Skip to content

Commit c5bfe4f

Browse files
hiddecohiddeco
committed
Update github.com/docker/distribution to v2.8.0
This mitigates GMS-2022-20. Signed-off-by: Hidde Beydals <[email protected]>
1 parent a4d6bbc commit c5bfe4f

File tree

2 files changed

+20
-18
lines changed

2 files changed

+20
-18
lines changed

go.mod

Lines changed: 20 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,26 @@ require (
5555
// TODO: Remove once Helm version with patch is released.
5656
replace helm.sh/helm/v3 v3.8.1 => github.com/hiddeco/helm/v3 v3.8.2-0.20220311115129-ae3ec836f6eb
5757

58+
// Fix CVE-2021-41092
59+
replace github.com/docker/cli => github.com/docker/cli v20.10.9+incompatible
60+
61+
// Fix GMS-2022-20
62+
replace github.com/docker/distribution => github.com/docker/distribution v2.8.0+incompatible
63+
64+
// Fix CVE-2021-30465
65+
// Fix CVE-2021-43784
66+
// Fix CVE-2019-16884
67+
// Fix GO-2021-0085
68+
// Fix GO-2021-0087
69+
replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.0
70+
71+
// Fix CVE-2021-41190
72+
replace github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2
73+
74+
// Fix CVE-2022-23648
75+
// Fix CVE-2021-43816
76+
replace github.com/containerd/containerd => github.com/containerd/containerd v1.6.1
77+
5878
require (
5979
cloud.google.com/go v0.99.0 // indirect
6080
github.com/Azure/azure-sdk-for-go/sdk/internal v0.9.1 // indirect
@@ -213,20 +233,3 @@ require (
213233
sigs.k8s.io/kustomize/kyaml v0.13.0 // indirect
214234
sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
215235
)
216-
217-
// Fix CVE-2021-41092
218-
replace github.com/docker/cli => github.com/docker/cli v20.10.9+incompatible
219-
220-
// Fix CVE-2021-30465
221-
// Fix CVE-2021-43784
222-
// Fix CVE-2019-16884
223-
// Fix GO-2021-0085
224-
// Fix GO-2021-0087
225-
replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.0
226-
227-
// Fix CVE-2021-41190
228-
replace github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2
229-
230-
// Fix CVE-2022-23648
231-
// Fix CVE-2021-43816
232-
replace github.com/containerd/containerd => github.com/containerd/containerd v1.6.1

go.sum

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -282,7 +282,6 @@ github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
282282
github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
283283
github.com/docker/cli v20.10.9+incompatible h1:OJ7YkwQA+k2Oi51lmCojpjiygKpi76P7bg91b2eJxYU=
284284
github.com/docker/cli v20.10.9+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
285-
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
286285
github.com/docker/distribution v2.8.0+incompatible h1:l9EaZDICImO1ngI+uTifW+ZYvvz7fKISBAKpg+MbWbY=
287286
github.com/docker/distribution v2.8.0+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
288287
github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=

0 commit comments

Comments
 (0)