v0.17

Features

• Added --include-locked flag to purge command ([#479](#479))
• Honored --ago cutoff when purging untagged manifests ([#517](#517))
• Migrated golangci-lint to v2.3.1 ([#496](#496))

Bug Fixes

• Fixed lint errors caused by new purge flag ([#483](#483))
• Improved purge logic for untagged manifests ([#532](#532))

Maintenance & Dependencies

• Updated Go to 1.24.4 → 1.24.6 → 1.25.0
• Bumped dependencies: docker/cli, spf13/cobra, stretchr/testify, pond/v2
• Updated GitHub Actions and security tools (codeql-action, harden-runner, dependency-review, setup-go, upload-artifact, scorecard)
• Updated CODEOWNERS file ([#533](#533))

See detailed release notes below

What's Changed

• chore: update golang to 1.24.4 by @northtyphoon in #472
• chore(deps): bump oss/go/microsoft/golang from 1.24.4-fips-azurelinux3.0 to 1.24.5-fips-azurelinux3.0 by @dependabot[bot] in #474
• chore(deps): bump github.com/docker/cli from 28.3.0+incompatible to 28.3.2+incompatible by @dependabot[bot] in #475
• chore: update golang to 1.24.5 by @northtyphoon in #476
• chore(deps): bump step-security/harden-runner from 2.12.2 to 2.13.0 by @dependabot[bot] in #478
• chore(deps): bump github.com/alitto/pond/v2 from 2.4.0 to 2.5.0 by @dependabot[bot] in #477
• feat(purge): add --include-locked flag to purge command by @balcsida in #479
• fix: lint errors caused by #479 by @balcsida in #483
• chore(deps): bump github/codeql-action from 3.29.2 to 3.29.4 by @dependabot[bot] in #482
• chore(deps): bump github.com/docker/cli from 28.3.2+incompatible to 28.3.3+incompatible by @dependabot[bot] in #484
• chore(deps): bump github/codeql-action from 3.29.4 to 3.29.5 by @dependabot[bot] in #485
• chore(deps): bump github/codeql-action from 3.29.7 to 3.29.8 by @dependabot[bot] in #488
• chore(deps): bump oss/go/microsoft/golang from 1.24.5-fips-azurelinux3.0 to 1.24.6-fips-azurelinux3.0 by @dependabot[bot] in #487
• chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #492
• chore: update golang to 1.24.6 by @northtyphoon in #490
• chore(deps): bump oss/go/microsoft/golang from 1.24.6-fips-azurelinux3.0 to 1.25.0-fips-azurelinux3.0 by @dependabot[bot] in #494
• chore(deps): bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 by @dependabot[bot] in #497
• chore(deps): bump github/codeql-action from 3.29.8 to 3.29.10 by @dependabot[bot] in #498
• feat: migrate golangci-lint to v2.3.1 by @balcsida in #496
• chore(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.2 by @dependabot[bot] in #499
• chore(deps): bump github/codeql-action from 3.29.10 to 3.29.11 by @dependabot[bot] in #502
• chore(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by @dependabot[bot] in #503
• chore(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by @dependabot[bot] in #506
• chore(deps): bump actions/dependency-review-action from 4.7.2 to 4.7.3 by @dependabot[bot] in #505
• chore(deps): bump github/codeql-action from 3.29.11 to 3.30.0 by @dependabot[bot] in #507
• chore(deps): bump github.com/docker/cli from 28.3.3+incompatible to 28.5.0+incompatible by @dependabot[bot] in #522
• chore(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in #520
• chore(deps): bump actions/dependency-review-action from 4.7.3 to 4.8.0 by @dependabot[bot] in #518
• chore(deps): bump actions/setup-go from 5.5.0 to 6.0.0 by @dependabot[bot] in #509
• chore(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 by @dependabot[bot] in #508
• chore(deps): bump github/codeql-action from 3.30.0 to 4.30.9 by @dependabot[bot] in #528
• chore(deps): bump actions/dependency-review-action from 4.8.0 to 4.8.1 by @dependabot[bot] in #527
• chore(deps): bump step-security/harden-runner from 2.13.0 to 2.13.1 by @dependabot[bot] in #513
• chore(deps): bump github.com/docker/cli from 28.5.0+incompatible to 28.5.1+incompatible by @dependabot[bot] in #525
• feat: honor --ago cutoff when purging untagged manifests by @balcsida in #517
• chore(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in #530
• chore: update CODEOWNERS by @FeynmanZhou in #533
• chore(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 by @dependabot[bot] in #534
• fix(purge): untagged ago improvements by @estebanreyl in #532
• chore(deps): bump github/codeql-action from 4.30.9 to 4.31.2 by @dependabot[bot] in #531

New Contributors

• @balcsida made their first contribution in #479
• @FeynmanZhou made their first contribution in #533

Full Changelog: v0.16...v0.17

v0.16

What's Changed

• chore(deps): bump actions/setup-go from 5.3.0 to 5.4.0 by @dependabot in #424
• chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 by @dependabot in #429
• chore(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @dependabot in #426
• chore: upgrade golang to 1.24.2 by @northtyphoon in #437
• chore(deps): bump golang.org/x/crypto from 0.31.0 to 0.35.0 by @dependabot in #438
• chore(deps): bump step-security/harden-runner from 2.11.0 to 2.12.0 by @dependabot in #441
• chore(deps): bump github.com/docker/cli from 28.0.1+incompatible to 28.1.1+incompatible by @dependabot in #440
• chore(deps): bump github/codeql-action from 3.28.10 to 3.28.16 by @dependabot in #442
• chore(deps): bump github/codeql-action from 3.28.16 to 3.28.17 by @dependabot in #443
• chore(deps): bump actions/dependency-review-action from 4.5.0 to 4.6.0 by @dependabot in #433
• chore(deps): bump goreleaser/goreleaser-action from 6.2.1 to 6.3.0 by @dependabot in #432
• chore(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot in #449
• chore(deps): bump actions/dependency-review-action from 4.6.0 to 4.7.1 by @dependabot in #448
• chore(deps): bump oras.land/oras-go/v2 from 2.5.0 to 2.6.0 by @dependabot in #446
• chore(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot in #444
• chore(deps): bump github.com/docker/cli from 28.1.1+incompatible to 28.2.1+incompatible by @dependabot in #450
• chore(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by @dependabot in #456
• chore(deps): bump github.com/docker/cli from 28.2.1+incompatible to 28.2.2+incompatible by @dependabot in #451
• chore(deps): bump step-security/harden-runner from 2.12.0 to 2.12.1 by @dependabot in #455
• chore(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot in #452
• fix: improve error handling in UpdateForManifestWithoutSubjectToDelete by @ninjadq in #460
• chore(deps): bump github/codeql-action from 3.29.0 to 3.29.2 by @dependabot in #465
• chore(deps): bump step-security/harden-runner from 2.12.1 to 2.12.2 by @dependabot in #464
• chore(deps): bump github.com/docker/cli from 28.2.2+incompatible to 28.3.0+incompatible by @dependabot in #461
• Optimize purge for oci manifests, indexes and docker manifest list scenarios through improved concurrency by @estebanreyl in #462

New Contributors

• @ninjadq made their first contribution in #460

Full Changelog: v0.15...v0.16

v0.15

What's Changed

• chore(deps): bump actions/dependency-review-action from 4.3.5 to 4.4.0 by @dependabot in #372
• chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by @dependabot in #371
• chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @dependabot in #383
• chore(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0 by @dependabot in #382
• chore(deps): bump github/codeql-action from 3.27.0 to 3.27.5 by @dependabot in #381
• chore(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2 by @dependabot in #380
• chore(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 by @dependabot in #376
• chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 by @dependabot in #374
• chore(deps): bump github/codeql-action from 3.27.5 to 3.28.0 by @dependabot in #392
• chore(deps): bump github.com/docker/cli from 27.3.1+incompatible to 27.4.1+incompatible by @dependabot in #391
• chore(deps): bump actions/upload-artifact from 4.4.3 to 4.5.0 by @dependabot in #390
• chore(deps): bump golang.org/x/crypto from 0.17.0 to 0.31.0 by @dependabot in #388
• chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by @dependabot in #386
• chore(deps): bump github/codeql-action from 3.28.0 to 3.28.9 by @dependabot in #410
• chore(deps): bump github.com/Azure/go-autorest/tracing from 0.6.0 to 0.6.1 by @dependabot in #408
• chore(deps): bump github.com/Azure/go-autorest/autorest from 0.11.29 to 0.11.30 by @dependabot in #407
• chore(deps): bump github.com/docker/cli from 27.4.1+incompatible to 27.5.1+incompatible by @dependabot in #402
• chore(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by @dependabot in #400
• chore(deps): bump step-security/harden-runner from 2.10.2 to 2.10.4 by @dependabot in #398
• chore(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 by @dependabot in #394
• chore(deps): bump github.com/opencontainers/image-spec from 1.1.0 to 1.1.1 by @dependabot in #421
• chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @dependabot in #419
• chore(deps): bump github.com/docker/cli from 27.5.1+incompatible to 28.0.1+incompatible by @dependabot in #420
• chore(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @dependabot in #418
• chore(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by @dependabot in #417
• chore(deps): bump step-security/harden-runner from 2.10.4 to 2.11.0 by @dependabot in #414
• chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @dependabot in #413
• chore(deps): bump github.com/dlclark/regexp2 from 1.11.4 to 1.11.5 by @dependabot in #412
• chore(deps): bump goreleaser/goreleaser-action from 6.1.0 to 6.2.1 by @dependabot in #411
• fix(cssc): 31695069 Fix to return unique set of repos and tags in filteredRepos by @Ruchii-27 in #423

Full Changelog: v0.14...v0.15

v0.14

What's Changed

• chore(deps): bump step-security/harden-runner from 2.9.1 to 2.10.1 by @dependabot in #351
• chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 by @dependabot in #352
• chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in #359
• chore(deps): bump github/codeql-action from 3.26.7 to 3.26.9 by @dependabot in #358
• chore(deps): bump github.com/docker/cli from 27.2.1+incompatible to 27.3.1+incompatible by @dependabot in #357
• chore(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in #366
• chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in #364
• chore(deps): bump github/codeql-action from 3.26.9 to 3.26.12 by @dependabot in #363
• Make the number of repository fetched at once configurable to handle large registries by @JRBANCEL in #353
• chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in #370
• chore(deps): bump github/codeql-action from 3.26.12 to 3.27.0 by @dependabot in #369
• chore(deps): bump actions/dependency-review-action from 4.3.4 to 4.3.5 by @dependabot in #368
• CSSC - Defaulting tag-convention to incremental by @Ruchii-27 in #373

New Contributors

• @JRBANCEL made their first contribution in #353

Full Changelog: v0.13...v0.14

v0.13

What's Changed

• chore(deps): bump github/codeql-action from 3.25.13 to 3.26.0 by @dependabot in #335
• chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.6 by @dependabot in #334
• chore(deps): bump step-security/harden-runner from 2.9.0 to 2.9.1 by @dependabot in #333
• chore(deps): bump github.com/dlclark/regexp2 from 1.11.2 to 1.11.4 by @dependabot in #332
• chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @dependabot in #327
• chore(deps): bump github/codeql-action from 3.26.0 to 3.26.1 by @dependabot in #337
• Change filtertimeout var from uint64 to int64 by @estebanreyl in #348
• Add @Ruchii-27 to Codeowners by @estebanreyl in #349
• chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 by @dependabot in #346
• chore(deps): bump github/codeql-action from 3.26.1 to 3.26.6 by @dependabot in #345
• chore(deps): bump github.com/docker/docker from 24.0.9+incompatible to 25.0.6+incompatible by @dependabot in #330
• chore(deps): bump github.com/docker/cli from 26.1.4+incompatible to 27.2.1+incompatible by @dependabot in #350
• feat: cssc patch command enhanced to support incremental patch tags by @Ruchii-27 in #347

New Contributors

• @estebanreyl made their first contribution in #348

Full Changelog: v0.12...v0.13

v0.12

What's Changed

• chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by @dependabot in #311
• chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #308
• chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10 by @dependabot in #310
• chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 by @dependabot in #314
• chore(deps): bump github.com/dlclark/regexp2 from 1.11.0 to 1.11.1 by @dependabot in #317
• chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 by @dependabot in #316
• Add annotate command by @radhadpatel22 in #266
• chore(deps): bump step-security/harden-runner from 2.8.1 to 2.9.0 by @dependabot in #322
• chore(deps): bump github.com/dlclark/regexp2 from 1.11.1 to 1.11.2 by @dependabot in #321
• chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot in #320
• chore(deps): bump actions/dependency-review-action from 4.3.3 to 4.3.4 by @dependabot in #319
• chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 by @dependabot in #318
• chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 by @dependabot in #323

New Contributors

• @radhadpatel22 made their first contribution in #266

Full Changelog: v0.11...v0.12

v0.11

What's Changed

• chore(deps): bump step-security/harden-runner from 2.8.0 to 2.8.1 by @dependabot in #306
• chore(deps): bump actions/dependency-review-action from 4.3.2 to 4.3.3 by @dependabot in #305
• chore(deps): bump github.com/docker/cli from 26.1.3+incompatible to 26.1.4+incompatible by @dependabot in #304
• feat: Updated cssc patch command by @Ruchii-27 in #307

Full Changelog: v0.10...v0.11

v0.10

What's Changed

• Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 by @dependabot in #216
• Bump actions/dependency-review-action from 3.1.2 to 3.1.3 by @dependabot in #225
• Bump step-security/harden-runner from 2.6.0 to 2.6.1 by @dependabot in #226
• chore: update to golang 1.21 by @northtyphoon in #223
• chore(deps): bump actions/dependency-review-action from 3.1.3 to 3.1.4 by @dependabot in #227
• chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #228
• chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 by @dependabot in #229
• chore(deps): bump golang.org/x/crypto from 0.6.0 to 0.17.0 by @dependabot in #231
• chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 by @dependabot in #230
• chore(deps): bump actions/dependency-review-action from 3.1.4 to 3.1.5 by @dependabot in #233
• chore(deps): bump actions/dependency-review-action from 3.1.5 to 4.0.0 by @dependabot in #237
• chore(deps): bump actions/upload-artifact from 4.0.0 to 4.2.0 by @dependabot in #236
• chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.1 by @dependabot in #246
• chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 by @dependabot in #240
• chore(deps): bump step-security/harden-runner from 2.6.1 to 2.7.0 by @dependabot in #243
• chore(deps): bump actions/checkout from 4.1.1 to 4.1.4 by @dependabot in #274
• chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #265
• chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.3 by @dependabot in #272
• chore(deps): bump oss/go/microsoft/golang from 1.21-fips-cbl-mariner2.0 to 1.22-fips-cbl-mariner2.0 by @dependabot in #248
• chore(deps): bump github.com/opencontainers/image-spec from 1.1.0-rc5 to 1.1.0 by @dependabot in #250
• chore: update go version for azure pipelines by @sajayantony in #275
• chore(deps): bump step-security/harden-runner from 2.7.0 to 2.7.1 by @dependabot in #278
• chore(deps): bump actions/dependency-review-action from 4.0.0 to 4.3.1 by @dependabot in #277
• chore(deps): bump github.com/dlclark/regexp2 from 1.10.0 to 1.11.0 by @dependabot in #276
• chore(deps): bump github.com/docker/cli from 20.10.16+incompatible to 26.1.1+incompatible by @dependabot in #279
• chore(deps): bump github.com/docker/docker from 20.10.24+incompatible to 24.0.9+incompatible by @dependabot in #258
• chore(deps): bump oras.land/oras-go/v2 from 2.3.1 to 2.5.0 by @dependabot in #262
• Update oras and go version for windows pipelines by @sajayantony in #280
• chore(deps): bump actions/dependency-review-action from 4.3.1 to 4.3.2 by @dependabot in #281
• chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #282
• chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in #286
• chore(deps): bump github.com/docker/cli from 26.1.1+incompatible to 26.1.2+incompatible by @dependabot in #285
• chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in #283
• chore(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 by @dependabot in #287
• chore(deps): bump github.com/docker/cli from 26.1.2+incompatible to 26.1.3+incompatible by @dependabot in #290
• chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in #291
• chore(deps): bump github/codeql-action from 2.13.4 to 3.25.6 by @dependabot in #294
• chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 by @dependabot in #297
• chore(deps): bump github.com/Azure/go-autorest/autorest/adal from 0.9.23 to 0.9.24 by @dependabot in #296
• chore(deps): bump step-security/harden-runner from 2.7.1 to 2.8.0 by @dependabot in #295
• fix: docker build with golang 1.22 + FIPS enabled by @northtyphoon in #298
• chore: move non cmd files to internal by @sajayantony in #288
• feat: cssc patch command to enable continuous patching by @Ruchii-27 in #292
• chore: upgrade go version from 1.18.1 to 1.21 in releaser action by @wju-MSFT in #301
• chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 by @dependabot in #302
• chore(deps): bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by @dependabot in #303

New Contributors

• @sajayantony made their first contribution in #275
• @Ruchii-27 made their first contribution in #292

Full Changelog: v0.9...v0.10

What's Changed

• Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 by @dependabot in #216
• Bump actions/dependency-review-action from 3.1.2 to 3.1.3 by @dependabot in #225
• Bump step-security/harden-runner from 2.6.0 to 2.6.1 by @dependabot in #226
• chore: update to golang 1.21 by @northtyphoon in #223
• chore(deps): bump actions/dependency-review-action from 3.1.3 to 3.1.4 by @dependabot in #227
• chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #228
• chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 by @dependabot in #229
• chore(deps): bump golang.org/x/crypto from 0.6.0 to 0.17.0 by @dependabot in #231
• chore(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 by @dependabot in #230
• chore(deps): bump actions/dependency-review-action from 3.1.4 to 3.1.5 by @dependabot in #233
• chore(deps): bump actions/dependency-review-action from 3.1.5 to 4.0.0 by @dependabot in #237
• chore(deps): bump actions/upload-artifact from 4.0.0 to 4.2.0 by @dependabot in #236
• chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.1 by @dependabot in #246
• chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 by @dependabot in #240
• chore(deps): bump step-security/harden-runner from 2.6.1 to 2.7.0 by @dependabot in #243
• chore(deps): bump actions/checkout from 4.1.1 to 4.1.4 by @dependabot in #274
• chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #265
• chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.3 by @dependabot in #272
• chore(deps): bump oss/go/microsoft/golang from 1.21-fips-cbl-mariner2.0 to 1.22-fips-cbl-mariner2.0 by @dependabot in #248
• chore(deps): bump github.com/opencontainers/image-spec from 1.1.0-rc5 to 1.1.0 by @dependabot in #250
• chore: update go version for azure pipelines by @sajayantony in #275
• chore(deps): bump step-security/harden-runner from 2.7.0 to 2.7.1 by @dependabot in #278
• chore(deps): bump actions/dependency-review-action from 4.0.0 to 4.3.1 by @dependabot in #277
• chore(deps): bump github.com/dlclark/regexp2 from 1.10.0 to 1.11.0 by @dependabot in #276
• chore(deps): bump github.com/docker/cli from 20.10.16+incompatible to 26.1.1+incompatible by @dependabot in #279
• chore(deps): bump github.com/docker/docker from 20.10.24+incompatible to 24.0.9+incompatible by @dependabot in #258
• chore(deps): bump oras.land/oras-go/v2 from 2.3.1 to 2.5.0 by @dependabot in #262
• Update oras and go version for windows pipelines by @sajayantony in #280
• chore(deps): bump actions/dependency-review-action from 4.3.1 to 4.3.2 by @dependabot in #281
• chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #282
• chore(deps): bump ossf/sc...

acr-cli v0.9

What's Changed

• Bump github.com/opencontainers/image-spec from 1.1.0-rc4 to 1.1.0-rc5 by @dependabot in #205
• Bump actions/dependency-review-action from 3.1.0 to 3.1.1 by @dependabot in #217
• Bump github.com/google/uuid from 1.3.1 to 1.4.0 by @dependabot in #214
• Bump oras.land/oras-go/v2 from 2.3.0 to 2.3.1 by @dependabot in #211
• Bump ossf/scorecard-action from 2.2.0 to 2.3.1 by @dependabot in #212
• Bump step-security/harden-runner from 2.5.1 to 2.6.0 by @dependabot in #208
• Bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in #206
• Bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in #219
• Bump actions/dependency-review-action from 3.1.1 to 3.1.2 by @dependabot in #218
• fix: purge dry-run does not handle looping manifests correctly. by @wju-MSFT in #220
• chore: update mariner base image by @northtyphoon in #222

Full Changelog: v0.8...v0.9

v0.8

Changelog

• 3e79786 fix: update deprecated fields in goreleaser (#204)

What's Changed

• test: add unit tests for GetAcrCLIClientWithAuth by @wangxiaoxuan273 in #138
• Bump github.com/docker/docker from 20.10.16+incompatible to 20.10.24+incompatible by @dependabot in #139
• [StepSecurity] Apply security best practices by @step-security-bot in #140
• Bump actions/setup-go from 3.5.0 to 4.0.1 by @dependabot in #141
• Bump goreleaser/goreleaser-action from 2.9.1 to 4.2.0 by @dependabot in #142
• Bump actions/dependency-review-action from 2.5.1 to 3.0.4 by @dependabot in #144
• Bump ossf/scorecard-action from 2.0.6 to 2.1.3 by @dependabot in #145
• Bump oras.land/oras-go/v2 from 2.0.0-20220524144344-23cb9e0960a5 to 2.1.0 by @dependabot in #149
• Bump github.com/Azure/go-autorest/autorest/adal from 0.9.20 to 0.9.23 by @dependabot in #147
• Bump github.com/spf13/cobra from 1.4.0 to 1.7.0 by @dependabot in #143
• Bump github.com/dlclark/regexp2 from 1.4.0 to 1.10.0 by @dependabot in #150
• Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by @dependabot in #155
• Bump github/codeql-action from 2.3.3 to 2.3.6 by @dependabot in #162
• Bump actions/dependency-review-action from 3.0.4 to 3.0.6 by @dependabot in #161
• Bump cbl-mariner/base/core from 4a2f15c to d0818dc by @dependabot in #157
• Bump oras.land/oras-go/v2 from 2.1.0 to 2.2.0 by @dependabot in #156
• Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.2 by @dependabot in #153
• Bump github.com/moby/term from 0.0.0-20210619224110-3f7ff695adc6 to 0.5.0 by @dependabot in #151
• Bump github.com/Azure/go-autorest/autorest from 0.11.27 to 0.11.29 by @dependabot in #152
• Bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #167
• Bump github/codeql-action from 2.3.6 to 2.13.4 by @dependabot in #166
• Bump cbl-mariner/base/core from d0818dc to 5c3832f by @dependabot in #165
• Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 by @dependabot in #164
• Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by @dependabot in #163
• Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 by @dependabot in #168
• Bump step-security/harden-runner from 2.4.0 to 2.4.1 by @dependabot in #170
• Bump cbl-mariner/base/core from 5c3832f to c159685 by @dependabot in #169
• Bump ossf/scorecard-action from 2.1.3 to 2.2.0 by @dependabot in #171
• Bump cbl-mariner/base/core from c159685 to 2bdd8e1 by @dependabot in #172
• Bump step-security/harden-runner from 2.4.1 to 2.5.0 by @dependabot in #180
• Bump oras.land/oras-go/v2 from 2.2.0 to 2.2.1 by @dependabot in #176
• Bump cbl-mariner/base/core from 2bdd8e1 to 799d8ab by @dependabot in #173
• Bump actions/setup-go from 4.0.1 to 4.1.0 by @dependabot in #184
• Bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 by @dependabot in #186
• Bump actions/dependency-review-action from 3.0.6 to 3.0.7 by @dependabot in #185
• Bump step-security/harden-runner from 2.5.0 to 2.5.1 by @dependabot in #183
• Bump cbl-mariner/base/core from 799d8ab to 612a4ef by @dependabot in #187
• Bump cbl-mariner/base/core from 612a4ef to e43bbd4 by @dependabot in #189
• Bump actions/dependency-review-action from 3.0.7 to 3.0.8 by @dependabot in #190
• Bump actions/dependency-review-action from 3.0.8 to 3.1.0 by @dependabot in #199
• Bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 by @dependabot in #197
• Bump github.com/google/uuid from 1.3.0 to 1.3.1 by @dependabot in #192
• Bump actions/checkout from 3.5.3 to 4.0.0 by @dependabot in #195
• Bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in #198
• Bump cbl-mariner/base/core from e43bbd4 to af3f115 by @dependabot in #191
• Bump cbl-mariner/base/core from af3f115 to 6694d2f by @dependabot in #201
• Bump goreleaser/goreleaser-action from 4.6.0 to 5.0.0 by @dependabot in #202
• Bump cbl-mariner/base/core from 6694d2f to ab3a661 by @dependabot in #203
• Bump oras.land/oras-go/v2 from 2.2.1 to 2.3.0 by @dependabot in #194
• fix: support OCI media types for purge by @wju-MSFT in #188
• fix: update deprecated fields in goreleaser by @wju-MSFT in #204

New Contributors

• @dependabot made their first contribution in #139
• @step-security-bot made their first contribution in #140

Full Changelog: v0.7...v0.8