[release/1.7] vendor: github.com/containerd/imgcrypt@v1.1.8 #10215
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue
release/1.7 is showing warnings from indirect dependency gopkg.in/square/go-jose/v2 with no recommendation to resolve.
Description
This change vendors containerd/imgcrypt@v1.1.8 which updates its dependency on square/go-jose/v2 (deprecated) to go-jose/go-jose/v3 (recommended) to resolve warnings for https://pkg.go.dev/vuln/GO-2024-2631.
With 638b474, containerd/imgcrypt was temporarily removed in main, so there would not be a commit to cherry-pick for this change.
full diff:
containerd/imgcrypt@v1.1.7...v1.1.8
Signed-off-by: Austin Vazquez macedonv@amazon.com