chore(deps): update regclient/regctl docker tag to v0.8.2

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
regclient/regctl	stage	minor	v0.5.7 -> v0.8.2

---

Release Notes

regclient/regclient (regclient/regctl)

v0.8.2

Compare Source

Release v0.8.2

This fixes a regression in v0.8.1 for users authenticating using a refresh token.

Fixes:

• Allow authentication with a token. (PR 908)

Contributors:

• @​sudo-bmitch

v0.8.1

Compare Source

Release v0.8.1

Security:

• Go v1.23.6 fixes CVE-2025-22866. (PR 906)

Features:

• Improve regctl arg completion. (PR 895)
• Add cobra command for documentation. (PR 900)

Fixes:

• Do not request offline refresh token. (PR 893)
• Ignore unsupported entries in docker config. (PR 894)
• Align log levels with slog. (PR 901)
• Interval overrides a default schedule in regsync and regbot. (PR 904)

Miscellaneous:

• Adding a logo. (PR 889)

Contributors:

• @​obaibula
• @​sudo-bmitch

v0.8.0

Compare Source

Release v0.8.0

Highlights

There are three headline changes in this release: slog support, external referrers, and deprecating legacy packages.

This release switches from logrus to slog.
Migration methods are included to minimize the impact on existing users.
Anyone parsing the logging output from regctl, regsync, and regbot will notice the format has changed.

External referrers allow referrers to be pushed and pulled from a separate repository from the subject image.
This feature requires users to provide the external repository themselves since a registry has no way to communicate this to the user.
An example use case of this feature are third parties, like security scanners, providing attestations of images they do not control.

Legacy packages have been disabled by default and will eventually be removed.
To continue using legacy packages until their removal, you may compile with -tags legacy.

Breaking

• Breaking: Warning handlers switched from logrus to slog which will only impact those with a custom warning handler. (PR 847)
• Breaking: Disable legacy packages by default. (PR 852)

Features

• Feat: Refactor logging to use log/slog. (PR 847)
• Feat: Switch regbot to slog. (PR 849)
• Feat: Switch regctl to slog. (PR 850)
• Feat: Switch regsync to slog. (PR 851)
• Feat: Move logrus calls into files excluded by wasm. (PR 853)
• Feat: Allow plus in ocidir path. (PR 856)
• Feat: Support referrers in an external repository. (PR 866)
• Feat: Image mod environment variables. (PR 867)
• Feat: Include source in referrers response. (PR 870)
• Feat: Add external flag to regctl artifact put. (PR 873)
• Feat: Copy image with external referrers. (PR 874)
• Feat: Document community maintained packages. (PR 878)
• Feat: Support external referrers in regsync. (PR 881)
• Feat: Support incomplete subject descriptor. (PR 885)

Fixes

• Fix: Inject release notes by file. (PR 854)
• Fix: Platform test for darwin/macos should not add variant. (PR 879)
• Fix: Handle repeated digest in copy with external referrers. (PR 882)

Chores

• Chore: Improve error message when inspecting artifacts. (PR 862)
• Chore: Remove unused short arg parameters. (PR 877)

Contributors

• @​sudo-bmitch

v0.7.2

Compare Source

Release v0.7.2

Breaking Changes:

The breaking changes are to internal methods and undocumented features that should not be encountered by users.

• Update scheme to use pqueue instead of throttle. (PR 803)
• Removes an undocumented API for deleting images from Hub. (PR 803)
• config.Host.Throttle() has been removed. Use scheme.Throttler instead. (PR 813)

Features:

• Significant refactor of http APIs to speed up image copies. (PR 803)
• Add a priority queue for network requests. (PR 803)
• Move logging into transport and rework backoff. (PR 803)
• Remove default rate limit. (PR 803)
• Add priority queue algorithm and reorder image copy steps. (PR 803)
• Consolidate warnings. (PR 810)
• Limit number of retries for a request. (PR 812)
• Add default host config. (PR 821)

Fixes:

• Update GHA output generating steps. (PR 800)
• Lookup referrers when registry does not give digest with head. (PR 801)
• Support auth on redirect. (PR 805)
• Prevent data race when reading blob and seeking. (PR 814)
• Detect integer overflows on type conversion. (PR 830)
• Add a warning if syft is not installed. (PR 841)
• Race condition in the pqueue tests. (PR 843)
• Dedup warnings on image mod. (PR 846)

Chores:

• Update staticcheck and fix linter warnings for Go 1.23. (PR 804)
• Remove digest calculation from reghttp. (PR 803)
• Remove ReqPerSec in tests. (PR 806)
• Move throttle from config to reghttp. (PR 813)
• Refactoring to remove globals in regsync. (PR 815)
• Refactor to remove globals in regbot. (PR 816)
• Remove throttle package. (PR 817)
• Update version-bump config for processors. (PR 828)
• Update config to use yaml anchors and aliases (PR 829)
• Do not automatically assign myself to GitHub issues. (PR 831)
• Remove OpenSSF scorecard and best practices. (PR 832)
• Update docker image base filesystem. (PR 837)

Contributors:

• @​sudo-bmitch

v0.7.1

Compare Source

Release v0.7.1

PR 798 fixes an issue where a malicious registry could return a pinned manifest different from the request.
Commands like regctl manifest get $image@$digest will now verify the digest of the returned manifest matches the request rather than the registry headers.

Security updates:

• Validate the digest of the ref when provided. (PR 798) (GHSA-qv35-3gw6-8q4j)

Features:

• Add a WithDockerCredsFile() regclient.Opt. (PR 784)
• Add regctl artifact get --config option to only return the config. (PR 795)

Fixes:

• Detect amd64 variants for --platform local. (PR 782)
• Mod tracking of changed manifests. (PR 783)
• Tar path separator should always be a /. (PR 788)

Other Changes:

• Remove docker build cache in GHA. (PR 780)

Contributors:

• @​mmonaco
• @​stormyyd
• @​sudo-bmitch

v0.7.0

Compare Source

Release v0.7.0

CVEs:

• CVE-2024-24790 fix included with Go 1.22.4 upgrade. (PR 762)
• CVE-2024-24791 fix included with Go 1.22.5 upgrade. (PR 777)

Breaking:

• regctl registry set and regctl registry login will return a non-zero if the ping fails. (PR 751)
• Removed WithFS which required access to an internal interface to use. (PR 772)

Features:

• Add an experimental regctl ref command. (PR 765)
• Support digest algorithms beyond sha256. (PR 776)
• Support modifying the digest algorithm on an image. (PR 776)
• Experimental support for pushing tagged manifests with different digest algorithms. (PR 778)

Fixes:

• Prevent panic on interrupted image mod. (PR 746)
• Enable deletion on olareg tests. (PR 758)
• Allow ~ (tilde) in ocidir reference paths. (PR 763)
• Allow well known architectures as a platform. (PR 771)
• Validate digests before calling methods that could panic. (PR 776)

Other changes:

• Refactor pulling manifests by platform. (PR 768)
• Cleanup Dockerfile linter warnings. (PR 770)
• Enable docker caching of GHA builds. (PR 773)
• Include a contributor list in the readme. (PR 774)

Contributors:

• @​sudo-bmitch
• @​thesayyn

v0.6.1

Compare Source

Release v0.6.1

CVEs:

• Go update fixes CVE-2024-24788. (PR 739)

Breaking:

• pkg/archive.Compress no longer decompresses the input. (PR 732)

Features:

• Add the regclient.ImageConfig method. (PR 706)
• Add ability to modify the layer compression. (PR 730)
• Add support for zstd compressed layers. (PR 732)
• Add image mod ability to append layers to an image. (PR 736)
• regctl image mod add layer from directory. (PR 740)

Fixes:

• Override the Go version used by the OSV Scanner. (PR 691)
• Validate media types on regctl artifact put. (PR 707)
• Use the provided descriptor in the BlobGet/Head to a registry. (PR 724)
• Replace "whitelist" with "known list" for inclusivity. (PR 725)
• Handle nil pointer when config file is a directory. (PR 738)

Chores:

• Limit token permission on the coverage action. (PR 705)
• Clarify regctl manifest head --platform will trigger a get request. (PR 713)
• Reenable OSV Scanner weekly check in GitHub Actions. (PR 715)
• Add fuzzing tests for compression. (PR 741)

Contributors:

• @​sudo-bmitch

v0.6.0

Compare Source

Release v0.6.0

Breaking:

• regctl artifact put no longer includes the filename annotation by default. Use --file-title to include. (PR 659)
• Dropping Go 1.19 support (PR 656)
• The platform string for windows images no longer includes the non-standard OS Version value. (PR 685)

Fixes:

• Allow pushing artifacts without an artifactType value. (PR 658)
• Image mod where created image is in a different repository (PR 662)
• Improve returned errors from regclient.ImageCopy. (PR 663)
• Cancel blob uploads on failures. (PR 666)
• Allow ctrl-c on regctl registry login (PR 671)
• Promoting annotations should ignore child manifests that have been removed from the tree. (PR 675)
• Pin base image digest in build scripts to match Dockerfile pins. (PR 678)
• Error wrapping fixed in several locations. (PR 682)
• Platform selection now finds the best match rather than the first compatible match. (PR 685)
• Update registry versions in CI tests. (PR 687)
• Missing lines from diff context. (PR 688)
• Replace syft packages with syft scan. (PR 695)
• Image mod can manage the data file on the config descriptor of artifacts. (PR 697)

Features:

• Adding Go 1.22 support (PR 656)
• Add BlobDelete support for ocidir references. (PR 669)
• Add regctl blob delete command. (PR 669)
• Support formatting output on regctl registry config. (PR 673)
• Add image mod ability to promote common annotations in the child images to the index. (PR 674)
• Specifying windows OS Version now uses a comma separated syntax in the platform string. (PR 685)
• Detect AMD64 variant when looking up local platform. (PR 692)
• Add ability to set the config platform setting with regctl image mod. (PR 693)
• Image mod support for setting the entrypoint and cmd. (PR 694)

Deprecations:

• Errors in types are moved to the errs package. (PR 686)
• MediaTypes in types are moved to the mediatype package. (PR 686)
• Descriptor and associated variables in types are moved to the descriptor package. (PR 686)
• github.com/regclient/regclient/regclient (3 levels of regclient) deprecations are now identified by the standard comment to trigger linters. (PR 686)

Other changes:

• Update OSV scanner to monitor for unapproved licenses. (PR 655)
• Include an API example in the Go docs. (PR 657)
• Add examples to regctl help messages. (PR 660)
• Include the Go Report Card badge. (PR 664)
• Document the availability of the GitHub Actions installer for regctl. (PR 665)
• Add examples to regctl help messages. (PR 672)
• Redesign how annotations are added to the regclient images. (PR 676)
• Remove uuid dependency from test code, replace with a random string generator. (PR 677)
• Manage base image annotation with version-bump. (PR 679)
• Use t.Fatal where appropriate. (PR 680)
• Remove wraperr package. (PR 681)
• Add links to the GHA workflow badges. (PR 683)
• Include a download count badge. (PR 684)
• Refactoring types package to avoid circular dependency issues. (PR 686)
• Cleanup unused parameters on private functions. (PR 698)
• Resume push of SBOMs to Docker Hub. (PR 701)

Contributors:

• @​sudo-bmitch

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.