From 3ddc44e28b6a5d3d6bf6e1c4c651602180679e2d Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dirk@dmllr.de>
Date: Tue, 26 Jan 2021 20:09:11 +0100
Subject: [PATCH] Update oras to 0.9.0 to fix "zip slip" vulnerability

See https://github.com/deislabs/oras/security/advisories/GHSA-g5v4-5x39-vwhx
for details

Signed-off-by: Dirk Mueller <dirk@dmllr.de>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
---
 tests/e2e-image/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/e2e-image/Dockerfile b/tests/e2e-image/Dockerfile
index bb3f45240..02f6229a6 100644
--- a/tests/e2e-image/Dockerfile
+++ b/tests/e2e-image/Dockerfile
@@ -117,9 +117,9 @@ RUN wget https://get.helm.sh/helm-v3.3.3-linux-amd64.tar.gz && tar zxvf helm-v3.
     mv linux-amd64/helm /usr/local/bin/helm3 && \
     helm3 plugin install https://github.com/chartmuseum/helm-push
 
-RUN curl -LO https://github.com/deislabs/oras/releases/download/v0.8.1/oras_0.8.1_linux_amd64.tar.gz && \
+RUN curl -LO https://github.com/deislabs/oras/releases/download/v0.9.0/oras_0.9.0_linux_amd64.tar.gz && \
     mkdir -p oras-install/  && \
-    tar -zxf oras_0.8.1_*.tar.gz -C oras-install/  && \
+    tar -zxf oras_0.9.0_*.tar.gz -C oras-install/  && \
     mv oras-install/oras /usr/local/bin/
 
 RUN wget https://github.com/theupdateframework/notary/releases/download/v0.6.1/notary-Linux-amd64 && \