Malte

Maybe explaining this behavior in a few words at [Core cache](https://monitoror.com/documentation/#core-cache) would be nice. Something like > Under the hood, Monitoror caches all results. New requests will only be sent...

Same problem with One Light:  Base 16 (Light) has the expected colors: 

Thanks for the quick response! I did some more scanning and came to the following conclusion: - [CVE-2024-24790](https://avd.aquasec.com/nvd/cve-2024-24790) is a **false-positive** because while the affected gobinary, `usr/local/bin/fixuid`, uses a vulnerable...

>No, looks like most flavors are affected. My scans do not confirm this. Using a newer version of Trivy (`0.67.2`), I can only find false-positives (#6332) ... code-server:4.105.1-focal Command: ```shell...

Interesting! I was not aware of that endpoint in the spec and I haven't looked into the `oras` code as I'm not familiar with go. But do I understand correctly:...

Although the debug logs suggest that `oras copy` does not use the correct `Authorization` header when requesting a token from the URL in the `Www-Authenticate` header. Because directly after getting...

Using the latest version of `oras`: ``` $ oras version Version: 1.3.0+unreleased Go version: go1.25.4 OS/Arch: linux/amd64 Git commit: 6c3e3e5a3e087ef2881cebb310f3d5fb6348b2ab Git tree state: clean ``` I am still unable to...

@wangxiaoxuan273 see my comment https://github.com/oras-project/oras/issues/1892#issuecomment-3521487323. I suspect that oras just send the wrong credentials in the Authorization header when requesting the token.