Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / dee947d0775e2302013da34d105078a346e06126^! / .
commitdee947d0775e2302013da34d105078a346e06126[log] [tgz]
authorrenovate[bot] <29139614+renovate[bot]@users.noreply.github.com>Mon Aug 19 11:17:21 2024 +0000
committerGitHub <noreply@github.com>Mon Aug 19 11:17:21 2024 +0000
treeeb9c36c37bf269bf87f8a0bdd8fef059f83c3c71
parentf2ad2894ac834108993ce654784634d4134ce0d1 [diff]
chore(deps): update module github.com/containers/image/v5 to v5.30.1 [security] (#1743)

This PR contains the following updates:



Package
Change
Age
Adoption
Passing
Confidence




github.com/containers/image/v5
v5.30.0 -> v5.30.1








WarningSome dependencies could not be looked up. Check the warning logs for more information.

GitHub Vulnerability Alerts
CVE-2024-3727
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Release Notes

containers/image (github.com/containers/image/v5)
v5.30.1
Compare Source
This fixes CVE-2024-3727 .
Digest values used throughout this library were not always validated. That allowed attackers to trigger, when pulling untrusted images, unexpected authenticated registry accesses on behalf of a victim user.
In less common uses of this library (using other transports or not using the containers/image/v5/copy.Image API), an attacker could also trigger local path traversals or crashes.


Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.


 If you want to rebase/retry this PR, check this box


This PR was generated by Mend Renovate. View the repository job log.
diff --git a/go.mod b/go.mod
index b9260c1..7e141df 100644
--- a/go.mod
+++ b/go.mod

@@ -6,7 +6,7 @@
 
 require (
 	github.com/cert-manager/cert-manager v1.14.5
-	github.com/containers/image/v5 v5.30.0
+	github.com/containers/image/v5 v5.30.1
 	github.com/erikgeiser/promptkit v0.9.0
 	github.com/goccy/go-yaml v1.11.3
 	github.com/nsf/jsondiff v0.0.0-20230430225905-43f6cf3098c1

diff --git a/go.sum b/go.sum
index 22ec6f5..48e0512 100644
--- a/go.sum
+++ b/go.sum

@@ -87,6 +87,8 @@
 github.com/containers/image/v5 v5.29.2/go.mod h1:kQ7qcDsps424ZAz24thD+x7+dJw1vgur3A9tTDsj97E=
 github.com/containers/image/v5 v5.30.0 h1:CmHeSwI6W2kTRWnUsxATDFY5TEX4b58gPkaQcEyrLIA=
 github.com/containers/image/v5 v5.30.0/go.mod h1:gSD8MVOyqBspc0ynLsuiMR9qmt8UQ4jpVImjmK0uXfk=
+github.com/containers/image/v5 v5.30.1 h1:AKrQMgOKI1oKx5FW5eoU2xoNyzACajHGx1O3qxobvFM=
+github.com/containers/image/v5 v5.30.1/go.mod h1:gSD8MVOyqBspc0ynLsuiMR9qmt8UQ4jpVImjmK0uXfk=
 github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA=
 github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
 github.com/containers/ocicrypt v1.1.9 h1:2Csfba4jse85Raxk5HIyEk8OwZNjRvfkhEGijOjIdEM=