Skip to content
This repository was archived by the owner on Mar 24, 2026. It is now read-only.

Modify patch to update google/go-containerregistry from 0.14.0 to 0.16.0 in rules_oci#14

Open
murphys0709 wants to merge 1 commit into
privacysandbox:mainfrom
murphys0709:UpdateDepsRulesOCI
Open

Modify patch to update google/go-containerregistry from 0.14.0 to 0.16.0 in rules_oci#14
murphys0709 wants to merge 1 commit into
privacysandbox:mainfrom
murphys0709:UpdateDepsRulesOCI

Conversation

@murphys0709

Copy link
Copy Markdown

A security issue was discovered in docker in 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. A fix was landed in docker 23.0.15

google/go-containerregistry 0.14.0 was dependent on an outdated version of docker. In this commit on May 31st , the version of docker was update to 24.0.0, which should include the required fix. That commit was released in google/go-containerregistry 0.16.0

This PR increments google/go-containerregistry from 0.14.0 to 0.16.0 to address the security concern.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant