Bump github.com/containers/image/v5 from 5.35.0 to 5.36.0 #1720

dependabot · 2025-07-16T02:51:18Z

Bumps github.com/containers/image/v5 from 5.35.0 to 5.36.0.

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.36.0

What's Changed

Bump c/storage to v1.58.0, c/image to v5.35.0 by @TomSweeneyRedHat in containers/image#2828

chore(deps): update dependency golangci/golangci-lint to v2.1.2 by @renovate[bot] in containers/image#2827

fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.28 by @renovate[bot] in containers/image#2829

fix(deps): update module github.com/docker/docker to v28.1.0+incompatible by @renovate[bot] in containers/image#2834

fix(deps): update module github.com/docker/cli to v28.1.0+incompatible by @renovate[bot] in containers/image#2833

fix(deps): update module github.com/docker/cli to v28.1.1+incompatible by @renovate[bot] in containers/image#2836

fix(deps): update module github.com/docker/docker to v28.1.1+incompatible by @renovate[bot] in containers/image#2835

chore(deps): update dependency containers/automation_images to v20250422 by @renovate[bot] in containers/image#2839

chore(deps): update dependency golangci/golangci-lint to v2.1.5 by @renovate[bot] in containers/image#2840

fix(deps): update module github.com/sigstore/sigstore to v1.9.4 by @renovate[bot] in containers/image#2842

chore(deps): update dependency golangci/golangci-lint to v2.1.6 by @renovate[bot] in containers/image#2846

fix(deps): update module github.com/vbauerster/mpb/v8 to v8.10.0 by @renovate[bot] in containers/image#2845

fix(deps): update module golang.org/x/oauth2 to v0.30.0 by @renovate[bot] in containers/image#2847

fix(deps): update module golang.org/x/sync to v0.14.0 by @renovate[bot] in containers/image#2848

fix(deps): update module golang.org/x/term to v0.32.0 by @renovate[bot] in containers/image#2850

fix(deps): update module golang.org/x/crypto to v0.38.0 by @renovate[bot] in containers/image#2849

fix(deps): update module dario.cat/mergo to v1.0.2 by @renovate[bot] in containers/image#2851

vendor: update c/storage by @giuseppe in containers/image#2844

fix(deps): update module github.com/vbauerster/mpb/v8 to v8.10.1 by @renovate[bot] in containers/image#2853

Update old indirect dependencies by @mtrmac in containers/image#2787

Stop setting the btrfs_noversion build tag by @mtrmac in containers/image#2831

fix(deps): update module github.com/santhosh-tekuri/jsonschema/v6 to v6.0.2 by @renovate[bot] in containers/image#2855

fix(deps): update module github.com/docker/docker to v28.2.1+incompatible by @renovate[bot] in containers/image#2859

fix(deps): update module github.com/docker/cli to v28.2.1+incompatible by @renovate[bot] in containers/image#2858

fix(deps): update module github.com/docker/docker to v28.2.2+incompatible by @renovate[bot] in containers/image#2862

fix(deps): update module github.com/docker/cli to v28.2.2+incompatible by @renovate[bot] in containers/image#2861

INCOMPATIBLE: Remove the implementation of the ostree transport by @mtrmac in containers/image#2821

Only upload sigstore signatures to the sigstore tag schema by @mtrmac in containers/image#2717

Update old dependencies by @mtrmac in containers/image#2863

fix(deps): update github.com/containers/storage digest to 78f4258 by @renovate[bot] in containers/image#2864

Queue a partially-pulled layer for commit immediately after staging it by @mtrmac in containers/image#2799

fix(deps): update module github.com/vbauerster/mpb/v8 to v8.10.2 by @renovate[bot] in containers/image#2865

fix(deps): update module golang.org/x/sync to v0.15.0 by @renovate[bot] in containers/image#2866

fix(deps): update module golang.org/x/crypto to v0.39.0 by @renovate[bot] in containers/image#2867

fix(deps): update module github.com/sigstore/sigstore to v1.9.5 by @renovate[bot] in containers/image#2871

fix(deps): update module go.etcd.io/bbolt to v1.4.1 by @renovate[bot] in containers/image#2870

fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.8 by @renovate[bot] in containers/image#2872

Regenerate keys TestKeyFingerprintWithPassphrase and TestKeyFingerprint by @mtrmac in containers/image#2875

fix(deps): update module github.com/docker/docker to v28.3.0+incompatible by @renovate[bot] in containers/image#2880

fix(deps): update module github.com/docker/cli to v28.3.0+incompatible by @renovate[bot] in containers/image#2879

CI: run tests that need root as root by @Luap99 in containers/image#2878

remove containers_image_{fulcio_stub,rekor_stub} build tags by @Luap99 in containers/image#2881

Replace sigstore/rekor/pkg/client with a manually-created client by @Luap99 in containers/image#2873

Update module go.etcd.io/bbolt to v1.4.2 by @renovate[bot] in containers/image#2882

Update the Rekor client to match Rekor 1.3.10 by @mtrmac in containers/image#2884

Update dependency golangci/golangci-lint to v2.2.1 by @renovate[bot] in containers/image#2885

Update github.com/containers/storage digest to 83650ab by @renovate[bot] in containers/image#2886

Update module github.com/docker/docker to v28.3.1+incompatible by @renovate[bot] in containers/image#2889

... (truncated)

Commits

08ce6b4 Bump to c/image v5.36.0
b5e2b66 Bump to c/storage v1.59.0
9e95082 Merge pull request #2898 from containers/renovate/golangci-golangci-lint-2.x
70d266a Update dependency golangci/golangci-lint to v2.2.2
ccfad4e Merge pull request #2897 from containers/renovate/golang.org-x-crypto-0.x
2b0ee9e Update module golang.org/x/crypto to v0.40.0
e412678 Merge pull request #2896 from mtrmac/simplesequoia-stub
6b65ae3 Add a new Signer API for creating simple signing signatures with Sequoia-PGP
d9a97d8 Merge pull request #2894 from containers/renovate/github.com-docker-docker-28.x
8a4cfcb Update module github.com/docker/docker to v28.3.2+incompatible
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.35.0 to 5.36.0. - [Release notes](https://github.com/containers/image/releases) - [Commits](containers/image@v5.35.0...v5.36.0) --- updated-dependencies: - dependency-name: github.com/containers/image/v5 dependency-version: 5.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

openshift-ci · 2025-07-16T02:51:24Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign camilamacedo86 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci · 2025-07-16T02:51:30Z

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a operator-framework member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 16, 2025

openshift-ci bot requested review from anik120 and grokspawn July 16, 2025 02:51

openshift-ci bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jul 16, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump github.com/containers/image/v5 from 5.35.0 to 5.36.0 #1720

Bump github.com/containers/image/v5 from 5.35.0 to 5.36.0 #1720

Uh oh!

dependabot bot commented on behalf of github Jul 16, 2025

Uh oh!

openshift-ci bot commented Jul 16, 2025

Uh oh!

openshift-ci bot commented Jul 16, 2025

Uh oh!

Uh oh!

Bump github.com/containers/image/v5 from 5.35.0 to 5.36.0 #1720

Are you sure you want to change the base?

Bump github.com/containers/image/v5 from 5.35.0 to 5.36.0 #1720

Uh oh!

Conversation

dependabot bot commented on behalf of github Jul 16, 2025

v5.36.0

What's Changed

Uh oh!

openshift-ci bot commented Jul 16, 2025

Uh oh!

openshift-ci bot commented Jul 16, 2025

Uh oh!

Uh oh!