Skip to content

Commit baecd3b

Browse files
perdasilvaPer Goncalves da Silva
perdasilva
and
Per Goncalves da Silva
authored
🌱 bump containers/image to v5.33.0 (#1620)
* bump containers/images to v5.33.0 Signed-off-by: Per Goncalves da Silva <[email protected]> * patch default policy load error handling Signed-off-by: Per Goncalves da Silva <[email protected]> --------- Signed-off-by: Per Goncalves da Silva <[email protected]> Co-authored-by: Per Goncalves da Silva <[email protected]>
1 parent 4223731 commit baecd3b

File tree

4 files changed

+68
-58
lines changed

4 files changed

+68
-58
lines changed

catalogd/internal/source/containers_image.go

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,8 @@ import (
3333

3434
const ConfigDirLabel = "operators.operatorframework.io.index.configs.v1"
3535

36+
var insecurePolicy = []byte(`{"default":[{"type":"insecureAcceptAnything"}]}`)
37+
3638
type ContainersImageRegistry struct {
3739
BaseCachePath string
3840
SourceContextFunc func(logger logr.Logger) (*types.SystemContext, error)
@@ -249,9 +251,11 @@ func resolveCanonicalRef(ctx context.Context, imgRef reference.Named, imageCtx *
249251

250252
func loadPolicyContext(sourceContext *types.SystemContext, l logr.Logger) (*signature.PolicyContext, error) {
251253
policy, err := signature.DefaultPolicy(sourceContext)
252-
if os.IsNotExist(err) {
254+
// TODO: there are security implications to silently moving to an insecure policy
255+
// tracking issue: https://github.com/operator-framework/operator-controller/issues/1622
256+
if err != nil {
253257
l.Info("no default policy found, using insecure policy")
254-
policy, err = signature.NewPolicyFromBytes([]byte(`{"default":[{"type":"insecureAcceptAnything"}]}`))
258+
policy, err = signature.NewPolicyFromBytes(insecurePolicy)
255259
}
256260
if err != nil {
257261
return nil, fmt.Errorf("error loading default policy: %w", err)

go.mod

Lines changed: 18 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ require (
88
github.com/Masterminds/semver/v3 v3.3.1
99
github.com/blang/semver/v4 v4.0.0
1010
github.com/containerd/containerd v1.7.25
11-
github.com/containers/image/v5 v5.32.2
11+
github.com/containers/image/v5 v5.33.0
1212
github.com/fsnotify/fsnotify v1.8.0
1313
github.com/go-logr/logr v1.4.2
1414
github.com/google/go-cmp v0.6.0
@@ -23,7 +23,7 @@ require (
2323
github.com/prometheus/client_golang v1.20.5
2424
github.com/spf13/pflag v1.0.5
2525
github.com/stretchr/testify v1.10.0
26-
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
26+
golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c
2727
gopkg.in/yaml.v2 v2.4.0
2828
helm.sh/helm/v3 v3.16.4
2929
k8s.io/api v0.32.0
@@ -50,7 +50,7 @@ require (
5050
github.com/Masterminds/sprig/v3 v3.3.0 // indirect
5151
github.com/Masterminds/squirrel v1.5.4 // indirect
5252
github.com/Microsoft/go-winio v0.6.2 // indirect
53-
github.com/Microsoft/hcsshim v0.12.5 // indirect
53+
github.com/Microsoft/hcsshim v0.12.9 // indirect
5454
github.com/VividCortex/ewma v1.2.0 // indirect
5555
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
5656
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
@@ -63,15 +63,16 @@ require (
6363
github.com/containerd/containerd/api v1.8.0 // indirect
6464
github.com/containerd/continuity v0.4.4 // indirect
6565
github.com/containerd/errdefs v0.3.0 // indirect
66+
github.com/containerd/errdefs/pkg v0.3.0 // indirect
6667
github.com/containerd/log v0.1.0 // indirect
6768
github.com/containerd/platforms v0.2.1 // indirect
6869
github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
6970
github.com/containerd/ttrpc v1.2.5 // indirect
70-
github.com/containerd/typeurl/v2 v2.1.1 // indirect
71+
github.com/containerd/typeurl/v2 v2.2.0 // indirect
7172
github.com/containers/common v0.60.4 // indirect
7273
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
7374
github.com/containers/ocicrypt v1.2.0 // indirect
74-
github.com/containers/storage v1.55.0 // indirect
75+
github.com/containers/storage v1.56.0 // indirect
7576
github.com/cppforlife/cobrautil v0.0.0-20221130162803-acdfead391ef // indirect
7677
github.com/cppforlife/color v1.9.1-0.20200716202919-6706ac40b835 // indirect
7778
github.com/cppforlife/go-cli-ui v0.0.0-20220425131040-94f26b16bc14 // indirect
@@ -81,7 +82,7 @@ require (
8182
github.com/distribution/reference v0.6.0 // indirect
8283
github.com/docker/cli v27.3.1+incompatible // indirect
8384
github.com/docker/distribution v2.8.3+incompatible // indirect
84-
github.com/docker/docker v27.2.0+incompatible // indirect
85+
github.com/docker/docker v27.3.1+incompatible // indirect
8586
github.com/docker/docker-credential-helpers v0.8.2 // indirect
8687
github.com/docker/go-connections v0.5.0 // indirect
8788
github.com/docker/go-metrics v0.0.1 // indirect
@@ -98,7 +99,7 @@ require (
9899
github.com/go-git/go-billy/v5 v5.6.1 // indirect
99100
github.com/go-git/go-git/v5 v5.13.1 // indirect
100101
github.com/go-gorp/gorp/v3 v3.1.0 // indirect
101-
github.com/go-jose/go-jose/v4 v4.0.2 // indirect
102+
github.com/go-jose/go-jose/v4 v4.0.4 // indirect
102103
github.com/go-logr/stdr v1.2.2 // indirect
103104
github.com/go-openapi/analysis v0.23.0 // indirect
104105
github.com/go-openapi/errors v0.22.0 // indirect
@@ -126,7 +127,7 @@ require (
126127
github.com/gorilla/websocket v1.5.0 // indirect
127128
github.com/gosuri/uitable v0.0.4 // indirect
128129
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
129-
github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
130+
github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
130131
github.com/h2non/filetype v1.1.3 // indirect
131132
github.com/h2non/go-is-svg v0.0.0-20160927212452-35e8c4b0612c // indirect
132133
github.com/hashicorp/errwrap v1.1.0 // indirect
@@ -144,7 +145,7 @@ require (
144145
github.com/klauspost/pgzip v1.2.6 // indirect
145146
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
146147
github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
147-
github.com/letsencrypt/boulder v0.0.0-20240418210053-89b07f4543e0 // indirect
148+
github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect
148149
github.com/lib/pq v1.10.9 // indirect
149150
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
150151
github.com/mailru/easyjson v0.7.7 // indirect
@@ -160,6 +161,7 @@ require (
160161
github.com/mitchellh/reflectwalk v1.0.2 // indirect
161162
github.com/moby/locker v1.0.1 // indirect
162163
github.com/moby/spdystream v0.5.0 // indirect
164+
github.com/moby/sys/capability v0.3.0 // indirect
163165
github.com/moby/sys/mountinfo v0.7.2 // indirect
164166
github.com/moby/sys/sequential v0.5.0 // indirect
165167
github.com/moby/sys/user v0.3.0 // indirect
@@ -181,16 +183,16 @@ require (
181183
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
182184
github.com/proglottis/gpgme v0.1.3 // indirect
183185
github.com/prometheus/client_model v0.6.1 // indirect
184-
github.com/prometheus/common v0.55.0 // indirect
186+
github.com/prometheus/common v0.57.0 // indirect
185187
github.com/prometheus/procfs v0.15.1 // indirect
186188
github.com/rivo/uniseg v0.4.7 // indirect
187189
github.com/rubenv/sql-migrate v1.7.0 // indirect
188190
github.com/russross/blackfriday/v2 v2.1.0 // indirect
189191
github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
190192
github.com/shopspring/decimal v1.4.0 // indirect
191-
github.com/sigstore/fulcio v1.4.5 // indirect
193+
github.com/sigstore/fulcio v1.6.4 // indirect
192194
github.com/sigstore/rekor v1.3.6 // indirect
193-
github.com/sigstore/sigstore v1.8.4 // indirect
195+
github.com/sigstore/sigstore v1.8.9 // indirect
194196
github.com/sirupsen/logrus v1.9.3 // indirect
195197
github.com/spf13/cast v1.7.0 // indirect
196198
github.com/spf13/cobra v1.8.1 // indirect
@@ -200,8 +202,8 @@ require (
200202
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
201203
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
202204
github.com/ulikunitz/xz v0.5.12 // indirect
203-
github.com/vbatts/tar-split v0.11.5 // indirect
204-
github.com/vbauerster/mpb/v8 v8.7.5 // indirect
205+
github.com/vbatts/tar-split v0.11.6 // indirect
206+
github.com/vbauerster/mpb/v8 v8.8.3 // indirect
205207
github.com/vito/go-interact v1.0.1 // indirect
206208
github.com/vmware-tanzu/carvel-kapp-controller v0.51.0 // indirect
207209
github.com/x448/float16 v0.8.4 // indirect
@@ -231,9 +233,9 @@ require (
231233
golang.org/x/time v0.7.0 // indirect
232234
golang.org/x/tools v0.28.0 // indirect
233235
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
234-
google.golang.org/genproto v0.0.0-20240311173647-c811ad7063a7 // indirect
236+
google.golang.org/genproto v0.0.0-20240823204242-4ba0660f739c // indirect
235237
google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7 // indirect
236-
google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 // indirect
238+
google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
237239
google.golang.org/grpc v1.67.1 // indirect
238240
google.golang.org/protobuf v1.36.1 // indirect
239241
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect

0 commit comments

Comments
 (0)