#19557)
1. Add db index for subject_artifact_id in table artifact_accessory.
2. Optimize the SQL of excluding the accessory for artifact count.

Signed-off-by: chlins <chenyuzh@vmware.com>
2023-11-22 02:11:11 +00:00
Daniel Jiang
3f7c605cf5
[WIP] Remove vendor folder from harbor code base (#19508)
* Remove vendor folder from harbor code base

Signed-off-by: Daniel Jiang <jiangd@vmware.com>

* debug ut failure

* debug failure

* debug failure

---------

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2023-11-05 14:37:25 +08:00
MinerYang
193b00b9e6
bump golang to 1.21.3 (#19504)
update ut mock

update go mod

Signed-off-by: yminer <yminer@vmware.com>
2023-10-31 15:01:23 +08:00
MinerYang
adb066cf50
bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/m… (#19477)
bump go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux

Signed-off-by: yminer <yminer@vmware.com>
2023-10-24 08:21:34 +00:00
MinerYang
84a85fb299
bump golang.org/x/net to v0.17.0 && go.opentelemetry.io/contrib (#19461)
bump golang.org/x/net to v0.17.0

Signed-off-by: yminer <yminer@vmware.com>

bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp  to v0.45.0
2023-10-18 14:34:51 +08:00
Chlins Zhang
98f592f94f
chore: upgrade golang-migrate to v4.16.2 (#18879)
Signed-off-by: chlins <chenyuzh@vmware.com>
2023-07-11 10:21:12 +08:00
Chlins Zhang
78799ccb2f
perf: introduce update quota by redis (#18871)
Introduce the quota update provider, improve the performance of pushing
artifacts to same project with high concurrency by implementing
optimistic lock in redis. By default the function is disabled, open it
by set env 'QUOTA_UPDATE_PROVIDER=Redis' for the core container.

Fixes: #18440

Signed-off-by: chlins <chenyuzh@vmware.com>
2023-07-10 13:24:37 +08:00
Wang Yan
7435c8c5ab
add multiple deletion of GC (#18855)
User can specify the workers when to issue an GC execution, the maxium count of workers is 5.

Signed-off-by: wang yan <wangyan@vmware.com>
2023-06-29 16:22:18 +08:00
Chlins Zhang
02a1c417d4
refactor: migrate the redis command keys to scan (#18825)
Refine the cache interface, migrate the Keys to Scan, change the redis
underlying keys command to scan.

Signed-off-by: chlins <chenyuzh@vmware.com>
2023-06-29 11:28:19 +08:00
Wang Yan
bf7c82b9a8
remove the notary from backend (#18668)
Since harbor deprecates notary since v2.9.0, this pull request targets to remove the code related with notary.

Signed-off-by: Wang Yan <wangyan@vmware.com>
2023-05-18 18:47:42 +08:00
MinerYang
954f1f3d06
bump up github.com/distribution/distribution v2.8.2 (#18687)
Signed-off-by: yminer <yminer@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2023-05-17 11:58:43 +08:00
Eng Zer Jun
18a33c2b40
chore: replace github.com/ghodss/yaml with sigs.k8s.io/yaml (#18606)
At the time of making this commit, the package `github.com/ghodss/yaml`
is no longer actively maintained.

`sigs.k8s.io/yaml` is a permanent fork of `ghodss/yaml` and is actively
maintained by Kubernetes SIG.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
Co-authored-by: MinerYang <yminer@vmware.com>
2023-05-12 18:21:26 +08:00
MinerYang
8df99a5116
bump golang.org/x/net && helm.sh/helm/v3 on main (#18545)
bump golang.org/x/net v0.9.0 on main

Signed-off-by: yminer <yminer@vmware.com>

bump helm.sh/helm/v3 v3.11.3
2023-04-18 19:18:04 +08:00
Shijun Sun
2b3f178a50
Upgrade Golang packages (#18376)
1. Upgrade golang.org/x/net to 0.7.0
2. Upgrade helm.sh/helm/v3 to 3.11.1

Signed-off-by: AllForNothing <sshijun@vmware.com>
2023-03-20 15:59:37 +08:00
Daniel Jiang
bea8dece07
feat: upgrade golang to 1.20.1 (#18370)
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
Co-authored-by: Shengwen Yu <yshengwen@vmware.com>
Co-authored-by: Wang Yan <wangyan@vmware.com>
2023-03-17 17:49:44 +08:00
MinerYang
e76aff6a0a
add external redis username config to support redis6 ACL (#18364)
add external redis username o support redis6 ACL

Signed-off-by: yminer <yminer@vmware.com>
2023-03-17 14:16:19 +08:00