From 6d593b468f3667c95a8ca1bf430d3c750cb0665c Mon Sep 17 00:00:00 2001 From: Ramkumar Chinchani Date: Tue, 3 May 2022 20:39:13 +0000 Subject: [PATCH] dependabot alert: fix CVE-2022-29810 https://github.com/project-zot/zot/security/dependabot/14 Signed-off-by: Ramkumar Chinchani --- go.mod | 1 + go.sum | 4 ++-- golangcilint.yaml | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 91068ca6..6f9a4954 100644 --- a/go.mod +++ b/go.mod @@ -421,6 +421,7 @@ replace ( github.com/aquasecurity/trivy => github.com/project-zot/trivy v0.9.2-0.20211013001708-27408aa50da3 github.com/aquasecurity/trivy-db => github.com/project-zot/trivy-db v0.0.0-20211007191113-44f7e57b689c github.com/containers/image/v5 => github.com/anuvu/image/v5 v5.0.0-20211118175920-feae9c2f0d91 + github.com/hashicorp/go-getter => github.com/hashicorp/go-getter v1.5.11 github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5 go.opentelemetry.io/otel => go.opentelemetry.io/otel v0.20.0 go.opentelemetry.io/otel/exporters/otlp => go.opentelemetry.io/otel/exporters/otlp v0.20.0 diff --git a/go.sum b/go.sum index 97bc3678..55afed1b 100644 --- a/go.sum +++ b/go.sum @@ -1562,8 +1562,8 @@ github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtng github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-getter v1.5.2 h1:XDo8LiAcDisiqZdv0TKgz+HtX3WN7zA2JD1R1tjsabE= -github.com/hashicorp/go-getter v1.5.2/go.mod h1:orNH3BTYLu/fIxGIdLjLoAJHWMDQ/UKQr5O4m3iBuoo= +github.com/hashicorp/go-getter v1.5.11 h1:wioTuNmaBU3IE9vdFtFMcmZWj0QzLc6DYaP6sNe5onY= +github.com/hashicorp/go-getter v1.5.11/go.mod h1:9i48BP6wpWweI/0/+FBjqLrp9S8XtwUGjiu0QkWHEaY= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= diff --git a/golangcilint.yaml b/golangcilint.yaml index d4d68df3..14124c71 100644 --- a/golangcilint.yaml +++ b/golangcilint.yaml @@ -54,3 +54,4 @@ linters-settings: - go.opentelemetry.io/otel/exporters/otlp - go.opentelemetry.io/otel/metric - go.opentelemetry.io/otel/sdk + - github.com/hashicorp/go-getter