docker-archive-public
diff --git a/‎Gopkg.lock
Lines changed: 6 additions & 6 deletions b/‎Gopkg.lock
Lines changed: 6 additions & 6 deletions
diff --git a/‎Gopkg.toml
Lines changed: 1 addition & 8 deletions b/‎Gopkg.toml
Lines changed: 1 addition & 8 deletions
diff --git a/‎internal/yaml/yaml.go
Lines changed: 2 additions & 6 deletions b/‎internal/yaml/yaml.go
Lines changed: 2 additions & 6 deletions
diff --git a/‎internal/yaml/yaml_test.go
Lines changed: 2 additions & 2 deletions b/‎internal/yaml/yaml_test.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎vendor/github.com/docker/cli/cli/config/config.go
Lines changed: 9 additions & 3 deletions b/‎vendor/github.com/docker/cli/cli/config/config.go
Lines changed: 9 additions & 3 deletions
diff --git a/‎vendor/gopkg.in/yaml.v2/decode.go
Lines changed: 18 additions & 12 deletions b/‎vendor/gopkg.in/yaml.v2/decode.go
Lines changed: 18 additions & 12 deletions
diff --git a/‎vendor/gopkg.in/yaml.v2/encode.go
Lines changed: 28 additions & 0 deletions b/‎vendor/gopkg.in/yaml.v2/encode.go
Lines changed: 28 additions & 0 deletions
diff --git a/‎vendor/gopkg.in/yaml.v2/resolve.go
Lines changed: 1 addition & 1 deletion b/‎vendor/gopkg.in/yaml.v2/resolve.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎vendor/gopkg.in/yaml.v2/yaml.go
Lines changed: 6 additions & 28 deletions b/‎vendor/gopkg.in/yaml.v2/yaml.go
Lines changed: 6 additions & 28 deletions
@@ -37,7 +37,7 @@ required = ["github.com/wadey/gocovmerge"]
 
 [[override]]
   name = "github.com/docker/cli"
-  revision = "83751b978155dc889c35e0e49654f76e7cf8d951"
+  revision = "d83cd90464377d4164c8f70248d064b979e5ca98"
 
 [[override]]
   name = "github.com/deislabs/cnab-go"
@@ -96,13 +96,6 @@ required = ["github.com/wadey/gocovmerge"]
   name = "k8s.io/client-go"
   revision = "kubernetes-1.14.1"
 
-# This is using a fork waiting for go-yaml/yaml#375 to be merged
-# This PR allows to set a max decoded value, thus not being exposed to yaml bombs
-[[override]]
-  name = "gopkg.in/yaml.v2"
-  source = "https://github.com/simonferquel/yaml"
-  revision = "c86e64ed9581b7588e736f0c3e6ecc02cc22996e"
-
 [[override]]
   name = "github.com/opencontainers/runtime-spec"
   revision = "29686dbc5559d93fb1ef402eeda3e35c38d75af4"
 
@@ -7,16 +7,12 @@ import (
 	"gopkg.in/yaml.v2"
 )
 
-const (
-	maxDecodedValues = 1000000
-)
-
 // Unmarshal decodes the first document found within the in byte slice
 // and assigns decoded values into the out value.
 //
 // See gopkg.in/yaml.v2 documentation
 func Unmarshal(in []byte, out interface{}) error {
-	d := yaml.NewDecoder(bytes.NewBuffer(in), yaml.WithLimitDecodedValuesCount(maxDecodedValues))
+	d := yaml.NewDecoder(bytes.NewBuffer(in))
 	err := d.Decode(out)
 	if err == io.EOF {
 		return nil
@@ -37,5 +33,5 @@ func Marshal(in interface{}) ([]byte, error) {
 //
 // See gopkg.in/yaml.v2 documentation
 func NewDecoder(r io.Reader) *yaml.Decoder {
-	return yaml.NewDecoder(r, yaml.WithLimitDecodedValuesCount(maxDecodedValues))
+	return yaml.NewDecoder(r)
 }
@@ -21,7 +21,7 @@ h: &h [*g,*g,*g,*g,*g,*g,*g,*g,*g]
 i: &i [*h,*h,*h,*h,*h,*h,*h,*h,*h]`)
 	d := NewDecoder(bytes.NewBuffer(data))
 	err := d.Decode(&v)
-	assert.ErrorContains(t, err, "yaml: exceeded max number of decoded values (1000000)")
+	assert.ErrorContains(t, err, "yaml: document contains excessive aliasing")
 }
 
 func TestUnmarshalYamlBomb(t *testing.T) {
@@ -37,5 +37,5 @@ g: &g [*f,*f,*f,*f,*f,*f,*f,*f,*f]
 h: &h [*g,*g,*g,*g,*g,*g,*g,*g,*g]
 i: &i [*h,*h,*h,*h,*h,*h,*h,*h,*h]`)
 	err := Unmarshal(data, &v)
-	assert.ErrorContains(t, err, "yaml: exceeded max number of decoded values (1000000)")
+	assert.ErrorContains(t, err, "yaml: document contains excessive aliasing")
 }
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ h: &h [g,g,g,g,g,g,g,g,*g]`
`21`	`21`	i: &i [h,h,h,h,h,h,h,h,*h]`)
`22`	`22`	`d := NewDecoder(bytes.NewBuffer(data))`
`23`	`23`	`err := d.Decode(&v)`
`24`		`- assert.ErrorContains(t, err, "yaml: exceeded max number of decoded values (1000000)")`
	`24`	`+ assert.ErrorContains(t, err, "yaml: document contains excessive aliasing")`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`func TestUnmarshalYamlBomb(t *testing.T) {`
`@@ -37,5 +37,5 @@ g: &g [f,f,f,f,f,f,f,f,*f]`
`37`	`37`	`h: &h [g,g,g,g,g,g,g,g,*g]`
`38`	`38`	i: &i [h,h,h,h,h,h,h,h,*h]`)
`39`	`39`	`err := Unmarshal(data, &v)`
`40`		`- assert.ErrorContains(t, err, "yaml: exceeded max number of decoded values (1000000)")`
	`40`	`+ assert.ErrorContains(t, err, "yaml: document contains excessive aliasing")`
`41`	`41`	`}`