chore(deps): update dependency opcr-io/policy to v0.3.3

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
opcr-io/policy	patch	0.3.2 → 0.3.3

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

opcr-io/policy (opcr-io/policy)

v0.3.3: policy v0.3.3

Compare Source

Changelog

• ff42d4c chore/rm wire (#​212)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/policy:0.3.3

📦 Image Reference ghcr.io/uniget-org/tools/policy:0.3.3

digest	sha256:5d327bfbffad68dff91a6308fcd73a14cdf5f44a4ae0de448b17ca7fd3e264be
vulnerabilities
platform	linux/amd64
size	11 MB
packages	105

github.com/docker/cli 29.1.3+incompatible (golang) pkg:golang/github.com/docker/cli@29.1.3+incompatible Uncontrolled Search Path Element Affected range >=19.03.0 <29.2.0 Fixed version 29.2.0 CVSS Score 7 CVSS Vector CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Description This issue affects Docker CLI through 29.1.5 Impact Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user. This issue affects Docker CLI through v29.1.5 (fixed in v29.2.0). It impacts Windows binaries acting as a CLI plugin manager via the github.com/docker/cli/cli-plugins/manager package, which is consumed by downstream projects such as Docker Compose. Docker Compose became affected starting in v2.31.0, when it incorporated the relevant CLI plugin manager code (see docker/compose#12300), and is fixed in v5.1.0. This issue does not impact non-Windows binaries or projects that do not use the plugin manager code. Patches Fixed version starts with 29.2.0 This issue was fixed in docker/cli@1375933 (docker/cli#6713), which removed %PROGRAMDATA%\Docker\cli-plugins from the list of paths used for plugin-discovery on Windows. Workarounds None Resources Pull request: "cli-plugins/manager: remove legacy system-wide cli-plugin path" (cli-plugins/manager: remove legacy system-wide cli-plugin path docker/cli#6713) Patch: https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa.patch Credits Nitesh Surana (niteshsurana.com) of Trend Research of TrendAI

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/22860510086.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/22860510086.