chore(deps): bump github.com/containers/image/v5 from 5.15.0 to 5.18.0

[dependabot]

Bumps github.com/containers/image/v5 from 5.15.0 to 5.18.0.

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.18.0

• Add copy.Options.PreserveDigests
• Link the two variants of cannotModifyManifest*Reason together.
• shortnames: mechanism to enforce resolving to Docker Hub
• manifest.GuessMIMEType(): recognize self-described OCI manifests
• Add a comment about only looking up credential helpers by registry
• Reorganize the success case in getCredentialsWithHomeDir
• Introduce a string key in getCredentialsWithHomeDir
• Modify findAuthentication to use a string key instead of a reference.Named
• Allow using namespaced keys in GetCredentials and GetAuthentication
• Rename useLegacyAPI to useLegacyFormat
• Fix GetAllCredentials
• Reject invalid keys in GetCredentials/GetAuthentication
• Make validateKey a bit more strict
• Don't include full manifest contents in error messages
• Log if a manifest upload doesn't contain a Docker-Content-Digest header
• docker/config: handle credentials not found errors
• docker: less bears :(
• Remove unused filler argument to customPartialBlobCounter
• Inline decor.Any into the caller
• Inline sstyle into the only user
• Simplify a check for missing credentials
• Fix handling of missing data in GetAllCredentials
• Fix the pseudo-version of github.com/opencontainers/image-spec
• Update golang.org/x/crypto, and silence warnings about openpgp

v5.17.0

Includes a fix for CVE-2021-41190 / GHSA-77vh-xpmg-72qh .

• [CI:DOCS] Misc manpage fixups
• Log credentials helper path if available
• Record locations of blobs discovered by PutBlob but not TryReusingBlob
• Fix possible out-of-bounds accesses in string indexing
• Precompute digests option prior to registry upload
• Add simple documentation how to use c/image with podman's rootless mode
• Fix c/image fails to pull OCI image with non-http(s):// urls
• Reject ambiguous manifest formats

v5.16.1

• Don't read response body twice on putSignaturesToAPIExtension failure
• build(deps): bump github.com/vbauerster/mpb/v7 from 7.1.3 to 7.1.4 ... fixing a fairly frequent hang on image copies
• Fix documentation of oci: and oci-archive:

v5.16.0

• Don't cancel a mpb.Progress using a context
• Don't recompress non-gzip data without an explicit request
• accept identity tokens from credential helpers
• Add codespell fixes
• Don't initialize a digest.Canonical.Digester if it is not necessary

... (truncated)

Commits

• b30c330 v5.18.0
• e6e2409 Merge pull request #1434 from mtrmac/openpgp-lint
• 7ac14b6 Update golang.org/x/crypto, and silence warnings about openpgp
• 551c31f Merge pull request #1433 from mtrmac/dep-updates
• 73f80d6 Update github.com/containerd/containerd to 1.5.9
• caf0bb4 Fix the pseudo-version of github.com/opencontainers/image-spec
• 8293142 Merge pull request #1432 from mtrmac/GetAllCredentials-not-found
• 390990b Fix handling of missing data in GetAllCredentials
• 05bf651 Simplify a check for missing credentials
• a36c455 Merge pull request #1428 from containers/dependabot/go_modules/github.com/doc...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #18.