Thanks to visit codestin.com
Credit goes to github.com

Skip to content

filepath-securejoin v0.5.0 contains MPL-2.0 code which is not allowed per CNCF rules #9518

New issue
New issue
Open
Open
filepath-securejoin v0.5.0 contains MPL-2.0 code which is not allowed per CNCF rules#9518
Labels
lifecycle/frozenIndicates that an issue or PR should not be auto-closed due to staleness.
@Luap99

Description

@Luap99
Luap99
opened on Oct 20, 2025

github.com/cyphar/filepath-securejoin v0.5.0 added MPL-2.0 code which is not allowed in the CNCF license rules by default and requires an exception, see cncf/foundation#1154

We are holding the update in podman, buildah and in our storage library to avoid the bump for now, containers/container-libs#359.

Looks like it was bumped in cadcf47 here, you may need to revert it until it gets an exception.

Metadata

Metadata

Assignees

No one assigned

    Labels

    lifecycle/frozenIndicates that an issue or PR should not be auto-closed due to staleness.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions