Skip to content

Commit ba2f832

Browse files
LeonidVasLeonidVas
committed
dependency: update image-spec version to 1.0.2
Vulnerable versions: 1.0.1 and prior Impact: In the OCI Image Specification version 1.0.1 and prior, manifest and index documents are not self-describing and documents with a single digest could be interpreted as either a manifest or an index.
1 parent dd75a60 commit ba2f832

File tree

3 files changed

+8
-2
lines changed

3 files changed

+8
-2
lines changed

CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
2222
document (with the same digest), the document may be interpreted differently,
2323
meaning that the digest alone is insufficient to unambiguously identify
2424
the content of the image..)
25+
- Updated ``image-spec`` version to 1.0.2 to fix the vulnerability bug
26+
https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
27+
(in the OCI Image Specification version 1.0.1 and prior, manifest and index
28+
documents are not self-describing and documents with a single digest could be
29+
interpreted as either a manifest or an index.)
2530

2631
### Fixed
2732

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ require (
3535
github.com/mitchellh/mapstructure v1.4.1
3636
github.com/morikuni/aec v1.0.0 // indirect
3737
github.com/opencontainers/go-digest v1.0.0 // indirect
38-
github.com/opencontainers/image-spec v1.0.1 // indirect
38+
github.com/opencontainers/image-spec v1.0.2 // indirect
3939
github.com/otiai10/copy v1.2.0
4040
github.com/pkg/errors v0.9.1 // indirect
4141
github.com/pkg/term v1.2.0-beta.2 // indirect

go.sum

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -514,8 +514,9 @@ github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go.
514514
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
515515
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
516516
github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
517-
github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI=
518517
github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
518+
github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM=
519+
github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
519520
github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
520521
github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
521522
github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=

0 commit comments

Comments
 (0)