chore(deps): bump github.com/google/go-containerregistry from 0.20.2 to 0.20.7 in /src

[dependabot]

Bumps github.com/google/go-containerregistry from 0.20.2 to 0.20.7.

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.7

What's Changed

• Fix ArgsEscaped lint directive by @​Subserial in google/go-containerregistry#2137
• transport: Fix broken links to distribution docs by @​guzalv in google/go-containerregistry#2136
• fix(remote): using customized retry predicate func if provided by @​derekhjray in google/go-containerregistry#2135
• Adding docker file by @​HassanJasim in google/go-containerregistry#2138
• crane: Add timestamp to flatten layer by @​Stephanie0829 in google/go-containerregistry#2117
• feat(remote): pass retryBackoff option to transport by @​aslafy-z in google/go-containerregistry#1628
• Expose clobber refusal error by @​pjbgf in google/go-containerregistry#2146
• Build artifacts for riscv64 by @​ffgan in google/go-containerregistry#2159
• Update dependencies and deprecate DockerVersion field by @​Subserial in google/go-containerregistry#2164

New Contributors

• @​guzalv made their first contribution in google/go-containerregistry#2136
• @​derekhjray made their first contribution in google/go-containerregistry#2135
• @​HassanJasim made their first contribution in google/go-containerregistry#2138
• @​Stephanie0829 made their first contribution in google/go-containerregistry#2117
• @​pjbgf made their first contribution in google/go-containerregistry#2146
• @​ffgan made their first contribution in google/go-containerregistry#2159

Full Changelog: google/go-containerregistry@v0.20.6...v0.20.7

v0.20.6

What's Changed

• Ensure that tag name is not empty if name contains colon by @​SaschaSchwarze0 in google/go-containerregistry#2094
• Bump some deps by @​jonjohnsonjr in google/go-containerregistry#2110

New Contributors

• @​SaschaSchwarze0 made their first contribution in google/go-containerregistry#2094

Full Changelog: google/go-containerregistry@v0.20.4...v0.20.6

v0.20.5

What's Changed

• build(deps): bump docker/docker to v28.0.0+incompatible by @​luhring in google/go-containerregistry#2071
• Migrate linter to v2 by @​Subserial in google/go-containerregistry#2096
• bump go version + bump deps by @​Subserial in google/go-containerregistry#2093
• implement TextMarshaler/JSONMarshaler more consistently by @​imjasonh in google/go-containerregistry#2097
• Update CodeQL permissions by @​Subserial in google/go-containerregistry#2103
• Update goreleaser permissions by @​Subserial in google/go-containerregistry#2104
• Update provenance action in release by @​Subserial in google/go-containerregistry#2105
• Update validator action by @​Subserial in google/go-containerregistry#2106

New Contributors

• @​luhring made their first contribution in google/go-containerregistry#2071
• @​Subserial made their first contribution in google/go-containerregistry#2096

Full Changelog: google/go-containerregistry@v0.20.3...v0.20.5

v0.20.4 - Not usable as a go module

... (truncated)

Commits

• e075f20 go mod tidy on dependabot update (#2171)
• 45aacf4 Bump the actions group across 1 directory with 3 updates (#2170)
• 073b936 Update dependencies and deprecate DockerVersion field (#2164)
• 390dacd Bump golang.org/x/crypto from 0.38.0 to 0.45.0 in /cmd/krane (#2163)
• ca44d47 Bump golang.org/x/crypto from 0.38.0 to 0.45.0 in /pkg/authn/k8schain (#2162)
• 999cc1f Bump github.com/docker/docker (#2161)
• d1809c8 Build artifacts for riscv64 (#2159)
• 7471efd Bump the auxiliary-deps group across 3 directories with 4 updates (#2156)
• 2bb5bb0 Bump the actions group with 5 updates (#2155)
• 16371c1 Remove manual vendor setting for dependabot (#2151)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Summary by cubic

Bump github.com/google/go-containerregistry from 0.20.2 to 0.20.7 to pick up bug fixes and improved retry/backoff behavior with remote registries. This also refreshes a few indirect dependencies for compatibility.

• Dependencies
  • github.com/google/go-containerregistry to 0.20.7 (direct)
  • go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to 0.61.0
  • golang.org/x/oauth2 to 0.33.0
  • github.com/containerd/stargz-snapshotter/estargz to 0.18.1
  • github.com/docker/cli to 29.0.3 and docker-credential-helpers to 0.9.3

^{Written for commit febd9e4. Summary will update on new commits.}

[dependabot]

Labels

The following labels could not be found: branch/main, release-note/bump-version. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 2 files

[Vad1mo]

@dependabot recreate

[dependabot]

The dependabot.yml entry that created this PR has been deleted so this PR can't be recreated. Please close the PR so Dependabot can create a new one with the current dependabot.yml.