Skip to content

Commit

Permalink
oras/1.2.1-r0: cve remediation (#36665)
Browse files Browse the repository at this point in the history
Automated CVE Update.
Set correct go/bump path via modroot

-------


oras/1.2.1-r0: fix GHSA-v778-237x-gjrc

Advisory data:
https://github.com/wolfi-dev/advisories/blob/main/oras.advisories.yaml

---------

Signed-off-by: Mark McCormick <[email protected]>
Co-authored-by: octo-sts[bot] <[email protected]>
Co-authored-by: Mark McCormick <[email protected]>
  • Loading branch information
3 people authored Dec 17, 2024
1 parent 264645b commit b4cf89b
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions oras.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package:
name: oras
version: 1.2.1
epoch: 0
epoch: 1
description: OCI registry client - managing content like artifacts, images, packages.
copyright:
- license: Apache-2.0
Expand All @@ -21,11 +21,13 @@ pipeline:
with:
repository: https://github.com/oras-project/oras
tag: v${{package.version}}
destination: oras
expected-commit: a0228556766b6276010d8feb937af512e8a50808

- uses: go/bump
with:
deps: golang.org/x/[email protected]

- runs: |
cd oras
GOARCH=$(go env GOARCH)
make build-linux-${GOARCH}
install -m755 -D ./bin/linux/${GOARCH}/oras "${{targets.destdir}}"/usr/bin/oras
Expand Down

0 comments on commit b4cf89b

Please sign in to comment.