build(deps): bump oci-client from 0.16.1 to 0.17.0

[dependabot]

Bumps oci-client from 0.16.1 to 0.17.0.

Release notes

Sourced from oci-client's releases.

v0.17.0

What's Changed

• chore(deps): Update hmac requirement from 0.12 to 0.13 by @​dependabot[bot] in oras-project/rust-oci-client#251
• chore(deps): Update sha2 requirement from 0.10 to 0.11 by @​dependabot[bot] in oras-project/rust-oci-client#252
• client: report manifest list digest for multi-arch images by @​fitzthum in oras-project/rust-oci-client#250
• chore(deps): Update sha2 requirement from 0.10 to 0.11 by @​dependabot[bot] in oras-project/rust-oci-client#255
• chore(deps): Bump EmbarkStudios/cargo-deny-action from 2.0.15 to 2.0.17 by @​dependabot[bot] in oras-project/rust-oci-client#257
• feat: add catalog endpoint for listing repositories by @​michael-herwig in oras-project/rust-oci-client#246
• fix implement referrers fallback by @​flavio in oras-project/rust-oci-client#259
• chore(deps): Bump EmbarkStudios/cargo-deny-action from 2.0.17 to 2.0.18 by @​dependabot[bot] in oras-project/rust-oci-client#258
• feat(v1.1): Add artifactType property to OciDescriptor (fixes #248) by @​michaelvanstraten in oras-project/rust-oci-client#249

New Contributors

• @​fitzthum made their first contribution in oras-project/rust-oci-client#250
• @​michaelvanstraten made their first contribution in oras-project/rust-oci-client#249

Full Changelog: oras-project/rust-oci-client@v0.16.1...v0.17.0

Commits

• 1f9a41e Merge pull request #249 from michaelvanstraten/artifact-type-property-descrip...
• d18b715 fix: include artifact_type in ImageIndexEntry Display impl
• a56d692 feat(v1.1): Add artifactType property to OciDescriptor (fixes 248)
• 2af71fe Merge pull request #258 from oras-project/dependabot/github_actions/EmbarkStu...
• c3eedfc ci: fix cargo deny configuration
• ebb9390 chore(deps): Bump EmbarkStudios/cargo-deny-action from 2.0.17 to 2.0.18
• a4d5141 Merge pull request #259 from flavio/fix-implement-referrers-fallback
• a1155c4 fix: add OCI referrers tag schema fallback to pull_referrers
• 2eff50a doc: fix cargo docs warnings
• c9f347c Merge pull request #246 from ocx-sh/feature/catalog
• Additional commits viewable in compare view

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
cargo/block-buffer	0.12.0	🟢 4.6	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 24 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 4/25 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License ⚠️ 0 license file not detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/const-oid	0.10.2	🟢 5.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Code-Review ⚠️ 1 Found 3/26 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License ⚠️ 0 license file not detected Signed-Releases ⚠️ -1 no releases found Fuzzing 🟢 10 project is fuzzed Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/cpufeatures	0.3.0	🟢 4.6	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 24 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 4/25 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License ⚠️ 0 license file not detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/crypto-common	0.2.2	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 29 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Code-Review ⚠️ 2 Found 6/25 approved changesets -- score normalized to 2 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License ⚠️ 0 license file not detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/digest	0.11.3	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 29 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Code-Review ⚠️ 2 Found 6/25 approved changesets -- score normalized to 2 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License ⚠️ 0 license file not detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/hybrid-array	0.4.12	Unknown	Unknown
cargo/oci-client	0.17.0	Unknown	Unknown
cargo/sha2	0.11.0	🟢 4.6	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 1 Found 5/29 approved changesets -- score normalized to 1 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License ⚠️ 0 license file not detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
cargo/oci-client	0.17.0	Unknown	Unknown

Scanned Files

• Cargo.lock
• controller/Cargo.toml