From 1e894fde4f74887a9c6f0d937859e3c7acb73a50 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Tue, 15 Mar 2022 11:32:37 +0100 Subject: [PATCH] Remove opencontainers/image-spec overwrite Helm now depends on Oras v1.0.x, which contains the right version. Signed-off-by: Hidde Beydals --- go.mod | 5 ----- go.sum | 1 + 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 549af1a1a..f63dcc53d 100644 --- a/go.mod +++ b/go.mod @@ -44,11 +44,6 @@ replace github.com/docker/cli => github.com/docker/cli v20.10.9+incompatible // Fix GO-2021-0087 replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.0.3 -// Fix CVE-2021-41190 -// Due to https://github.com/oras-project/oras-go/blob/v0.4.0/go.mod#L21, -// pulled in by Helm. -replace github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2 - // Fix CVE-2021-43816 // Fix CVE-2022-23648 replace github.com/containerd/containerd => github.com/containerd/containerd v1.5.10 diff --git a/go.sum b/go.sum index 41532f821..f91fabb89 100644 --- a/go.sum +++ b/go.sum @@ -757,6 +757,7 @@ github.com/onsi/gomega v1.17.0 h1:9Luw4uT5HTjHTN8+aNcSThgH1vdXnmdJ8xIfZ4wyTRE= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= +github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM= github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/runc v1.0.3/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=