Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump up notation verifier with notation-plugin-framework-go #1738

Closed
1 task done
junczhu opened this issue Aug 22, 2024 · 1 comment
Closed
1 task done

Bump up notation verifier with notation-plugin-framework-go #1738

junczhu opened this issue Aug 22, 2024 · 1 comment
Assignees
Labels
enhancement New feature or request triage Needs investigation

Comments

@junczhu
Copy link
Collaborator

junczhu commented Aug 22, 2024

What would you like to be added?

Summary

Found a dependency upgrade in notation verifier.

Details

Suggest bump up to github.com/notaryproject/notation-plugin-framework-go v1.0.0

Error: pkg/verifier/notation/pluginmanager.go:42:70: SA1019: plugin.Plugin is deprecated: Plugin exists for historical compatibility and should not be used. To access Plugin, use the notation-plugin-framework-go's plugin.Plugin type. (staticcheck)
  func (m *RatifyPluginManager) Get(ctx context.Context, name string) (plugin.Plugin, error) {

PoC

Complete instructions, including specific configuration details, to reproduce the vulnerability.

Impact

What kind of vulnerability is it? Who is impacted?

Anything else you would like to add?

No response

Are you willing to submit PRs to contribute to this feature?

  • Yes, I am willing to implement it.
@junczhu junczhu added enhancement New feature or request triage Needs investigation labels Aug 22, 2024
@junczhu junczhu self-assigned this Aug 22, 2024
@junczhu
Copy link
Collaborator Author

junczhu commented Aug 28, 2024

fixed in #1685

@junczhu junczhu closed this as completed Aug 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request triage Needs investigation
Projects
None yet
Development

No branches or pull requests

1 participant