02b482013c
vendor: golang.org/x/net v0.23.0
...
full diff: https://github.com/golang/net/compare/v0.22.0...v0.23.0
Includes a fix for CVE-2023-45288, which is also addressed in go1.22.2
and go1.21.9;
> http2: close connections when receiving too many headers
>
> Maintaining HPACK state requires that we parse and process
> all HEADERS and CONTINUATION frames on a connection.
> When a request's headers exceed MaxHeaderBytes, we don't
> allocate memory to store the excess headers but we do
> parse them. This permits an attacker to cause an HTTP/2
> endpoint to read arbitrary amounts of data, all associated
> with a request which is going to be rejected.
>
> Set a limit on the amount of excess header frames we
> will process before closing a connection.
>
> Thanks to Bartek Nowotarski for reporting this issue.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5fcbbde4b9
2024-07-22 17:01:43 +00:00
e2dad1bd3f
vendor: golang.org/x/net v0.22.0, golang.org/x/crypto v0.21.0
...
full diffs changes relevant to vendored code:
- https://github.com/golang/net/compare/v0.19.0...v0.22.0
- http2: remove suspicious uint32->v conversion in frame code
- http2: send an error of FLOW_CONTROL_ERROR when exceed the maximum octets
- https://github.com/golang/crypto/compare/v0.17.0...v0.21.0
- (no changes in vendored code)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 4745b957d2
2024-07-22 17:01:43 +00:00
df5d652d99
vendor: golang.org/x/term v0.18.0
...
no changes in vendored code
full diff: https://github.com/golang/term/compare/v0.15.0...v0.18.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c7a50ebb9f
2024-07-22 17:01:43 +00:00
82a04c86b3
vendor: golang.org/x/sys v0.18.0
...
full diff: https://github.com/golang/sys/compare/v0.16.0...v0.18.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9a2133f2d4
2024-07-22 17:01:40 +00:00
c2be159764
vendor: github.com/docker/docker e63daec8672d (v25.0.5-dev)
...
full diff: 061aa95809...e63daec867
2024-03-19 15:43:45 +01:00
833128bce5
vendor: github.com/docker/docker 061aa95809be396a6
...
no change in vendored files
full diff: 9e526bc394...061aa95809
2024-03-06 15:08:04 +01:00
ce113a74af
vendor: github.com/docker/docker 9e526bc3943c
...
no change in vendored files
full diff: 51e876cd96...9e526bc394
2024-03-05 22:15:37 +01:00
0735e78cc9
vendor: github.com/docker/docker 25.0.4-51e876cd96
...
full diff: https://github.com/docker/docker/compare/v25.0.3...51e876cd964c4bb1f0a7c1bc24ecab9321b3ff1c
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-04 12:58:21 +01:00
e456704864
vendor: github.com/docker/docker v25.0.3
...
full diff: https://github.com/docker/docker/compare/v25.0.2...v25.0.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-07 02:20:23 +01:00
62b2963b80
vendor: github.com/docker/docker v25.0.2
...
no changes in vendored code
full diff: https://github.com/docker/docker/compare/v25.0.1...v25.0.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-01 04:12:31 +01:00
71f2b0d109
vendor: github.com/docker/docker v25.0.1
...
relevant changes:
- Fix isGitURL regular expression
- pkg/system: return even richer xattr errors
full diff: https://github.com/moby/moby/compare/v25.0.0...v25.0.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 4b1ed1f442
2024-02-01 04:11:47 +01:00
68abf14c15
vendor: github.com/docker/docker v25.0.0
...
full diff: https://github.com/docker/docker/compare/v25.0.0-rc.3...v25.0.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 337dd82d8b
2024-01-19 15:07:25 +01:00
cdb1c105f6
vendor: github.com/docker/docker v25.0.0-rc.3
...
full diff: https://github.com/moby/moby/compare/v25.0.0-rc.2...v25.0.0-rc.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-17 23:28:28 +01:00
21c2536051
vendor: golang.org/x/sys v0.16.0
...
full diff: https://github.com/golang/sys/compare/v0.15.0...v0.16.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-15 12:01:27 +01:00
d868dca00f
vendor: github.com/docker/docker v25.0.0-rc.2
...
- feat: make errdefs.IsXXX helper functions work with wrapped errors
full diff: https://github.com/moby/moby/compare/v25.0.0-rc.1...v25.0.0-rc.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-13 02:08:29 +01:00
8b6ffbdf77
vendor: github.com/containerd/containerd v1.7.12
...
- full diff: https://github.com/containerd/containerd/compare/v1.7.11...v1.7.12
- release notes: https://github.com/containerd/containerd/releases/tag/v1.7.12
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-12 19:31:12 +01:00
a5e5563f13
vendor: github.com/docker/docker-credential-helpers v0.8.1
...
full diff: https://github.com/docker/docker-credential-helpers/compare/v0.8.0...v0.8.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-10 22:35:03 +01:00
9db56ea2f6
vendor: golang.org/x/tools v0.16.0, golang.org/x/mod v0.14.0
...
removes dependency on golang.org/x/sys/execabs
full diff:
- https://github.com/golang/tools/compare/v0.10.0...v0.16.0
- https://github.com/golang/mod/compare/v0.11.0...v0.14.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 11:02:26 +01:00
efae960e5a
vendor: golang.org/x/net v0.19.0
...
drops various code to support go1.17 and older
full diff: https://golang.org/x/net/compare/v0.17.0...v0.19.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:55:39 +01:00
996cce9098
vendor: golang.org/x/sync v0.6.0
...
full diff: https://github.com/golang/sync/compare/v0.3.0...v0.6.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:52:47 +01:00
4b10e55256
vendor: github.com/google/go-cmp v0.6.0
...
- removes purego fallbacks
full diff: https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:25:45 +01:00
1ebc233b4b
vendor: github.com/creack/pty v1.1.21
...
full diff: https://github.com/creack/pty/compare/v1.18.0...v1.21.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:22:09 +01:00
b4fe77a124
vendor: github.com/docker/go-connections v0.5.0
...
no diff, as the tag is the same commit as we used already;
https://github.com/docker/go-connections/compare/fa09c952e3ea...v0.5.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-05 18:25:04 +01:00
b43ea528b8
vendor: github.com/docker/docker v25.0.0-rc.1
...
full diff: https://github.com/docker/docker/compare/v25.0.0-beta.3...v25.0.0-rc.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-05 13:23:48 +01:00
c1016c05cf
vendor: github.com/mitchellh/mapstructure v1.5.0
...
note that this repository will be sunset, and the "endorsed" fork will be
maintened by "go-viper"; see [mapstructure#349][1]
[1]: https://github.com/mitchellh/mapstructure/issues/349
full diff: https://github.com/mitchellh/mapstructure/compare/v1.3.2...v1.5.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-27 17:42:31 +01:00
eed2d9c765
Merge pull request #4742 from thaJeztah/bump_runewidth
...
vendor: github.com/mattn/go-runewidth v0.0.15
2023-12-27 17:05:40 +01:00
58524685da
vendor: github.com/mattn/go-runewidth v0.0.15
...
no code-changes, but project updated CI to test against current
Go versions;
https://github.com/mattn/go-runewidth/compare/v0.0.14...v0.0.15
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-27 10:40:19 +01:00
1e38fc3b9d
vendor: github.com/klauspost/compress v1.17.4
...
full diff: https://github.com/klauspost/compress/compare/v1.17.2...v1.17.4
v1.17.4:
- huff0: Speed up symbol counting
- huff0: Remove byteReader
- gzhttp: Allow overriding decompression on transport
- gzhttp: Clamp compression level
- gzip: Error out if reserved bits are set
v1.17.3:
- fse: Fix max header size
- zstd: Improve better/best compression
- gzhttp: Fix missing content type on Close
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-27 10:34:40 +01:00
0fa3a365f7
vendor: github.com/docker/docker v25.0.0-beta.3
...
no diff, just the tag (which is the same as the previous commit);
https://github.com/moby/moby/compare/7bc56c53657d...v25.0.0-beta.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-21 16:41:36 +01:00
336787c50a
vendor: github.com/docker/docker 7bc56c53657d (v25.0.0-dev)
...
full diff: 388216fc45...7bc56c5365
2023-12-20 22:51:51 +01:00
4d434dc691
vendor: github.com/docker/docker 388216fc45ab (v25.0.0-dev)
...
full diff: f3cc93630e...388216fc45
2023-12-19 20:11:21 +01:00
0de84f0190
vendor: golang.org/x/crypto v0.17.0
...
no changes in vendored files
full diff: https://github.com/golang/crypto/compare/v0.16.0...v0.17.0
from the security mailing:
> Hello gophers,
>
> Version v0.17.0 of golang.org/x/crypto fixes a protocol weakness in the
> golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise
> the integrity of the secure channel before it was established, allowing
> them to prevent transmission of a number of messages immediately after
> the secure channel was established without either side being aware.
>
> The impact of this attack is relatively limited, as it does not compromise
> confidentiality of the channel. Notably this attack would allow an attacker
> to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a
> handful of newer security features.
>
> This protocol weakness was also fixed in OpenSSH 9.6.
>
> Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk from Ruhr
> University Bochum for reporting this issue.
>
> This is CVE-2023-48795 and Go issue https://go.dev/issue/64784 .
>
> Cheers,
> Roland on behalf of the Go team
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-19 00:35:09 +01:00
3cf0bf84a5
vendor: golang.org/x/crypto v0.16.0
...
full diff: https://github.com/golang/crypto/compare/v0.14.0...v0.16.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:47:30 +01:00
36d4db27d5
vendor: golang.org/x/text v0.14.0
...
full diff: https://github.com/golang/text/compare/v0.13.0...v0.14.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:46:41 +01:00
3d70100d5d
vendor: golang.org/x/sys v0.15.0
...
full diff: https://github.com/golang/sys/compare/v0.13.0...v0.15.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:45:50 +01:00
f63065a58b
vendor: github.com/docker/docker f3cc93630ed8 (v25.0.0-dev)
...
full diff: https://github.com/docker/docker/compare/v25.0.0-beta.2...f3cc93630ed8138a6775cbf150c6bfb341cb337b
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-13 12:48:42 +01:00
fa1914426d
vendor: github.com/docker/docker v25.0.0-beta.2
...
No changes, as it's the same commit: https://github.com/docker/docker/compare/92884c25b394...v25.0.0-beta.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-13 12:48:42 +01:00
aec7ec7f61
vendor: github.com/docker/docker 92884c25b394 (v25.0.0-dev)
...
full diff: 4046ae5e2f...92884c25b3
2023-12-12 16:57:38 +01:00
0a3a16d2b4
vendor: github.com/containerd/containerd v1.7.11
...
full diff: https://github.com/containerd/containerd/compare/v1.7.8...v1.7.11
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:39:14 +01:00
54c103aff4
vendor: upgrade OpenTelemetry to v1.19.0 / v0.45.0
...
Upgrade to the latest OpenTelemetry libraries; this will unblock a lot of
downstream projects in the ecosystem to upgrade, as some of the parts here
were pre-1.0/unstable.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:39:08 +01:00
d49970590c
vendor: github.com/felixge/httpsnoop v1.0.4
...
full diff: https://github.com/felixge/httpsnoop/compare/v1.0.3...v1.0.4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:22:47 +01:00
0cf7bff0be
vendor: github.com/docker/docker 4046ae5e2fd4 (v25.0.0-dev)
...
full diff: 029519a149...4046ae5e2f
2023-12-06 02:06:38 +01:00
ecf9bd3870
Merge pull request #4686 from thaJeztah/update_engine2
...
vendor: github.com/docker/docker 029519a1498b (v25.0.0-dev)
2023-12-01 16:45:05 +01:00
5a04708880
vendor: github.com/docker/docker 029519a1498b (v25.0.0-dev)
...
full diff: cfdca8dc1d...029519a149
2023-12-01 16:32:47 +01:00
aa9fdb4dd0
vendor: github.com/gorilla/mux v1.8.1
...
full diff: https://github.com/gorilla/mux/compare/v1.8.0...v1.8.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-01 16:12:20 +01:00
539537ddf5
vendor: github.com/docker/docker cfdca8dc1d4c (v25.0.0-dev)
...
also added nolint:staticcheck to spec.Networks refs
full diff: https://github.com/docker/docker/compare/v25.0.0-beta.1...cfdca8dc1d4c84ee235f395a011ca62315c957a7
Co-authored-by: Albin Kerouanton <albinker@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-24 09:50:12 +01:00
1401f91085
Merge pull request #4666 from thaJeztah/bump_hcsshim
...
vendor: github.com/Microsoft/hcsshim v0.11.4
2023-11-21 11:20:16 +01:00
dad4a19624
vendor: github.com/docker/docker v25.0.0-beta.1
...
no changes in vendored files
full diff: https://github.com/docker/docker/compare/34e923e3e31b...v25.0.0-beta.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 22:53:51 +01:00
f4962c65bc
vendor: github.com/Microsoft/hcsshim v0.11.4
...
no changes in vendored files
full diff: https://github.com/microsoft/hcsshim/compare/v0.11.1...v0.11.4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-20 18:15:18 +01:00
685d1baa03
vendor: github.com/docker/docker 34e923e3e31b (v25.0-dev)
...
No code-changes in vendored files.
full diff: c14694a424...34e923e3e3
2023-11-13 14:42:08 +01:00
Sebastiaan van Stijn
Paweł Gronowski
Sebastiaan van Stijn
Albin Kerouanton