build(deps): Bump github.com/google/go-containerregistry from 0.20.6 to 0.21.6

[dependabot]

Bumps github.com/google/go-containerregistry from 0.20.6 to 0.21.6.

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.6

What's Changed

• fix: update dependencies to use new azure sdk components by @​gaganhr94 in google/go-containerregistry#2262
• transport: restore resp.Body in retryError so CheckError can parse it by @​alliasgher in google/go-containerregistry#2264
• pkg/registry: return 202 Accepted for PATCH chunk uploads by @​alliasgher in google/go-containerregistry#2265
• Follow OCI distribution spec for artifactType and annotations by @​malt3 in google/go-containerregistry#2269
• actions: attach Codecov token to coverage tests on main by @​Subserial in google/go-containerregistry#2270
• remote: use DeleteScope (with "delete" action) for manifest deletion by @​alliasgher in google/go-containerregistry#2266
• remote: limit concurrent layer pulls by @​gnix0 in google/go-containerregistry#2271
• pkg/registry: reject corrupt disk blobs by @​gnix0 in google/go-containerregistry#2272
• mutate: close layer readers during export by @​gnix0 in google/go-containerregistry#2277
• crane/flatten: preserve image media type when flattening by @​alliasgher in google/go-containerregistry#2267
• build(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.2.1 in the actions group across 1 directory by @​dependabot[bot] in google/go-containerregistry#2273
• build(deps): bump go.opentelemetry.io/otel from 1.36.0 to 1.41.0 by @​dependabot[bot] in google/go-containerregistry#2278
• build(deps): bump the go-deps group across 3 directories with 6 updates by @​dependabot[bot] in google/go-containerregistry#2280
• Replace go-homedir with os.UserHomeDir by @​jammie-jelly in google/go-containerregistry#2282
• pkg/name: only treat .localhost as non-HTTPS, not .local by @​blackwell-systems in google/go-containerregistry#2281
• transport: block unspecified IPs (0.0.0.0, ::) in validateRealmURL by @​marwan9696 in google/go-containerregistry#2285
• test(mutate): add Extract round-trip test for filesystem object preservation by @​blackwell-systems in google/go-containerregistry#2283
• experiments: remove deprecated support for estargz by @​thaJeztah in google/go-containerregistry#2288
• build(deps): bump aws-actions/configure-aws-credentials from 6.1.0 to 6.1.1 in the actions group by @​dependabot[bot] in google/go-containerregistry#2289
• fix: limit HTTP response body reads to prevent OOM by @​evilgensec in google/go-containerregistry#2296
• build(deps): bump the go-deps group across 3 directories with 6 updates by @​dependabot[bot] in google/go-containerregistry#2297
• transport: block redirects from token server to private/link-local addresses (SSRF fix) by @​evilgensec in google/go-containerregistry#2292
• pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract by @​anishesg in google/go-containerregistry#2279
• validate: skip non-layer layers by @​imjasonh in google/go-containerregistry#2298
• remote: validate foreign layer URLs to prevent SSRF (fixes #2259) by @​evilgensec in google/go-containerregistry#2293
• remote: block SSRF via private-IP Location headers in blob uploads by @​adilburaksen in google/go-containerregistry#2295
• fix(mutate): preserve config blob and layers for non-Docker OCI artifacts by @​blackwell-systems in google/go-containerregistry#2286
• fix: preserve per-occurrence layer identity in mutate.Image.Layers() by @​iahsanGill in google/go-containerregistry#2299
• transport: retry HTTP 429 (Too Many Requests) by @​iahsanGill in google/go-containerregistry#2301
• transport: allow bearer realm at same host:port as registry by @​iahsanGill in google/go-containerregistry#2302
• Update go version to 1.26.3 by @​Subserial in google/go-containerregistry#2300

New Contributors

• @​gaganhr94 made their first contribution in google/go-containerregistry#2262
• @​alliasgher made their first contribution in google/go-containerregistry#2264
• @​malt3 made their first contribution in google/go-containerregistry#2269
• @​gnix0 made their first contribution in google/go-containerregistry#2271
• @​blackwell-systems made their first contribution in google/go-containerregistry#2281
• @​marwan9696 made their first contribution in google/go-containerregistry#2285
• @​anishesg made their first contribution in google/go-containerregistry#2279
• @​adilburaksen made their first contribution in google/go-containerregistry#2295
• @​iahsanGill made their first contribution in google/go-containerregistry#2299

Full Changelog: google/go-containerregistry@v0.21.5...v0.21.6

v0.21.5

What's Changed

• Bump docker/cli v29.4.0, moby/api v1.54.1, moby/client v0.4.0 by @​thaJeztah in google/go-containerregistry#2254

... (truncated)

Commits

• 53f7e39 Update go version to 1.26.3 (#2300)
• bf87c3b transport: allow bearer realm at same host:port as registry (#2302)
• c55facd transport: retry HTTP 429 (Too Many Requests) (#2301)
• 68a569e fix: preserve per-occurrence layer identity in Layers() (#2299)
• 35b354b fix(mutate): preserve config blob and layers for non-Docker OCI artifacts (#2...
• e5983f2 remote: block SSRF via private-IP Location headers in blob uploads (#2295)
• 6dad820 remote: validate foreign layer URLs to prevent SSRF (fixes #2259) (#2293)
• 78bdf1b validate: skip non-layer layers (#2298)
• c29d91c pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract ...
• a70d75a transport: block redirects from token server to private/link-local addresses ...
• Additional commits viewable in compare view