Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update to github.com/mtrmac/gpgme v0.1.2
This "fixes" CVE-2020-8945 by incorporating proglottis/gpgme#23 . The code is not actually used, for two reasons: - Nothing in this repository invokes signature verification (the subpackage is only used to generate contents of policy.json) - Builds use the 'containers_image_openpgp' build tag, which switches to the non-gpgme signature backend. This updates the vendored code anyway - to avoid false positives when scanning for vulnerabilities - so that we don't have to worry about any future changes in this repository enabling those code paths. Performed by updating Gopgg.tompl and $ dep ensure Signed-off-by: Miloslav Trmač <mitr@redhat.com>
- Loading branch information