fix: handling of file referenced dependencies without repository field#514
Merged
zackbradys merged 1 commit intohauler-dev:mainfrom Mar 2, 2026
Merged
Conversation
devLeitner
force-pushed
the
fix/dependency-without-repository
branch
from
237c156 to
d573c0a
Compare
devLeitner
force-pushed
the
fix/dependency-without-repository
branch
from
d573c0a to
e44c3f8
Compare
Contributor
Author
|
fyi: had to do some rebasing to verify my commit... |
Contributor
Author
|
As you can see in the integration tests, I added the scenario: 
|
zackbradys
approved these changes
Feb 27, 2026
amartin120
pushed a commit
that referenced
this pull request
Mar 6, 2026
* fix: handling of file referenced dependencies without repository field (#514) co-authored-by: devleitner <[email protected]> * bump go.opentelemetry.io/otel/sdk (#520) bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go). updates `go.opentelemetry.io/otel/sdk` from 1.39.0 to 1.40.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.39.0...v1.40.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.40.0 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * dev.md file (#521) * smaller changes and updates for v1.4.2 release (#524) * smaller changes and updates for v1.4.2 release * removed unused env variable --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: devLeitner <[email protected]> Co-authored-by: devleitner <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Camryn Carter <[email protected]>
zackbradys
added a commit
that referenced
this pull request
Apr 8, 2026
* fix: handling of file referenced dependencies without repository field (#514) co-authored-by: devleitner <[email protected]> * bump go.opentelemetry.io/otel/sdk (#520) bumps the go_modules group with 1 update in the / directory: [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go). updates `go.opentelemetry.io/otel/sdk` from 1.39.0 to 1.40.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.39.0...v1.40.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.40.0 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * dev.md file (#521) * smaller changes and updates for v1.4.2 release (#524) * smaller changes and updates for v1.4.2 release * removed unused env variable * over-"haul": replace oras v1 and cosign fork with native containerd-based implementation (#515) * remove oras from hauler Signed-off-by: Adam Martin <[email protected]> * remove cosign fork and use upstream cosign for verification Signed-off-by: Adam Martin <[email protected]> * added support for oci referrers Signed-off-by: Adam Martin <[email protected]> * updated README.md projects list Signed-off-by: Adam Martin <[email protected]> * updates for copilot PR review Signed-off-by: Adam Martin <[email protected]> * bug fix for unsafe type assertions Signed-off-by: Adam Martin <[email protected]> * bug fix for http getter and dead code Signed-off-by: Adam Martin <[email protected]> * fixes for more clarity and better error handling Signed-off-by: Adam Martin <[email protected]> * bug fix for resource leaks and unchecked errors Signed-off-by: Adam Martin <[email protected]> * bug fix for rewrite logic for docker.io images due to cosign removal Signed-off-by: Adam Martin <[email protected]> * bug fix for sigs and referrers Signed-off-by: Adam Martin <[email protected]> * bug fix for index.json missing mediatype Signed-off-by: Adam Martin <[email protected]> * bug fix to make sure manifest.json doesnt include anything other than actual container images Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: Adam Martin <[email protected]> * bump github.com/docker/cli in the go_modules group across 1 directory (#526) bumps the go_modules group with 1 update in the / directory: [github.com/docker/cli](https://github.com/docker/cli). updates `github.com/docker/cli` from 29.0.3+incompatible to 29.2.0+incompatible - [Commits](docker/cli@v29.0.3...v29.2.0) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 29.2.0+incompatible dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * removed deprecated code (#528) * removed deprecated code * removed all supported for v1alpha1 * fix extract for oci files (#529) * fix extract for oci files Signed-off-by: Adam Martin <[email protected]> * have extract guard against path traversal Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: Adam Martin <[email protected]> * improved test coverage (#530) * improved test coverage Signed-off-by: Adam Martin <[email protected]> * adjusted mapper_test for oddball oci files Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: Adam Martin <[email protected]> * adjust extract to handle an image index appropriately (#531) * adjust extract to handle images and image indices appropriately Signed-off-by: Adam Martin <[email protected]> * updates for review feedback Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: Adam Martin <[email protected]> * fix dockerhub default host bug (#534) Signed-off-by: Adam Martin <[email protected]> * adjust hauler's kind annotation to not reflect cosign (#535) Signed-off-by: Adam Martin <[email protected]> * bump google.golang.org/grpc in the go_modules group across 1 directory (#536) bumps the go_modules group with 1 update in the / directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go). updates `google.golang.org/grpc` from 1.78.0 to 1.79.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.78.0...v1.79.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.79.3 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * add cherry-pick workflow for release branches (#533) this workflow automates cherry-picking changes from merged pull requests to specified release branches based on comments... it handles permission checks, version parsing, and conflict resolution during the cherry-pick process. Signed-off-by: Camryn Carter <[email protected]> * images.txt testdata file (#539) * fix keep registry logic (#537) * fixed keep registry logic * trim library/ * updated test * test updates * option to sync images.txt files natively (#538) * sync images.txt files * test worklflow sync w image list * images.txt * chunk the haul (#519) * chunk the haul * validate numeric suffix on join * enforce valid chunk size * containerd warning * updated test.go files * bump github.com/go-jose/go-jose/v4 (#542) bumps the go_modules group with 1 update in the / directory: [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose). updates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4 - [Release notes](https://github.com/go-jose/go-jose/releases) - [Commits](go-jose/go-jose@v4.1.3...v4.1.4) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.1.4 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * allow multiple prefix references (#532) * allow multiple prefix references * fixed some duplications * add optional flag for excluding extra artifacts when pulling from a registry (#541) * add optional flag for excluding extra artifacts when pulling from a registry Signed-off-by: Adam Martin <[email protected]> * add optional flag to charts for excluding extra artifacts when pulling from a registry Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: Adam Martin <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Adam Martin <[email protected]> Signed-off-by: Camryn Carter <[email protected]> Co-authored-by: devLeitner <[email protected]> Co-authored-by: devleitner <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Camryn Carter <[email protected]> Co-authored-by: Adam Martin <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Please check below, if the PR fulfills these requirements:
Associated Links:
#513
Types of Changes:
Bugfix: Handling of empty repository field in Chart dependencies
Proposed Changes:
Adding a flag to handle dependencies without a repository the same as
file://dependenciesVerification/Testing of Changes:
This is the output after my fix and before my fix: