From 9c6a2e72ffb7ee78124c85442772520a49e2ed36 Mon Sep 17 00:00:00 2001 From: Daniel Jiang Date: Wed, 16 Sep 2020 17:13:05 +0800 Subject: [PATCH] bump up version of docker depdendency docker v1.4.2 is quite old and considered vulnerable (CVSv3 > 9) for some scanners. This commit bumps up its version and does minor cleanup to go.mod Signed-off-by: Daniel Jiang --- go.mod | 7 +++---- go.sum | 4 +++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index cb6fed8d0..1e48d83df 100644 --- a/go.mod +++ b/go.mod @@ -3,12 +3,11 @@ module github.com/deislabs/oras go 1.13 replace ( - github.com/Azure/go-autorest => github.com/Azure/go-autorest v13.3.2+incompatible - github.com/Sirupsen/logrus => github.com/sirupsen/logrus v1.4.2 + github.com/docker/docker => github.com/moby/moby v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible github.com/docker/distribution => github.com/docker/distribution v0.0.0-20191216044856-a8371794149d - github.com/docker/docker => github.com/moby/moby v1.4.2-0.20200203170920-46ec8731fbce ) + require ( github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect github.com/Microsoft/hcsshim v0.8.7 // indirect @@ -16,7 +15,7 @@ require ( github.com/containerd/continuity v0.0.0-20200107194136-26c1120b8d41 // indirect github.com/docker/cli v0.0.0-20200130152716-5d0cf8839492 github.com/docker/distribution v0.0.0-20191216044856-a8371794149d - github.com/docker/docker v1.4.2-0.20200203170920-46ec8731fbce + github.com/docker/docker v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible github.com/docker/docker-credential-helpers v0.6.3 // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/gogo/protobuf v1.3.1 // indirect diff --git a/go.sum b/go.sum index 586c105a1..6affa5a22 100644 --- a/go.sum +++ b/go.sum @@ -4,7 +4,7 @@ cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-autorest v13.3.2+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 h1:ygIc8M6trr62pF5DucadTWGdEB4mEyvzi0e2nbcmcyA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= @@ -127,6 +127,8 @@ github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f h1:2+myh5ml7lgEU/5 github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= github.com/moby/moby v1.4.2-0.20200203170920-46ec8731fbce h1:ZuDDjqUI/HjNqxat753hIMBiy4qm4iFF8hI4xZ/+oY8= github.com/moby/moby v1.4.2-0.20200203170920-46ec8731fbce/go.mod h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc= +github.com/moby/moby v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible h1:NT0cwArZg/wGdvY8pzej4tPr+9WGmDdkF8Suj+mkz2g= +github.com/moby/moby v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible/go.mod h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=