-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This "fixes" CVE-2020-8945 by incorporating proglottis/gpgme#23 . The code is not actually used, for two reasons: - Nothing in this repository invokes signature verification (the subpackage is only used to generate contents of policy.json) - Builds use the 'containers_image_openpgp' build tag, which switches to the non-gpgme signature backend. This updates the vendored code anyway - to avoid false positives when scanning for vulnerabilities - so that we don't have to worry about any future changes in this repository enabling those code paths. Performed by $ go get github.com/mtrmac/[email protected] && make go-deps Signed-off-by: Miloslav Trmač <[email protected]>
- Loading branch information
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.