Commit Graph

211 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 17770189de
vendor: github.com/klauspost/compress v1.17.2
fixes data corruption with zstd output in "best"

- 1.17.2 diff: https://github.com/klauspost/compress/compare/v1.17.1...v1.17.2
- full diff: https://github.com/klauspost/compress/compare/v1.16.5...v1.17.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6372c6aae6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:17:39 +02:00
Sebastiaan van Stijn cde0441dc8
vendor: github.com/klauspost/compress v1.16.5
full diff: https://github.com/klauspost/compress/compare/v1.16.3...v1.16.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 497b13c661)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:17:35 +02:00
Sebastiaan van Stijn d43c48d5ab
vendor: golang.org/x/net v0.17.0
full diff: https://github.com/golang/net/compare/v0.10.0...v0.17.0

This fixes the same CVE as go1.21.3 and go1.20.10;

- net/http: rapid stream resets can cause excessive work

  A malicious HTTP/2 client which rapidly creates requests and
  immediately resets them can cause excessive server resource consumption.
  While the total number of requests is bounded to the
  http2.Server.MaxConcurrentStreams setting, resetting an in-progress
  request allows the attacker to create a new request while the existing
  one is still executing.

  HTTP/2 servers now bound the number of simultaneously executing
  handler goroutines to the stream concurrency limit. New requests
  arriving when at the limit (which can only happen after the client
  has reset an existing, in-flight request) will be queued until a
  handler exits. If the request queue grows too large, the server
  will terminate the connection.

  This issue is also fixed in golang.org/x/net/http2 v0.17.0,
  for users manually configuring HTTP/2.

  The default stream concurrency limit is 250 streams (requests)
  per HTTP/2 connection. This value may be adjusted using the
  golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
  setting and the ConfigureServer function.

  This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
  This is also tracked by CVE-2023-44487.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a27466fb6f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:35:49 +02:00
Sebastiaan van Stijn 1919679638
vendor: golang.org/x/crypto v0.14.0
full diff: https://github.com/golang/crypto/compare/v0.9.0...v0.14.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 612a171557)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:34:31 +02:00
Sebastiaan van Stijn 6c5bc490d4
vendor: golang.org/x/term v0.13.0
- term: consistently return zeroes on GetSize error

full diff: https://github.com/golang/term/compare/v0.8.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 392db31e2a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:33:19 +02:00
Sebastiaan van Stijn 66558a4e64
vendor: golang.org/x/text v0.13.0
full diff: https://github.com/golang/text/compare/v0.9.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ac307788a6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:32:30 +02:00
Sebastiaan van Stijn 0d554b549b
vendor: golang.org/x/sys v0.13.0
full diff: https://github.com/golang/sys/compare/v0.10.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 48655f794c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:31:38 +02:00
Sebastiaan van Stijn 8c4dc6c603
vendor: golang.org/x/crypto v0.9.0
full diff: https://github.com/golang/crypto/compare/v0.3.0...v0.9.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c9d56b8504)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:29:57 +02:00
Sebastiaan van Stijn aef1157742
vendor: golang.org/x/sys v0.10.0
full diff: https://github.com/golang/sys/compare/v0.8.0...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ffea6940e7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:27:19 +02:00
Sebastiaan van Stijn 54894f0224
vendor: golang.org/x/sync v0.3.0
full diff: https://github.com/golang/sync/compare/v0.1.0...v0.3.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1554b49329)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:27:00 +02:00
Sebastiaan van Stijn bf632329d2
vendor: github.com/moby/patternmatcher v0.6.0
- integrate frontend/dockerfile/dockerignore from buildkit

full diff: https://github.com/moby/patternmatcher/compare/v0.5.0...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 55ff9e6093)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 13:22:00 +02:00
Sebastiaan van Stijn 1481c8ce9a
vendor: gotest.tools/v3 v3.5.0
- go.mod: update dependencies and go version by
- Use Go1.20
- Fix couple of typos
- Added `WithStdout` and `WithStderr` helpers
- Moved `cmdOperators` handling from `RunCmd` to `StartCmd`
- Deprecate `assert.ErrorType`
- Remove outdated Dockerfile
- add godoc links

full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.4.0...v3.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0b535c791a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-29 21:34:33 +02:00
Sebastiaan van Stijn e97c765575
vendor: github.com/docker/docker v24.0.5
no changes in vendored files

full diff: https://github.com/docker/docker/compare/d4a26c153000...v24.0.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-25 08:55:10 +02:00
Sebastiaan van Stijn 05bf7fbcc8
vendor: github.com/docker/docker v24.0.5-0.20230718221249-d4a26c153000
full diff: 8443a06149...d4a26c1530

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-19 00:17:46 +02:00
Sebastiaan van Stijn 8b5023dd2e
vendor: github.com/docker/docker v24.0.5-0.20230717072055-8443a06149b5
tip of the v24.0 branch

full diff: 36e9e796c6...8443a06149

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-17 09:30:01 +02:00
Sebastiaan van Stijn 7d06f6b2f7
vendor: github.com/docker/docker v24.0.5-0.20230714235725-36e9e796c6fc
full diff: https://github.com/docker/docker/compare/v24.0.4...36e9e796c6fc84202c32a852f6cdcd6ed175f96b

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-15 02:23:53 +02:00
Sebastiaan van Stijn b407429628
vendor: github.com/docker/docker v24.0.4
full diff: https://github.com/docker/docker/compare/v24.0.2...v24.0.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-10 09:48:09 +02:00
Sebastiaan van Stijn 79c42c0b97
vendor: golang.org/x/net v0.10.0
full diff: https://github.com/golang/net/compare/v0.8.0...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 18:07:19 +02:00
Sebastiaan van Stijn a96d0a526c
vendor: golang.org/x/text v0.9.0
no changes in vendored files

full diff: https://github.com/golang/text/compare/v0.8.0...v0.9.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 18:06:32 +02:00
Sebastiaan van Stijn 5c5c50d717
vendor: golang.org/x/term v0.8.0
no changes in vendored files

full diff: https://github.com/golang/term/compare/v0.6.0...v0.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 18:05:12 +02:00
Sebastiaan van Stijn 4bf11b7562
vendor: golang.org/x/sys v0.8.0
full diff: https://github.com/golang/sys/compare/v0.6.0...v0.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 18:03:50 +02:00
Sebastiaan van Stijn 224c7dbec4
vendor: github.com/sirupsen/logrus v1.9.3
full diff: https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 18:00:12 +02:00
Sebastiaan van Stijn e25d5c64c5
vendor: github.com/opencontainers/image-spec v1.1.0-rc3
full diff: https://github.com/opencontainers/image-spec/compare/3a7f492d3f1b...v1.1.0-rc3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 17:58:46 +02:00
Sebastiaan van Stijn 419e94df4a
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230531205928-01bb7a41396b
no changes in vendored files

full diff: 75e92ce14f...01bb7a4139

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-07 17:56:34 +02:00
Sebastiaan van Stijn 32f66cbe51
vendor: github.com/docker/docker v24.0.2
no changes in vendored files

full diff: https://github.com/docker/docker/compare/v24.0.1...v24.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-31 22:48:27 +02:00
Sebastiaan van Stijn dc4707edb0
[24.0] vendor: github.com/docker/docker v24.0.1
no changes in vendored files

full diff: https://github.com/docker/docker/compare/v24.0.0-rc.3...v24.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-25 22:11:54 +02:00
Sebastiaan van Stijn fb6ae356c7
vendor: github.com/docker/docker v24.0.0-rc.3
no changes in vendored files

full diff: https://github.com/docker/docker/compare/v24.0.0-rc.2...v24.0.0-rc.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-12 00:03:10 +02:00
Sebastiaan van Stijn de93c9b260
vendor: github.com/docker/distribution v2.8.2
CI

- Dockerfile: fix filenames of artifacts

Bugfixes

-  Fix panic in inmemory driver
-  Add code to handle pagination of parts. Fixes max layer size of 10GB bug
-  Parse http forbidden as denied
-  Revert "registry/client: set Accept: identity header when getting layers

Runtime

- Update to go1.19.9
- Dockerfile: update xx to v1.2.1 ([#3907](https://github.com/distribution/distribution/pull/3907))

Security

- Fix [CVE-2022-28391](https://www.cve.org/CVERecord?id=CVE-2022-28391) by bumping alpine from 3.14 to 3.16
- Fix [CVE-2023-2253](https://www.cve.org/CVERecord?id=CVE-2023-2253) runaway allocation on /v2/_catalog [`521ea3d9`](521ea3d973)

full diff: https://github.com/docker/distribution/compare/v2.8.1...v2.8.2-beta.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 353e0a942d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-11 19:16:03 +02:00
Sebastiaan van Stijn 58f37f630c
vendor: github.com/docker/docker v24.0.0-rc.2
no diff, because it's the same as the previous commit, but now tagged;

8d9a40a820...v24.0.0-rc.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1d8e2b6525)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 13:55:17 +02:00
Sebastiaan van Stijn 4f97f55999
vendor: github.com/docker/docker v24.0.0-rc.1.0.20230505222407-8d9a40a82034
This will be v24.0.0-rc.2

full diff: https://github.com/docker/docker/compare/v24.0.0-rc.1...8d9a40a820349860405e142249c55215aa4da8e3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 00:34:34 +02:00
Sebastiaan van Stijn 0428418d6b
vendor: github.com/containerd/containerd v1.6.21
no changes in vendored files

full diff: https://github.com/containerd/containerd/compare/v1.6.20...v1.6.21

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 00:30:50 +02:00
Sebastiaan van Stijn 05bf6fff2e
vendor: github.com/opencontainers/runc v1.1.7
full diff: https://github.com/opencontainers/runc/compare/v1.1.6...v1.1.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-06 00:27:51 +02:00
Sebastiaan van Stijn 44fce07069
vendor: github.com/mattn/go-runewidth v0.0.14
Contains various performance optimisations.

full diff: https://github.com/mattn/go-runewidth/compare/v0.0.13...v0.0.14

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-05 02:37:12 +02:00
Sebastiaan van Stijn f233becf91
vendor: github.com/moby/term v0.5.0
- split exported functions from implementation
- windows: IsConsole(): fix deprecation comment
- deprecate Termios in favor of unix.Termios
- windows: keyToString(): fix string conversion
- gha: update actions, add macOS, and add Go1.20
- gha: add windows

full diff: https://github.com/moby/term/compare/c43b287e0e0f...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-05-02 14:22:36 +02:00
Sebastiaan van Stijn bd2c26328f
vendor: github.com/docker/docker v24.0.0-rc.1
full diff: https://github.com/docker/docker/compare/v24.0.0-beta.2...v24.0.0-rc.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-28 17:56:17 +02:00
Sebastiaan van Stijn 962e22c311
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230406225228-75e92ce14ff7
full diff: e28e8ba9bc...75e92ce14f

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-27 02:22:45 +02:00
Sebastiaan van Stijn 72192c75c2
vendor: github.com/moby/buildkit v0.11.6
no changes in vendored files

full diff: https://github.com/moby/buildkit/compare/v0.11.5...v0.11.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-27 02:21:59 +02:00
Sebastiaan van Stijn c177e2060d
vendor: github.com/creack/pty v1.1.18
full diff: https://github.com/creack/pty/compare/v1.1.11...v1.1.18

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-27 02:20:43 +02:00
Sebastiaan van Stijn a4bcabc7d2
vendor: github.com/docker/docker v24.0.0-beta.2
full diff: https://github.com/docker/docker/compare/v24.0.0-beta.1...v24.0.0-beta.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-17 23:14:51 +02:00
Sebastiaan van Stijn 0286e36bbe
vendor: github.com/opencontainers/runc v1.1.6
full diff: https://github.com/opencontainers/runc/compare/v1.1.5...v1.1.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-17 23:13:21 +02:00
Sebastiaan van Stijn 1f1a6c5a82
vendor: golang.org/x/net v0.8.0
full diff: https://github.com/golang/net/compare/v0.7.0...v0.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-17 23:12:23 +02:00
Sebastiaan van Stijn 6e2163a712
vendor: golang.org/x/text v0.8.0
full diff: https://github.com/golang/text/compare/v0.7.0...v0.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-17 23:11:05 +02:00
Sebastiaan van Stijn 551d519b57
vendor: golang.org/x/term v0.6.0
full diff: https://github.com/golang/term/compare/v0.5.0...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-17 23:10:07 +02:00
Sebastiaan van Stijn c25b8f803e
vendor: github.com/spf13/cobra v1.7.0
release notes: https://github.com/spf13/cobra/releases/tag/v1.7.0

Features

- Allow to preserve ordering of completions in bash, zsh, pwsh, & fish
- Add support for PowerShell 7.2+ in completions
- Allow sourcing zsh completion script

Bug fixes

- Don't remove flag values that match sub-command name
- Fix powershell completions not returning single word
- Remove masked template import variable name
- Correctly detect completions with dash in argument

Testing & CI/CD

- Deprecate Go 1.15 in CI
- Deprecate Go 1.16 in CI
- Add testing for Go 1.20 in CI
- Add tests to illustrate unknown flag bug

Maintenance

- Update main image to better handle dark backgrounds
- Fix stale.yaml mispellings
- Remove stale bot from GitHub actions
- Add makefile target for installing dependencies
- Add Sia to projects using Cobra
- Add Vitess and Arewefastyet to projects using cobra
- Fixup for Kubescape github org
- Fix route for GitHub workflows badge
- Fixup for GoDoc style documentation
- Various bash scripting improvements for completion
- Add Constellation to projects using Cobra

Documentation

- Add documentation about disabling completion descriptions
- Improve MarkFlagsMutuallyExclusive example in user guide
- Update shell_completions.md
- Update copywrite year
- Document suggested layout of subcommands
- Replace deprecated ExactValidArgs with MatchAll in doc

full diff: https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-09 23:10:56 +02:00
Sebastiaan van Stijn 966e191d30
Merge pull request #4151 from crazy-max/improve-plugins-list
improve plugins listing performance
2023-04-03 14:35:15 +02:00
Kevin Alvarez 89583b92b7
improve plugins listing performance
We can slightly improve plugins listing by spawning a
goroutine for each iteration.

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-04-01 16:02:34 +02:00
Sebastiaan van Stijn fc560038ea
vendor: github.com/docker/docker v24.0.0-beta.1
full diff: https://github.com/docker/docker/compare/7c93e4a09be1...v24.0.0-beta.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-01 01:44:04 +02:00
Sebastiaan van Stijn 33961a79f1
Merge pull request #4142 from thaJeztah/update_engine2
vendor: docker/docker master (v24.0.0-dev), containerd v1.6.20
2023-03-31 22:49:28 +02:00
CrazyMax e14f5fc1a7
revert "improve plugins discovery performance"
This reverts commit 62f2358b99.

Spawning a goroutine for each iteration in the loop when listing
plugins is racy unfortunately. `plugins` slice is protected with
a mutex so not sure why it fails.

I tried using a channel to collect the plugins instead of a slice
to guarantee that they will be appended to the list in the order
they are processed but no dice.

I also tried without errgroup package and simply use sync.WaitGroup
but same. I have also created an extra channel to receive errors
from the goroutines but racy too.

I think the change in this function is not related to the race
condition but newPlugin is. So revert in the meantime :(

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-03-31 16:20:42 +02:00
Sebastiaan van Stijn 05cffcbedf
vendor: github.com/docker/docker 7c93e4a09be1 (v24.0.0-dev)
full diff: 54130b542d...7c93e4a09b

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-31 01:00:05 +02:00