Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate ORAS Go library from v1.2.2 to v2 #5690

Merged
merged 1 commit into from
Feb 24, 2023
Merged

Migrate ORAS Go library from v1.2.2 to v2 #5690

merged 1 commit into from
Feb 24, 2023

Conversation

ashutosh-narkar
Copy link
Member

This change migrates the ORAS Go library from v1.2.2 to v2. The OCI downloader which uses this lib was updated as per the new API changes in the library.

The v1.2.2 of the ORAS library had a dependency on the docker package. The library used a version of that package that had some reported vulnerabilities such as CVE-2022-41716, CVE-2022-41720.

The ORAS Go library v2 removes the dependency on the docker package.

@ashutosh-narkar
Migrate ORAS Go library from v1.2.2 to v2
ccafff4 
This change migrates the ORAS Go library from v1.2.2 to v2.
The OCI downloader which uses this lib was updated as per
the new API changes in the library.

The v1.2.2 of the ORAS library had a dependency on the docker package.
The library used a version of that package that had some
reported vulnerabilities such as CVE-2022-41716, CVE-2022-41720.

The ORAS Go library v2 removes the dependency on the docker package.

Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
srenatus
srenatus approved these changes Feb 24, 2023
View reviewed changes
Copy link
Contributor

@srenatus srenatus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Glad to see this updated. Thanks a lot!

@srenatus
Copy link
Contributor

One follow-up would be to remove entries that we no longer need to ignore from .trivyignores.

@ashutosh-narkar ashutosh-narkar merged commit 83b1614 into open-policy-agent:main Feb 24, 2023
@anderseknert anderseknert mentioned this pull request Feb 27, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srenatus srenatus srenatus approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ashutosh-narkar @srenatus