GHSA-qv35-3gw6-8q4j: In regclient, pinned manifest digests may be ignored
A malicious registry could return a different digest for a pinned manifest without detection.
References
Detect and mitigate GHSA-qv35-3gw6-8q4j with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →