Closed burgerdev closed 1 month ago
This release contains a security fix for confidential pulling of unsigned images: https://github.com/oras-project/rust-oci-client/pull/152.
The upgrade is not trivial, because the crate has been renamed (https://github.com/oras-project/rust-oci-client/issues/142) and there are breaking changes:
Thus, I converted all annotation values from HashMap to BTreeMap, worked around the sigstore::registry::Auth conversion not being implemented for the new crate, and am now passing the stream wrapped by SizedStream.
HashMap
BTreeMap
sigstore::registry::Auth
SizedStream
@burgerdev Thanks for the patch!
I'll hold onto the formatting fix until the other tests ran through.
This release contains a security fix for confidential pulling of unsigned images: https://github.com/oras-project/rust-oci-client/pull/152.
The upgrade is not trivial, because the crate has been renamed (https://github.com/oras-project/rust-oci-client/issues/142) and there are breaking changes:
Thus, I converted all annotation values from
HashMap
toBTreeMap
, worked around thesigstore::registry::Auth
conversion not being implemented for the new crate, and am now passing the stream wrapped bySizedStream
.