You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While we do not believe we are vulnerable, it would be ideal to avoid dependencies that have known CVEs
This will entail upgrading to a version of oras-project/oras-go, the successor to deislabs/oras, that has breaking API changes which need to be handled in this project
See this partial implementation
The text was updated successfully, but these errors were encountered:
We currently rely on a version of
moby/moby, viadeislabs/oras, that has known CVEs (GHSA-2mj3-vfvx-fc43 and GHSA-gh5c-3h97-2f3q)While we do not believe we are vulnerable, it would be ideal to avoid dependencies that have known CVEs
This will entail upgrading to a version of
oras-project/oras-go, the successor todeislabs/oras, that has breaking API changes which need to be handled in this projectSee this partial implementation
The text was updated successfully, but these errors were encountered: