build(deps): bump github.com/distribution/distribution/v3 from 3.0.0-20221208165359-362910506bc2 to 3.0.0-alpha.1

[dependabot]

Bumps github.com/distribution/distribution/v3 from 3.0.0-20221208165359-362910506bc2 to 3.0.0-alpha.1.

Release notes

Sourced from github.com/distribution/distribution/v3's releases.

v3.0.0-alpha.1

This is the first major release in years!

It's an accumulation of effort that's bringing major improvements in performance, security and general code quality!

See the abridged changelog below and the full release log here.

Deprecations

• Image Manifest v2 Schema v1
• oss and swift storage drivers
• docker/libtrust has been replaced with go-jose/go-jose
• reference package has been moved to a dedicated repository (see here)
• client is no longer supported as a standalone package

Notable Changes

• reference package has been moved to its own dedicated repository
• Go module has changed from docker/distribution to distribution/distribution/v3
• Major performance improvements across all supported storage drivers
• Major dependencies updates (see the full list below)
• Online documentation is available at https://distribution.github.io/distribution/

What's Changed

• default autoredirect to false by @​davidswu in distribution/distribution#2800
• Add docs for autoredirect config parameter by @​caervs in distribution/distribution#2801
• Registry - make minimum TLS version user configurable by @​gregrebholz in distribution/distribution#2808
• Support BYOK for OSS storage driver by @​denverdino in distribution/distribution#2791
• Add reference. ParseDockerRef utility function by @​thaJeztah in distribution/distribution#2786
• Fix gometalint errors by @​manishtomar in distribution/distribution#2840
• registry: fix binary JSON content-type by @​lucab in distribution/distribution#2813
• Log authorized username by @​manishtomar in distribution/distribution#2854
• Fix cloudfront middleware by @​vishesh92 in distribution/distribution#2837
• support Alibaba Cloud CDN storage middleware by @​Shawnpku in distribution/distribution#2849
• replace rsc.io/letsencrypt in favour of golang.org/x/crypto by @​tariq1890 in distribution/distribution#2926
• migrate to go modules from vndr by @​tariq1890 in distribution/distribution#2941
• Fix typo: offest -> offset by @​jabrown85 in distribution/distribution#2894
• Fix s3 driver for supporting ceph radosgw by @​tbe in distribution/distribution#2879
• Fixes #2835 Process Accept header MIME types in case-insensitive way by @​yuwaMSFT2 in distribution/distribution#2861
• change default Dockerfile to install ssl utils by @​andyzhangx in distribution/distribution#2809
• Append the written bytes to the blob writer's size by @​dmathieu in distribution/distribution#2920
• fix no error returned in fetchTokenWithOAuth by @​sevki in distribution/distribution#2900
• use latest version of alpine when building the Docker container by @​tariq1890 in distribution/distribution#2946
• Extract blob upload resume into its own method by @​dmathieu in distribution/distribution#2930
• Handle Blob Create when the underlying registry doesn't provide 'Docker-Upload-UUID' by @​dmathieu in distribution/distribution#2927
• Implement Repository ServeBlob by @​dmathieu in distribution/distribution#2921
• Add notification metrics by @​tifayuki in distribution/distribution#2522
• Update the versions of several dependencies by @​tariq1890 in distribution/distribution#2947
• Implement Repository Blobs upload resuming by @​dmathieu in distribution/distribution#2917
• allow for VERSION and REVISION to be passed in during docker builds by @​alex-laties in distribution/distribution#2955

... (truncated)

Commits

• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[shizhMSFT]

This dependency bump up requires go 1.19 where oras-go v1 is currently at go 1.18.

[shizhMSFT]

@dependabot recreate

[shizhMSFT]

@wangxiaoxuan273 go 1.19 is not sufficient. The build log shows that it requires errors.Join, which is introduced in go 1.20.

[shizhMSFT]

@dependabot recreate

[shizhMSFT]

LGTM

[shizhMSFT]

@dependabot merge