chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0 to 3.1.0 in the go_modules group across 1 directory by dependabot[bot] · Pull Request #337 · bitnami/charts-syncer

dependabot · 2026-04-06T17:54:07Z

Bumps the go_modules group with 1 update in the / directory: github.com/distribution/distribution/v3.

Updates github.com/distribution/distribution/v3 from 3.0.0 to 3.1.0

Release notes

Sourced from github.com/distribution/distribution/v3's releases.

v3.1.0

Welcome to the v3.1.0 release of registry!

This is a stable release

Please try out the release binaries and report any issues at https://github.com/distribution/distribution/issues.

Notable Changes

Fixes CVE-2026-35172

Fixes CVE-2026-33540

Adds support for tag pagination (#4360, #4353)

Fixes default credentials in Azure storage provider (#4619)

Drops support for go1.23 and go1.24 and updates to go1.25

See the full changelog below for the full list of changes.

What's Changed

docs: Update to refer to new image tag v3 by @schanzel in distribution/distribution#4373

Fix default_credentials in azure storage provider by @switchboardOp in distribution/distribution#4619

chore: make function comment match function name by @closeobserve in distribution/distribution#4622

build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules group across 1 directory by @dependabot[bot] in distribution/distribution#4625

fix: implement JWK thumbprint for Ed25519 public keys by @zhangyoufu in distribution/distribution#4626

fix: Annotate code block from validation.indexes configuration docs by @anzoman in distribution/distribution#4629

feat: extract redis config to separate struct by @shanduur in distribution/distribution#4620

Fix: resolve issue #4478 by using a temporary file for non-append writes by @onporat in distribution/distribution#4624

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in distribution/distribution#4645

docs: Add note about OTEL_TRACES_EXPORTER by @jcpunk in distribution/distribution#4669

fix: set OTEL traces to disabled by default by @jcpunk in distribution/distribution#4671

Fix markdown syntax for OTEL traces link in docs by @shantanoo-desai in distribution/distribution#4676

Switch UUIDs to UUIDv7 by @binaryfire in distribution/distribution#4666

refactor: replace map iteration with maps.Copy/Clone by @whosehang in distribution/distribution#4632

s3-aws: fix build for 386 by @ChenQi1989 in distribution/distribution#4642

docs: Add OpenTelemetry links to quickstart docs (#4270) by @dpw13 in distribution/distribution#4640

Fix S3 driver loglevel param by @milosgajdos in distribution/distribution#4617

Fixed data race in TestSchedule test by @horoshev in distribution/distribution#4647

Fixes #4683 - uses X/Y instead of Gx/Gy for thumbprint of ecdsa keys by @gpgenaiz in distribution/distribution#4684

build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in distribution/distribution#4687

Fix broken link to Docker Hub fair use policy by @Klikini in distribution/distribution#4688

fix(registry/handlers/app): redis CAs by @ChandonPierre in distribution/distribution#4668

build(deps): bump actions/labeler from 5 to 6 by @dependabot[bot] in distribution/distribution#4694

build(deps): bump actions/setup-go from 5 to 6 by @dependabot[bot] in distribution/distribution#4693

build(deps): bump actions/upload-pages-artifact from 3 to 4 by @dependabot[bot] in distribution/distribution#4691

build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in distribution/distribution#4706

build(deps): bump github/codeql-action from 3.26.5 to 4.30.7 by @dependabot[bot] in distribution/distribution#4710

build(deps): bump github/codeql-action from 4.30.7 to 4.30.8 by @dependabot[bot] in distribution/distribution#4714

chore: labeler: add area/client mapping for internal/client/** by @artem-tkachuk in distribution/distribution#4716

client: add Accept headers to Exists() HEAD by @artem-tkachuk in distribution/distribution#4715

feat(registry): Make graceful shutdown test robust by @Sumedhvats in distribution/distribution#4720

... (truncated)

Commits

708f8d6 chore(ci): Prep for v3.1 release (#4841)
b1d5dbc chore(ci): Prep for v3.1 release
078b078 Merge commit from fork
cccd0d4 fix(vendor): fix broke vendor validation (#4839)
49447e8 fix(vendor): fix broke vendpor validation
cc5d5fa Merge commit from fork
4cfa178 build(deps): bump actions/configure-pages from 5.0.0 to 6.0.0 (#4834)
c4bac3b build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0 (#4836)
2f2ce9f Opt: refactor tag list pagination support (#4353)
6a02a0e Opt: refactor tag list pagination support
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the go_modules group with 1 update in the / directory: [github.com/distribution/distribution/v3](https://github.com/distribution/distribution). Updates `github.com/distribution/distribution/v3` from 3.0.0 to 3.1.0 - [Release notes](https://github.com/distribution/distribution/releases) - [Commits](distribution/distribution@v3.0.0...v3.1.0) --- updated-dependencies: - dependency-name: github.com/distribution/distribution/v3 dependency-version: 3.1.0 dependency-type: direct:production dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Apr 6, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0 to 3.1.0 in the go_modules group across 1 directory#337

chore(deps): bump github.com/distribution/distribution/v3 from 3.0.0 to 3.1.0 in the go_modules group across 1 directory#337
dependabot[bot] wants to merge 1 commit intov2from
dependabot/go_modules/go_modules-389f8475a3

dependabot bot commented on behalf of github Apr 6, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 6, 2026

v3.1.0

Notable Changes

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants