Skip to content

Commit

Permalink
Bump docker/distribution to 2.8.2
Browse files Browse the repository at this point in the history 
k/k doesn't use much code from docker/distribution so this doesn't
change anything that's actually relevant, but 2.8.1 is identified as
affected by CVE-2022-28391 and CVE-2023-2253; bumping to 2.8.2 avoids
k/k triggering scanners on those CVEs.

Signed-off-by: Stephen Kitt <skitt@redhat.com>
  • Loading branch information
@skitt
skitt committed May 16, 2023
1 parent 70033bf commit 3680a52
Show file tree
Hide file tree
Showing 6 changed files with 9 additions and 8 deletions.
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ require (
github.com/coreos/go-systemd/v22 v22.5.0
github.com/cpuguy83/go-md2man/v2 v2.0.2
github.com/cyphar/filepath-securejoin v0.2.3
github.com/docker/distribution v2.8.1+incompatible
github.com/docker/distribution v2.8.2+incompatible
github.com/docker/go-units v0.5.0
github.com/emicklei/go-restful/v3 v3.9.0
github.com/evanphx/json-patch v4.12.0+incompatible
Expand Down
3 changes: 2 additions & 1 deletion go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,8 +204,9 @@ github.com/daviddengcn/go-colortext v1.0.0/go.mod h1:zDqEI5NVUop5QPpVJUxE9UO10hR
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v20.10.21+incompatible h1:UTLdBmHk3bEY+w8qeO5KttOhy6OmXWsl/FEet9Uswog=
github.com/docker/docker v20.10.21+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
Expand Down
2 changes: 1 addition & 1 deletion staging/src/k8s.io/kubectl/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ require (
github.com/MakeNowJust/heredoc v1.0.0
github.com/chai2010/gettext-go v1.0.2
github.com/daviddengcn/go-colortext v1.0.0
github.com/docker/distribution v2.8.1+incompatible
github.com/docker/distribution v2.8.2+incompatible
github.com/evanphx/json-patch v4.12.0+incompatible
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d
github.com/fatih/camelcase v1.0.0
Expand Down
4 changes: 2 additions & 2 deletions staging/src/k8s.io/kubectl/go.sum
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions vendor/github.com/docker/distribution/reference/reference.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion vendor/modules.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@ github.com/davecgh/go-spew/spew
# github.com/daviddengcn/go-colortext v1.0.0
## explicit; go 1.14
github.com/daviddengcn/go-colortext
# github.com/docker/distribution v2.8.1+incompatible
# github.com/docker/distribution v2.8.2+incompatible
## explicit
github.com/docker/distribution/digestset
github.com/docker/distribution/reference
Expand Down

0 comments on commit 3680a52

Please sign in to comment.