spegel/0.0.27-r0: cve remediation (#35698)

Automated commit attempted to bump quic-go dependnecy to remediate GHSA-px8v-pp82-rcvr. However the latest version of quic-go, also required another dependency (go-libp2p) to be upgraded. The good news, upstream already made similar changes in main as part of: spegel-org/spegel#659, they just haven't made it into a release yet. --------------- spegel/0.0.27-r0: fix GHSA-px8v-pp82-rcvr Advisory data: https://github.com/wolfi-dev/advisories/blob/main/spegel.advisories.yaml --------- Signed-off-by: Mark McCormick <[email protected]> Co-authored-by: octo-sts[bot] <[email protected]> Co-authored-by: Mark McCormick <[email protected]>
wolfi-dev · Dec 12, 2024 · ce44887 · ce44887
1 parent f591540
commit ce44887
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/spegel.yaml b/spegel.yaml
@@ -1,7 +1,7 @@
 package:
   name: spegel
   version: 0.0.27
-  epoch: 0
+  epoch: 1
   description: Stateless cluster local OCI registry mirror.
   copyright:
     - license: Apache-2.0
@@ -20,6 +20,10 @@ pipeline:
       tag: v${{package.version}}
       expected-commit: 9237bce5f337fb5362984b5206f7dfb7fbf3aa5d
 
+  - uses: go/bump
+    with:
+      deps: github.com/quic-go/[email protected] github.com/libp2p/[email protected]
+
   - uses: go/build
     with:
       packages: ./