Sourced from oras.land/oras-go/v2's releases.

v2.5.0

[!TIP] Upgrade to v2.5.0 for optimal performance when compiled with Go 1.22 or later.

[!WARNING] v2.5.0 does not compile with Go 1.20.x or earlier.

New Features

• Upgrade to image-spec v1.1.0 and distributio-spec v1.1.0
  • Introduce oras.PackManifestVersion1_1 for packing OCI Image Manifest defined in image-spec v1.1.0

Deprecation

• oras.PackManifestVersion1_1_RC4 is deprecated and not recommended for future use. Use oras.PackManifestVersion1_1 instead.

Bug Fixes

• Fix #698: registry.ParseReference returns false positive when registry is empty
• Fix #727: Subsequent calls to credentials.DynamicStore.Put will not set the detected credential store after the first failed attempt
• Fix #730: file.Store has race conditions when restoring content with the same name

Other Changes

• Update the Go support window to [1.21, 1.22]
• Update unit tests and examples
• Improve performance

Detailed Commits

• build(deps): bump github.com/opencontainers/image-spec from 1.1.0-rc6 to 1.1.0 by @​dependabot in oras-project/oras-go#708
• feat: upgrade to distribution-spec v1.1.0 by @​wangxiaoxuan273 in oras-project/oras-go#720
• build: bump go version by @​dextrot in oras-project/oras-go#715
• test: add a new case for UnwrapNopCloser by @​shizhMSFT in oras-project/oras-go#725
• perf: use new built-in methods introduced before go 1.22 by @​shizhMSFT in oras-project/oras-go#726
• fix: check empty registry name by @​shizhMSFT in oras-project/oras-go#729
• fix(DynamicStore): retry setCredsStore on next PUT by @​shizhMSFT in oras-project/oras-go#728
• fix(file.Store): fix race condition on restoring the same named content by @​shizhMSFT in oras-project/oras-go#731

New Contributors

• @​dextrot made their first contribution in oras-project/oras-go#715

Full Changelog: oras-project/oras-go@v2.4.0...v2.5.0

• 9b6f321 fix(file.Store): fix race condition on restoring the same named content (#731)
• 8f9f505 fix(DynamicStore): retry setCredsStore on next PUT (#728)
• d3ff5dc fix: check empty registry name (#729)
• 4503c31 perf: use new built-in methods introduced before go 1.22 (#726)
• 8d139f0 test: add a new case for UnwrapNopCloser (#725)
• bf0d637 build: bump go version (#715)
• 0285961 feat: upgrade to distribution-spec v1.1.0 (#720)
• be59736 build(deps): bump github.com/opencontainers/image-spec from 1.1.0-rc6 to 1.1....
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)