Merge pull request from GHSA-77vh-xpmg-72qh

vbatts · web-flow · commit 0126d30a9024 · 2021-11-17T13:12:56.000-05:00
Advisory fix 2
diff --git a/image-index.md b/image-index.md
@@ -17,8 +17,9 @@ For the media type(s) that this document is compatible with, see the [matrix][ma
 
 - **`mediaType`** *string*
 
-  This property is *reserved* for use, to [maintain compatibility][matrix].
-  When used, this field contains the media type of this document, which differs from the [descriptor](descriptor.md#properties) use of `mediaType`.
+  This property SHOULD be used and [remain compatible][matrix] with earlier versions of this specification and with other similar external formats.
+  When used, this field MUST contain the media type `application/vnd.oci.image.index.v1+json`.
+  This field usage differs from the [descriptor](descriptor.md#properties) use of `mediaType`.
 
 - **`manifests`** *array of objects*
 
diff --git a/manifest.md b/manifest.md
@@ -22,8 +22,9 @@ Unlike the [image index](image-index.md), which contains information about a set
 
 - **`mediaType`** *string*
 
-  This property is *reserved* for use, to [maintain compatibility](media-types.md#compatibility-matrix).
-  When used, this field contains the media type of this document, which differs from the [descriptor](descriptor.md#properties) use of `mediaType`.
+  This property SHOULD be used and [remain compatible](media-types.md#compatibility-matrix) with earlier versions of this specification and with other similar external formats.
+  When used, this field MUST contain the media type `application/vnd.oci.image.manifest.v1+json`.
+  This field usage differs from the [descriptor](descriptor.md#properties) use of `mediaType`.
 
 - **`config`** *[descriptor](descriptor.md)*
 
diff --git a/specs-go/v1/index.go b/specs-go/v1/index.go
@@ -21,6 +21,9 @@ import "github.com/opencontainers/image-spec/specs-go"
 type Index struct {
 	specs.Versioned
 
+	// MediaType specificies the type of this document data structure e.g. `application/vnd.oci.image.index.v1+json`
+	MediaType string `json:"mediaType,omitempty"`
+
 	// Manifests references platform specific manifests.
 	Manifests []Descriptor `json:"manifests"`
 
diff --git a/specs-go/v1/manifest.go b/specs-go/v1/manifest.go
@@ -20,6 +20,9 @@ import "github.com/opencontainers/image-spec/specs-go"
 type Manifest struct {
 	specs.Versioned
 
+	// MediaType specificies the type of this document data structure e.g. `application/vnd.oci.image.manifest.v1+json`
+	MediaType string `json:"mediaType,omitempty"`
+
 	// Config references a configuration object for a container, by digest.
 	// The referenced configuration object is a JSON blob that the runtime uses to set up the container.
 	Config Descriptor `json:"config"`
diff --git a/specs-go/version.go b/specs-go/version.go
@@ -22,10 +22,10 @@ const (
 	// VersionMinor is for functionality in a backwards-compatible manner
 	VersionMinor = 0
 	// VersionPatch is for backwards-compatible bug fixes
-	VersionPatch = 1
+	VersionPatch = 2
 
 	// VersionDev indicates development branch. Releases will be empty string.
-	VersionDev = ""
+	VersionDev = "-dev"
 )
 
 // Version is the specification version that the package types support.
