Bump github.com/containers/image/v5 from 5.12.0 to 5.17.0

[dependabot]

Bumps github.com/containers/image/v5 from 5.12.0 to 5.17.0.

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.17.0

Includes a fix for CVE-2021-41190 / GHSA-77vh-xpmg-72qh .

• [CI:DOCS] Misc manpage fixups
• Log credentials helper path if available
• Record locations of blobs discovered by PutBlob but not TryReusingBlob
• Fix possible out-of-bounds accesses in string indexing
• Precompute digests option prior to registry upload
• Add simple documentation how to use c/image with podman's rootless mode
• Fix c/image fails to pull OCI image with non-http(s):// urls
• Reject ambiguous manifest formats

v5.16.1

• Don't read response body twice on putSignaturesToAPIExtension failure
• build(deps): bump github.com/vbauerster/mpb/v7 from 7.1.3 to 7.1.4 ... fixing a fairly frequent hang on image copies
• Fix documentation of oci: and oci-archive:

v5.16.0

• Don't cancel a mpb.Progress using a context
• Don't recompress non-gzip data without an explicit request
• accept identity tokens from credential helpers
• Add codespell fixes
• Don't initialize a digest.Canonical.Digester if it is not necessary
• Don't compute the (compressed) digest in PutBlob if the caller provides it
• Don't call digest.Digester.Hash() on every digeringReader.Read()
• Pass OriginalDigest and UncompressedDigest to c/storage.Store.PutLayer
• Document that PutBlob callers must only provide validated digests
• Consistently compare docker.Digest with "" without Digest.String()
• Don't unnecessarily compute the blob digest in PutBlob
• copy.Options: semaphore to limit parallel pulls globally

v5.15.2

• Bump c/storage to v1.34.1

v5.15.1

• [release-5.15] v5.15.1
• [release-5.15] Bump to v5.15.2-dev

v5.15.0

• copy: move error message to debug
• copy: drop FetchPartialBlobs option
• Use http.Method* constants instead of hard-coded strings
• Use http.NewRequestWithContext() instead of http.NewRequest().WithContext()
• Note that this module requires Go 1.13
• Don't unnecessarily strip schema:// and /path from registry on search
• Don't build a map just to access one element
• Prevent simultaneous compression and decompression
• refactoring per PR comments
• Add support for decompressing while copying to dir://

... (truncated)

Commits

• de81eae v5.17.0
• d14f4ca Merge pull request #1410 from containers/dependabot/go_modules/github.com/doc...
• c169ec0 build(deps): bump github.com/docker/docker
• e2f122e Merge pull request #1409 from mtrmac/ambiguous-1
• 7bcf9bc Reject ambiguous manifest formats
• b55fb86 Merge pull request #1403 from ktock/urls-fallback
• 3c00f20 Fix c/image fails to pull OCI image with non-http(s):// urls
• 1895e31 Merge pull request #1405 from dcermak/document-rootless-mode
• a754d8b Add simple documentation how to use c/image with podman's rootless mode
• 931b399 Merge pull request #1399 from containers/dependabot/go_modules/github.com/man...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #34.