chore(deps): update module github.com/containers/image/v5 to v5.30.1 [security] (#1743)
This PR contains the following updates:
Package
Change
Age
Adoption
Passing
Confidence
github.com/containers/image/v5
v5.30.0 -> v5.30.1
WarningSome dependencies could not be looked up. Check the warning logs for more information.
GitHub Vulnerability Alerts
CVE-2024-3727
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
Release Notes
containers/image (github.com/containers/image/v5)
v5.30.1
Compare Source
This fixes CVE-2024-3727 .
Digest values used throughout this library were not always validated. That allowed attackers to trigger, when pulling untrusted images, unexpected authenticated registry accesses on behalf of a victim user.
In less common uses of this library (using other transports or not using the containers/image/v5/copy.Image API), an attacker could also trigger local path traversals or crashes.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
diff --git a/go.mod b/go.mod
index b9260c1..7e141df 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@
require (
github.com/cert-manager/cert-manager v1.14.5
- github.com/containers/image/v5 v5.30.0
+ github.com/containers/image/v5 v5.30.1
github.com/erikgeiser/promptkit v0.9.0
github.com/goccy/go-yaml v1.11.3
github.com/nsf/jsondiff v0.0.0-20230430225905-43f6cf3098c1