Bump github.com/google/go-containerregistry from 0.21.2 to 0.21.7

[dependabot]

Bumps github.com/google/go-containerregistry from 0.21.2 to 0.21.7.

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.7

What's Changed

• tarball: return error instead of panicking on missing rootfs.diff_ids by @​iahsanGill in google/go-containerregistry#2304
• gcrane: honor --platform flag in copy by @​iahsanGill in google/go-containerregistry#2307
• mutate: verify layer digests in Extract and Time by @​momenashrafff in google/go-containerregistry#2303
• tarball: close layer readers during Write by @​nandbhat in google/go-containerregistry#2308
• build(deps): bump the actions group across 1 directory with 2 updates by @​dependabot[bot] in google/go-containerregistry#2311
• build(deps): bump github.com/docker/cli from 29.4.3+incompatible to 29.5.2+incompatible in the go-deps group across 1 directory by @​dependabot[bot] in google/go-containerregistry#2312
• BUGFIX: Fail with error when read exceeds maximum by @​inteon in google/go-containerregistry#2328
• build(deps): bump the actions group across 1 directory with 2 updates by @​dependabot[bot] in google/go-containerregistry#2327
• fix(name): anchor loopback registry detection by @​rohan-patnaik in google/go-containerregistry#2314
• Reject symlinks in OCI layout blobs by @​mosskappa in google/go-containerregistry#2306
• fix(crane): avoid creating export tar on pull failure by @​Haihan-Jiang in google/go-containerregistry#2318
• feat(kubernetes): allow ignoring pull secrets by @​rohan-patnaik in google/go-containerregistry#2315
• fix(name): preserve localhost registry references by @​rohan-patnaik in google/go-containerregistry#2316
• pkg/registry: export ErrNotFound by @​malt3 in google/go-containerregistry#2176
• pkg/registry: export RedirectError by @​malt3 in google/go-containerregistry#2177
• build(deps): bump the go-deps group across 1 directory with 2 updates by @​dependabot[bot] in google/go-containerregistry#2343
• build(deps): bump the actions group across 1 directory with 2 updates by @​dependabot[bot] in google/go-containerregistry#2344
• fix: prevent SSRF in google.List() pagination by @​tufstraka in google/go-containerregistry#2332
• internal/gzip: fix goroutine leak in ReadCloserLevel by @​amarkdotdev in google/go-containerregistry#2347
• fix(transport): apply refreshed bearer token after cross-host redirect by @​64johnlee in google/go-containerregistry#2337
• build(deps): bump the go-deps group across 3 directories with 4 updates by @​dependabot[bot] in google/go-containerregistry#2348
• fix(tarball): normalize paths when matching files by @​bstoll in google/go-containerregistry#2334
• transport: do not re-attach bearer token after cross-host redirect by @​evilgensec in google/go-containerregistry#2349
• Bump CI go version to 1.26.4 by @​Subserial in google/go-containerregistry#2350

New Contributors

• @​momenashrafff made their first contribution in google/go-containerregistry#2303
• @​nandbhat made their first contribution in google/go-containerregistry#2308
• @​inteon made their first contribution in google/go-containerregistry#2328
• @​rohan-patnaik made their first contribution in google/go-containerregistry#2314
• @​mosskappa made their first contribution in google/go-containerregistry#2306
• @​Haihan-Jiang made their first contribution in google/go-containerregistry#2318
• @​tufstraka made their first contribution in google/go-containerregistry#2332
• @​amarkdotdev made their first contribution in google/go-containerregistry#2347
• @​64johnlee made their first contribution in google/go-containerregistry#2337
• @​bstoll made their first contribution in google/go-containerregistry#2334

Full Changelog: google/go-containerregistry@v0.21.6...v0.21.7

v0.21.6

What's Changed

• fix: update dependencies to use new azure sdk components by @​gaganhr94 in google/go-containerregistry#2262
• transport: restore resp.Body in retryError so CheckError can parse it by @​alliasgher in google/go-containerregistry#2264
• pkg/registry: return 202 Accepted for PATCH chunk uploads by @​alliasgher in google/go-containerregistry#2265
• Follow OCI distribution spec for artifactType and annotations by @​malt3 in google/go-containerregistry#2269
• actions: attach Codecov token to coverage tests on main by @​Subserial in google/go-containerregistry#2270
• remote: use DeleteScope (with "delete" action) for manifest deletion by @​alliasgher in google/go-containerregistry#2266
• remote: limit concurrent layer pulls by @​gnix0 in google/go-containerregistry#2271

... (truncated)

Commits

• c68d899 Bump go version to 1.26.4 (#2350)
• da61d86 transport: do not re-attach bearer token after cross-host redirect (#2349)
• 09fe1e5 fix(tarball): normalize paths when matching files (#2334)
• 5baa399 build(deps): bump the go-deps group across 3 directories with 4 updates (#2348)
• 97a8a17 fix(transport): apply refreshed bearer token after cross-host redirect (#2337)
• e963497 internal/gzip: fix goroutine leak in ReadCloserLevel (#2347)
• 02649ea fix: prevent SSRF in google.List() pagination (#2332)
• 7204b40 build(deps): bump the actions group across 1 directory with 2 updates (#2344)
• 4cfaa93 build(deps): bump the go-deps group across 1 directory with 2 updates (#2343)
• 6849394 pkg/registry: export RedirectError (#2177)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign heavywombat for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment