Skip to content

Commit 4ce413b

Browse files
viccuadviccuad
committed
deps: Downgrade oci-client to 0.15
In oci-client 0.16.0, parse_expiration_from_jwt uses jsonwebtoken::dangerous::insecure_decode to parse the bearer token. Registries like GHCR.io issue opaque tokens (not JWTs), so this decode fails, returning early and not caching the token. The kwctl pull suceeds because the token is used directly in the HTTP requests, but without the cache, each request will fetch a fresh token, and this will happen for each layer pull, which amounts to a performance penalty. This needs to be fixed upstream, but meanwhile, we can downgrade oci-client to 0.15 in policy-fetcher. Signed-off-by: Víctor Cuadrado Juan <vcuadradojuan@suse.de>
1 parent b40e971 commit 4ce413b

2 files changed

Lines changed: 4 additions & 62 deletions

File tree

Cargo.lock

Lines changed: 3 additions & 61 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

crates/policy-fetcher/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ directories = "6.0"
2020
docker_credential = "1.3"
2121
futures = { workspace = true }
2222
lazy_static = { workspace = true }
23-
oci-client = { version = "0.16", default-features = false, features = [
23+
oci-client = { version = "0.15", default-features = false, features = [
2424
"rustls-tls",
2525
] }
2626
path-slash = "0.2"

0 commit comments

Comments
 (0)