From c5bfe4f227140ba2e1358e8078b6ddd7c4bc390c Mon Sep 17 00:00:00 2001
From: Hidde Beydals <hello@hidde.co>
Date: Tue, 15 Mar 2022 22:10:53 +0100
Subject: [PATCH] Update github.com/docker/distribution to v2.8.0

This mitigates GMS-2022-20.

Signed-off-by: Hidde Beydals <hello@hidde.co>
---
 go.mod | 37 ++++++++++++++++++++-----------------
 go.sum |  1 -
 2 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/go.mod b/go.mod
index a115bc3a..7de9e1e7 100644
--- a/go.mod
+++ b/go.mod
@@ -55,6 +55,26 @@ require (
 // TODO: Remove once Helm version with patch is released.
 replace helm.sh/helm/v3 v3.8.1 => github.com/hiddeco/helm/v3 v3.8.2-0.20220311115129-ae3ec836f6eb
 
+// Fix CVE-2021-41092
+replace github.com/docker/cli => github.com/docker/cli v20.10.9+incompatible
+
+// Fix GMS-2022-20
+replace github.com/docker/distribution => github.com/docker/distribution v2.8.0+incompatible
+
+// Fix CVE-2021-30465
+// Fix CVE-2021-43784
+// Fix CVE-2019-16884
+// Fix GO-2021-0085
+// Fix GO-2021-0087
+replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.0
+
+// Fix CVE-2021-41190
+replace github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2
+
+// Fix CVE-2022-23648
+// Fix CVE-2021-43816
+replace github.com/containerd/containerd => github.com/containerd/containerd v1.6.1
+
 require (
 	cloud.google.com/go v0.99.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v0.9.1 // indirect
@@ -213,20 +233,3 @@ require (
 	sigs.k8s.io/kustomize/kyaml v0.13.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
 )
-
-// Fix CVE-2021-41092
-replace github.com/docker/cli => github.com/docker/cli v20.10.9+incompatible
-
-// Fix CVE-2021-30465
-// Fix CVE-2021-43784
-// Fix CVE-2019-16884
-// Fix GO-2021-0085
-// Fix GO-2021-0087
-replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.0
-
-// Fix CVE-2021-41190
-replace github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2
-
-// Fix CVE-2022-23648
-// Fix CVE-2021-43816
-replace github.com/containerd/containerd => github.com/containerd/containerd v1.6.1
diff --git a/go.sum b/go.sum
index 490b410d..d1c24117 100644
--- a/go.sum
+++ b/go.sum
@@ -282,7 +282,6 @@ github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
 github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
 github.com/docker/cli v20.10.9+incompatible h1:OJ7YkwQA+k2Oi51lmCojpjiygKpi76P7bg91b2eJxYU=
 github.com/docker/cli v20.10.9+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/distribution v2.8.0+incompatible h1:l9EaZDICImO1ngI+uTifW+ZYvvz7fKISBAKpg+MbWbY=
 github.com/docker/distribution v2.8.0+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=