Comparing changes

bumps the go_modules group with 1 update in the / directory: [github.com/sigstore/rekor](https://github.com/sigstore/rekor). updates `github.com/sigstore/rekor` from 1.4.3 to 1.5.0 - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](sigstore/rekor@v1.4.3...v1.5.0) --- updated-dependencies: - dependency-name: github.com/sigstore/rekor dependency-version: 1.5.0 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

bumps the go_modules group with 1 update in the / directory: [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore). updates `github.com/sigstore/sigstore` from 1.10.3 to 1.10.4 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.10.3...v1.10.4) --- updated-dependencies: - dependency-name: github.com/sigstore/sigstore dependency-version: 1.10.4 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

bumps the go_modules group with 1 update in the / directory: [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf). updates `github.com/theupdateframework/go-tuf/v2` from 2.3.1 to 2.4.1 - [Release notes](https://github.com/theupdateframework/go-tuf/releases) - [Commits](theupdateframework/go-tuf@v2.3.1...v2.4.1) --- updated-dependencies: - dependency-name: github.com/theupdateframework/go-tuf/v2 dependency-version: 2.4.1 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* update cosign fork to 3.0.4 plus dep tidy Signed-off-by: Adam Martin <[email protected]> * update to cosign fork tag v3.0.4+hauler.2 Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: Adam Martin <[email protected]>

Signed-off-by: Eric Klatzer <[email protected]>

Signed-off-by: Adam Martin <[email protected]>

* keep registry on rewrite if not specified * better logic * add test * accurate info output for rewrite references * apply suggestions from code review comment format and improved test Co-authored-by: Copilot <[email protected]> Signed-off-by: Camryn Carter <[email protected]> --------- Signed-off-by: Camryn Carter <[email protected]> Co-authored-by: Zack Brady <[email protected]> Co-authored-by: Copilot <[email protected]>

bumps the go_modules group with 1 update in the / directory: [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf). updates `github.com/theupdateframework/go-tuf/v2` from 2.3.1 to 2.4.1 - [Release notes](https://github.com/theupdateframework/go-tuf/releases) - [Commits](theupdateframework/go-tuf@v2.3.1...v2.4.1) --- updated-dependencies: - dependency-name: github.com/theupdateframework/go-tuf/v2 dependency-version: 2.4.1 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: handling of file referenced dependencies without repository field (#514) co-authored-by: devleitner <[email protected]> * bump go.opentelemetry.io/otel/sdk (#520) bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go). updates `go.opentelemetry.io/otel/sdk` from 1.39.0 to 1.40.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.39.0...v1.40.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.40.0 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * dev.md file (#521) * smaller changes and updates for v1.4.2 release (#524) * smaller changes and updates for v1.4.2 release * removed unused env variable * over-"haul": replace oras v1 and cosign fork with native containerd-based implementation (#515) * remove oras from hauler Signed-off-by: Adam Martin <[email protected]> * remove cosign fork and use upstream cosign for verification Signed-off-by: Adam Martin <[email protected]> * added support for oci referrers Signed-off-by: Adam Martin <[email protected]> * updated README.md projects list Signed-off-by: Adam Martin <[email protected]> * updates for copilot PR review Signed-off-by: Adam Martin <[email protected]> * bug fix for unsafe type assertions Signed-off-by: Adam Martin <[email protected]> * bug fix for http getter and dead code Signed-off-by: Adam Martin <[email protected]> * fixes for more clarity and better error handling Signed-off-by: Adam Martin <[email protected]> * bug fix for resource leaks and unchecked errors Signed-off-by: Adam Martin <[email protected]> * bug fix for rewrite logic for docker.io images due to cosign removal Signed-off-by: Adam Martin <[email protected]> * bug fix for sigs and referrers Signed-off-by: Adam Martin <[email protected]> * bug fix for index.json missing mediatype Signed-off-by: Adam Martin <[email protected]> * bug fix to make sure manifest.json doesnt include anything other than actual container images Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: Adam Martin <[email protected]> * bump github.com/docker/cli in the go_modules group across 1 directory (#526) bumps the go_modules group with 1 update in the / directory: [github.com/docker/cli](https://github.com/docker/cli). updates `github.com/docker/cli` from 29.0.3+incompatible to 29.2.0+incompatible - [Commits](docker/cli@v29.0.3...v29.2.0) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 29.2.0+incompatible dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * removed deprecated code (#528) * removed deprecated code * removed all supported for v1alpha1 * fix extract for oci files (#529) * fix extract for oci files Signed-off-by: Adam Martin <[email protected]> * have extract guard against path traversal Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: Adam Martin <[email protected]> * improved test coverage (#530) * improved test coverage Signed-off-by: Adam Martin <[email protected]> * adjusted mapper_test for oddball oci files Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: Adam Martin <[email protected]> * adjust extract to handle an image index appropriately (#531) * adjust extract to handle images and image indices appropriately Signed-off-by: Adam Martin <[email protected]> * updates for review feedback Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: Adam Martin <[email protected]> * fix dockerhub default host bug (#534) Signed-off-by: Adam Martin <[email protected]> * adjust hauler's kind annotation to not reflect cosign (#535) Signed-off-by: Adam Martin <[email protected]> * bump google.golang.org/grpc in the go_modules group across 1 directory (#536) bumps the go_modules group with 1 update in the / directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go). updates `google.golang.org/grpc` from 1.78.0 to 1.79.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.78.0...v1.79.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.79.3 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add cherry-pick workflow for release branches (#533) this workflow automates cherry-picking changes from merged pull requests to specified release branches based on comments... it handles permission checks, version parsing, and conflict resolution during the cherry-pick process. Signed-off-by: Camryn Carter <[email protected]> * images.txt testdata file (#539) * fix keep registry logic (#537) * fixed keep registry logic * trim library/ * updated test * test updates * option to sync images.txt files natively (#538) * sync images.txt files * test worklflow sync w image list * images.txt * chunk the haul (#519) * chunk the haul * validate numeric suffix on join * enforce valid chunk size * containerd warning * updated test.go files * bump github.com/go-jose/go-jose/v4 (#542) bumps the go_modules group with 1 update in the / directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose). updates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4 - [Release notes](https://github.com/go-jose/go-jose/releases) - [Commits](go-jose/go-jose@v4.1.3...v4.1.4) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.1.4 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * allow multiple prefix references (#532) * allow multiple prefix references * fixed some duplications * add optional flag for excluding extra artifacts when pulling from a registry (#541) * add optional flag for excluding extra artifacts when pulling from a registry Signed-off-by: Adam Martin <[email protected]> * add optional flag to charts for excluding extra artifacts when pulling from a registry Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Adam Martin <[email protected]> Signed-off-by: Camryn Carter <[email protected]> Co-authored-by: devLeitner <[email protected]> Co-authored-by: devleitner <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Camryn Carter <[email protected]> Co-authored-by: Adam Martin <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comparing changes

Open a pull request

Commits on Jan 22, 2026

Commits on Jan 27, 2026

Commits on Feb 13, 2026

Commits on Feb 14, 2026

Commits on Feb 23, 2026

Commits on Apr 8, 2026

This comparison is taking too long to generate.

Uh oh!