> go get github.com/containers/image/v5@main
> go mod tidy && go mod vendor
This updates c/image with a new version of x/exp.
That package has changed API in an incompatible way,
so just bumping x/exp (as in https://github.com/containers/skopeo/pull/2060 )
would break Skopeo builds.
This updates both c/image and x/exp in lockstep (and nothing
needs updating in Skopeo itself for the x/exp breakage).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
> go get github.com/containers/image/v5@main
> go mod tidy -go=1.16 && go mod tidy -go=1.17
> make vendor
The (go mod tidy) pair is necessary to keep c/image CI working.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... to include a fix for
https://github.com/advisories/GHSA-c2h3-6mxw-7mvq .
(Note that Skopeo doesn't depend on the vulnerable code,
so this is primarily to avoid dependency checker warnings.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
