chore(deps): bump oras.land/oras-go/v2 from 2.5.0 to 2.6.0

[dependabot]

Bumps oras.land/oras-go/v2 from 2.5.0 to 2.6.0.

Release notes

Sourced from oras.land/oras-go/v2's releases.

v2.6.0

New Features

• Upgrade to image-spec v1.1.1 and distribution-spec v1.1.1
• Support context cancellation in file.Store.Add()
• Introduce credentials.NewMemoryStoreFromDockerConfig to load Docker config bytes into an in-memory credentials store
• Add PreservePermissions option to file store to retain original permissions when extracting tar archives
• Introduce oras.CopyError to identify error sources in copy operations

Bug Fixes

• Fix #640: Unclear error message from oci.NewFromTar
• Fix #865: Symbolic links are not automatically overwritten when extracted from tar archive to File store
• Fix #851: Dot‑prefixed paths in tar archives were not recognized by ReadOnlyOCIStore
• Fix #880: The index.json generated by the OCI store lacked a mediaType field
• Fix #895: The Docker-Content-Digest header was not verified in Repository.Blobs().Fetch()
• Fix #916: Incorrect use of atomic.Value in the syncutil.Go utility function causes panics
• Fix #923: Pushing descriptors with invalid digests to memory or file store caused panics
• Other minor bug fixes

Documentation

• Add documentation for artifact modeling
• Add documentation for targets and content store
• Add quickstart tutorial
• Improve examples
• Other minor improvements

Other Changes

• Upgrade the Go support window to [1.23, 1.24]
• Increase test coverage to 80%
• Update dependencies
• Minor optimization

Detailed Commits

• fix: cancel goroutine before the next one is created by @​wangxiaoxuan273 in oras-project/oras-go#739
• build(deps): bump apache/skywalking-eyes from 0.5.0 to 0.6.0 by @​dependabot in oras-project/oras-go#740
• bump(ci): update codecov to v4 by @​wangxiaoxuan273 in oras-project/oras-go#741
• docs: update migration guide and copy doc by @​Wwwsylvia in oras-project/oras-go#752
• test: fix file closing issue on windows by @​shizhMSFT in oras-project/oras-go#764
• docs: document PackManifestOptions to make PackManifest reproducible by @​wangxiaoxuan273 in oras-project/oras-go#749
• build: enforce diff code coverage of 80% by @​Wwwsylvia in oras-project/oras-go#769
• fix: add missing operation to fs path error by @​qweeah in oras-project/oras-go#799
• build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 by @​dependabot in oras-project/oras-go#801
• feat: support context cancellation in file store by @​lucasrod16 in oras-project/oras-go#803
• build(go): shift Go support window to [1.22, 1.23] by @​Wwwsylvia in oras-project/oras-go#820
• refactor: fix seed for retry policy by @​Wwwsylvia in oras-project/oras-go#821
• fix: check close error in oci/storage.go during ingestion by @​Wwwsylvia in oras-project/oras-go#830
• chore(workflow): add stale bot by @​Wwwsylvia in oras-project/oras-go#837

... (truncated)

Commits

• 05a2b09 build(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 (#955)
• 753f8a8 docs: improve README.md (#950)
• 5043a7b docs: updated broken links (#951)
• 17e7d15 docs: add quick start for oras-go (#939)
• 34a87ef test: add unit tests for validateMediaType (#946)
• f7a6126 docs: add more practical examples (#940)
• 0c12035 docs: improve docs for OCI store (#941)
• 7963626 feat: introduce CopyError to identify error source in copy operations (#933)
• 6dd6913 build(deps): bump golang.org/x/sync from 0.12.0 to 0.13.0 (#937)
• d0ac8e4 docs: update example tests (#932)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[replicated-ci]

LGTM 👍

This PR was automatically approved and merged by the automated-prs-manager GitHub action

[replicated-ci]

LGTM 👍

This PR was automatically approved and merged by the automated-prs-manager GitHub action

[replicated-ci]

LGTM 👍

This PR was automatically approved and merged by the automated-prs-manager GitHub action

[replicated-ci]

LGTM 👍

This PR was automatically approved and merged by the automated-prs-manager GitHub action