chore(deps): bump github.com/google/go-containerregistry from 0.20.2 to 0.20.3

[dependabot]

Bumps github.com/google/go-containerregistry from 0.20.2 to 0.20.3.

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.3

What's Changed

• remote/transport: Make bearer transport go-routine-safe by @​2opremio in google/go-containerregistry#1806
• Expose compare package by @​jonjohnsonjr in google/go-containerregistry#2001
• fix: redact.URL uses (*URL).Redacted to omit basic-auth password by @​bmoylan in google/go-containerregistry#1947
• bump actions to latest by @​ajayk in google/go-containerregistry#2011
• don't pin chainguard-dev/actions by @​imjasonh in google/go-containerregistry#2025
• Check for 406 status code when handling referrers API endpoint response by @​malancas in google/go-containerregistry#2026
• mutate: Create a defensive annotations copy by @​jonjohnsonjr in google/go-containerregistry#2030
• Detect zstd in crane append by @​jonjohnsonjr in google/go-containerregistry#2023
• bump deps using hack/bump-deps.sh by @​imjasonh in google/go-containerregistry#2042

New Contributors

• @​bmoylan made their first contribution in google/go-containerregistry#1947
• @​ajayk made their first contribution in google/go-containerregistry#2011
• @​malancas made their first contribution in google/go-containerregistry#2026

Full Changelog: google/go-containerregistry@v0.20.2...v0.20.3

Commits

• c4dd792 bump deps using hack/bump-deps.sh (#2042)
• 6bce25e Detect zstd in crane append (#2023)
• 06dcd85 mutate: Create a defensive annotations copy (#2030)
• a9a53a8 check for 406 status code when handling referrers endpoint response (#2026)
• 4630c40 don't pin chainguard-dev/actions (#2025)
• 808e354 bump actions to latest (#2011)
• a07d1ca fix: redact.URL uses (*URL).Redacted to omit basic-auth password (#1947)
• 00f182b Expose compare package (#2001)
• b8e87ed remote/transport: Make bearer transport go-routine-safe (#1806)
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[wagoodman]

@dependabot rebase

[wagoodman]

@dependabot rebase

[wagoodman]

@dependabot rebase

[github-actions]

Benchmark Test Results

Benchmark results from the latest changes vs base branch

make .tool/task
make[1]: Entering directory '/home/runner/work/stereoscope/stereoscope'
make[1]: Leaving directory '/home/runner/work/stereoscope/stereoscope'
.tool/task show-benchstat
?   	github.com/anchore/stereoscope	[no test files]
?   	github.com/anchore/stereoscope/examples	[no test files]
PASS
ok  	github.com/anchore/stereoscope/internal	0.003s
?   	github.com/anchore/stereoscope/internal/bus	[no test files]
PASS
ok  	github.com/anchore/stereoscope/internal/containerd	0.008s
PASS
ok  	github.com/anchore/stereoscope/internal/docker	0.004s
?   	github.com/anchore/stereoscope/internal/log	[no test files]
PASS
ok  	github.com/anchore/stereoscope/internal/podman	0.005s
?   	github.com/anchore/stereoscope/pkg/event	[no test files]
?   	github.com/anchore/stereoscope/pkg/event/parsers	[no test files]
goos: linux
goarch: amd64
pkg: github.com/anchore/stereoscope/pkg/file
cpu: AMD EPYC 7763 64-Core Processor                
BenchmarkTarIndex-4   	   34650	     34120 ns/op	    5699 B/op	      93 allocs/op
BenchmarkTarIndex-4   	   35014	     34223 ns/op	    5697 B/op	      93 allocs/op
BenchmarkTarIndex-4   	   34662	     34155 ns/op	    5699 B/op	      93 allocs/op
BenchmarkTarIndex-4   	   34885	     35060 ns/op	    5700 B/op	      93 allocs/op
BenchmarkTarIndex-4   	   34918	     34130 ns/op	    5698 B/op	      93 allocs/op
BenchmarkTarIndex-4   	   34851	     34288 ns/op	    5697 B/op	      93 allocs/op
BenchmarkTarIndex-4   	   34684	     34176 ns/op	    5698 B/op	      93 allocs/op
PASS
ok  	github.com/anchore/stereoscope/pkg/file	10.817s
PASS
ok  	github.com/anchore/stereoscope/pkg/filetree	0.004s
?   	github.com/anchore/stereoscope/pkg/filetree/filenode	[no test files]
PASS
ok  	github.com/anchore/stereoscope/pkg/image	0.005s
PASS
ok  	github.com/anchore/stereoscope/pkg/image/containerd	0.008s
PASS
ok  	github.com/anchore/stereoscope/pkg/image/docker	0.005s
PASS
ok  	github.com/anchore/stereoscope/pkg/image/oci	0.005s
PASS
ok  	github.com/anchore/stereoscope/pkg/image/oci/credhelpers	0.005s
?   	github.com/anchore/stereoscope/pkg/image/podman	[no test files]
PASS
ok  	github.com/anchore/stereoscope/pkg/image/sif	0.004s
?   	github.com/anchore/stereoscope/pkg/imagetest	[no test files]
PASS
ok  	github.com/anchore/stereoscope/pkg/tree	0.003s
PASS
ok  	github.com/anchore/stereoscope/pkg/tree/node	0.003s
goos: linux
goarch: amd64
pkg: github.com/anchore/stereoscope/test/integration
cpu: AMD EPYC 7763 64-Core Processor                
BenchmarkSimpleImage_GetImage/docker-archive-4 	    1126	   1071519 ns/op	  270776 B/op	    2179 allocs/op
BenchmarkSimpleImage_GetImage/docker-archive-4 	    1045	   1076055 ns/op	  270498 B/op	    2179 allocs/op
BenchmarkSimpleImage_GetImage/docker-archive-4 	    1120	   1064836 ns/op	  270158 B/op	    2178 allocs/op
BenchmarkSimpleImage_GetImage/docker-archive-4 	    1099	   1153315 ns/op	  270015 B/op	    2178 allocs/op
BenchmarkSimpleImage_GetImage/docker-archive-4 	     978	   1056843 ns/op	  269871 B/op	    2178 allocs/op
BenchmarkSimpleImage_GetImage/docker-archive-4 	    1102	   1135479 ns/op	  269903 B/op	    2178 allocs/op
BenchmarkSimpleImage_GetImage/docker-archive-4 	    1130	   1093182 ns/op	  269640 B/op	    2178 allocs/op
--- FAIL: BenchmarkSimpleImage_GetImage/podman
    fixture_image_simple_test.go:175: could not get fixture image: unable to detect input for 'stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7', errs: podman not available: no host address
#0 building with "default" instance using docker driver

#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 345B done
#1 DONE 0.0s

#2 [internal] load .dockerignore
#2 transferring context: 2B done
#2 DONE 0.0s

#3 [internal] load build context
#3 transferring context: 209B done
#3 DONE 0.0s

#4 [1/3] ADD file-1.txt /somefile-1.txt
#4 CACHED

#5 [2/3] ADD file-2.txt /somefile-2.txt
#5 CACHED

#6 [3/3] ADD target /
#6 CACHED

#7 exporting to image
#7 exporting layers done
#7 writing image sha256:1a518b0f178aa0cbe43094aa811cf182feb682f3b80a3e7fc14a39f5d40ba996 done
#7 naming to docker.io/library/stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7 done
#7 naming to docker.io/library/stereoscope-fixture-image-simple:latest done
#7 DONE 0.0s
ctr: failed to dial "/run/containerd/containerd.sock": connection error: desc = "transport: error while dialing: dial unix /run/containerd/containerd.sock: connect: permission denied"
--- FAIL: BenchmarkSimpleImage_GetImage
    image_fixtures.go:193: using existing image tar: 'test-fixtures/cache/stereoscope-fixture-image-simple-04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7.tar' (size: 22528, modified: 2025-03-31 15:59:35.069846994 +0000 UTC, mode: -rw-r--r--)
    image_fixtures.go:241: Build docker image: name="stereoscope-fixture-image-simple" tag="04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7"
    image_fixtures.go:291: saveImage running: docker image save stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7
    image_fixtures.go:286: 
        	Error Trace:	/home/runner/work/stereoscope/stereoscope/pkg/imagetest/image_fixtures.go:286
        	            				/home/runner/work/stereoscope/stereoscope/pkg/imagetest/image_fixtures.go:162
        	            				/home/runner/work/stereoscope/stereoscope/pkg/imagetest/image_fixtures.go:152
        	            				/home/runner/work/stereoscope/stereoscope/pkg/imagetest/image_fixtures.go:33
        	            				/home/runner/work/stereoscope/stereoscope/test/integration/fixture_image_simple_test.go:163
        	Error:      	Received unexpected error:
        	            	exit status 1
        	Test:       	BenchmarkSimpleImage_GetImage
        	Messages:   	could not import docker image to containerd (shell out)
BenchmarkSimpleImage_FetchSquashedContents/docker-archive-4         	   59588	     20055 ns/op	    2712 B/op	      21 allocs/op
BenchmarkSimpleImage_FetchSquashedContents/docker-archive-4         	   59554	     20145 ns/op	    2712 B/op	      21 allocs/op
BenchmarkSimpleImage_FetchSquashedContents/docker-archive-4         	   59948	     20109 ns/op	    2712 B/op	      21 allocs/op
BenchmarkSimpleImage_FetchSquashedContents/docker-archive-4         	   56512	     20086 ns/op	    2712 B/op	      21 allocs/op
BenchmarkSimpleImage_FetchSquashedContents/docker-archive-4         	   59856	     20109 ns/op	    2712 B/op	      21 allocs/op
BenchmarkSimpleImage_FetchSquashedContents/docker-archive-4         	   59815	     20022 ns/op	    2712 B/op	      21 allocs/op
BenchmarkSimpleImage_FetchSquashedContents/docker-archive-4         	   59799	     20118 ns/op	    2712 B/op	      21 allocs/op
--- FAIL: BenchmarkSimpleImage_FetchSquashedContents
    image_fixtures.go:193: using existing image tar: 'test-fixtures/cache/stereoscope-fixture-image-simple-04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7.tar' (size: 22528, modified: 2025-03-31 15:59:35.069846994 +0000 UTC, mode: -rw-r--r--)
    image_fixtures.go:75: error getting fixture image: 'podman' 'image-simple' with request 'podman:stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7': unable to detect input for 'stereoscope-fixture-image-simple:04e16e44161c8888a1a963720fd0443cbf7eef8101434c431de8725cd98cc9f7', errs: podman not available: no host address
FAIL
exit status 1
FAIL	github.com/anchore/stereoscope/test/integration	19.706s
?   	github.com/anchore/stereoscope/test/integration/test-fixtures/registry	[no test files]
FAIL
goos: linux
goarch: amd64
pkg: github.com/anchore/stereoscope/pkg/file
cpu: AMD EPYC 7763 64-Core Processor                
ctr: 
           │ .tmp/benchmark-c73bd5b.txt │
           │           sec/op           │
TarIndex-4                  34.18µ ± 3%

           │ .tmp/benchmark-c73bd5b.txt │
           │            B/op            │
TarIndex-4                 5.564Ki ± 0%

           │ .tmp/benchmark-c73bd5b.txt │
           │         allocs/op          │
TarIndex-4                   93.00 ± 0%

pkg: github.com/anchore/stereoscope/test/integration
                                      │ .tmp/benchmark-c73bd5b.txt │
                                      │           sec/op           │
SimpleImage_GetImage/docker-archive-4                  1.076m ± 7%

                                      │ .tmp/benchmark-c73bd5b.txt │
                                      │            B/op            │
SimpleImage_GetImage/docker-archive-4                 263.7Ki ± 0%

                                      │ .tmp/benchmark-c73bd5b.txt │
                                      │         allocs/op          │
SimpleImage_GetImage/docker-archive-4                  2.178k ± 0%

ctr: failed to dial "/run/containerd/containerd.sock": connection error: desc = "transport: error while dialing: dial unix /run/containerd/containerd.sock: connect: permission denied"
                                                   │ .tmp/benchmark-c73bd5b.txt │
                                                   │           sec/op           │
SimpleImage_FetchSquashedContents/docker-archive-4                  20.11µ ± 0%

                                                   │ .tmp/benchmark-c73bd5b.txt │
                                                   │            B/op            │
SimpleImage_FetchSquashedContents/docker-archive-4                 2.648Ki ± 0%

                                                   │ .tmp/benchmark-c73bd5b.txt │
                                                   │         allocs/op          │
SimpleImage_FetchSquashedContents/docker-archive-4                   21.00 ± 0%
goos: linux
goarch: amd64
pkg: github.com/anchore/stereoscope/pkg/file
cpu: AMD EPYC 7763 64-Core Processor                
ctr: 
           │ .tmp/benchmark-c73bd5b.txt │
           │           sec/op           │
TarIndex-4                  34.18µ ± 3%

           │ .tmp/benchmark-c73bd5b.txt │
           │            B/op            │
TarIndex-4                 5.564Ki ± 0%

           │ .tmp/benchmark-c73bd5b.txt │
           │         allocs/op          │
TarIndex-4                   93.00 ± 0%

pkg: github.com/anchore/stereoscope/test/integration
                                      │ .tmp/benchmark-c73bd5b.txt │
                                      │           sec/op           │
SimpleImage_GetImage/docker-archive-4                  1.076m ± 7%

                                      │ .tmp/benchmark-c73bd5b.txt │
                                      │            B/op            │
SimpleImage_GetImage/docker-archive-4                 263.7Ki ± 0%

                                      │ .tmp/benchmark-c73bd5b.txt │
                                      │         allocs/op          │
SimpleImage_GetImage/docker-archive-4                  2.178k ± 0%

ctr: failed to dial "/run/containerd/containerd.sock": connection error: desc = "transport: error while dialing: dial unix /run/containerd/containerd.sock: connect: permission denied"
                                                   │ .tmp/benchmark-c73bd5b.txt │
                                                   │           sec/op           │
SimpleImage_FetchSquashedContents/docker-archive-4                  20.11µ ± 0%

                                                   │ .tmp/benchmark-c73bd5b.txt │
                                                   │            B/op            │
SimpleImage_FetchSquashedContents/docker-archive-4                 2.648Ki ± 0%

                                                   │ .tmp/benchmark-c73bd5b.txt │
                                                   │         allocs/op          │
SimpleImage_FetchSquashedContents/docker-archive-4                   21.00 ± 0%