Commit Graph

36 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 200225f530
vendor: google.golang.org/protobuf v1.34.1
full diff: https://github.com/protocolbuffers/protobuf-go/compare/v1.33.0...v1.34.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-10-12 21:49:59 +02:00
Sebastiaan van Stijn dccb8bfa5d
vendor: google.golang.org/grpc v1.62.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-09-12 18:38:40 +02:00
Jonathan A. Sternberg 89db01ef97
cli: add otel sdk tracing and metric providers to the core cli
This adds the code used by buildx and compose into the default CLI
program to help normalize the usage of these APIs and allow code reuse
between projects. It also allows these projects to benefit from
improvements or changes that may be made by another team.

At the moment, these APIs are a pretty thin layer on the OTEL SDK. It
configures an additional exporter to a docker endpoint that's used for
usage collection and is only active if the option is configured in
docker desktop.

This also upgrades the OTEL version to v1.19 which is the one being used
by buildkit, buildx, compose, etc.

Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-03-25 11:11:34 -05:00
Sebastiaan van Stijn a4a79d75c0
vendor: google.golang.org/protobuf v1.33.0, github.com/golang/protobuf v1.5.4
full diffs:

- https://github.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.33.0
- https://github.com/golang/protobuf/compare/v1.5.3...v1.5.4

From the Go security announcement list;

> Version v1.33.0 of the google.golang.org/protobuf module fixes a bug in
> the google.golang.org/protobuf/encoding/protojson package which could cause
> the Unmarshal function to enter an infinite loop when handling some invalid
> inputs.
>
> This condition could only occur when unmarshaling into a message which contains
> a google.protobuf.Any value, or when the UnmarshalOptions.UnmarshalUnknown
> option is set. Unmarshal now correctly returns an error when handling these
> inputs.
>
> This is CVE-2024-24786.

In a follow-up post;

> A small correction: This vulnerability applies when the UnmarshalOptions.DiscardUnknown
> option is set (as well as when unmarshaling into any message which contains a
> google.protobuf.Any). There is no UnmarshalUnknown option.
>
> In addition, version 1.33.0 of google.golang.org/protobuf inadvertently
> introduced an incompatibility with the older github.com/golang/protobuf
> module. (https://github.com/golang/protobuf/issues/1596) Users of the older
> module should update to github.com/golang/protobuf@v1.5.4.

govulncheck results in our code shows that this does not affect the CLI:

    govulncheck ./...
    Scanning your code and 448 packages across 72 dependent modules for known vulnerabilities...

    === Symbol Results ===

    No vulnerabilities found.

    Your code is affected by 0 vulnerabilities.
    This scan also found 1 vulnerability in packages you import and 0
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 16:41:42 +01:00
Sebastiaan van Stijn 79541b7e21
vendor: google.golang.org/grpc v1.59.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-26 17:53:12 +01:00
Sebastiaan van Stijn aa24d611bd
vendor: google.golang.org/grpc v1.58.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:07:00 +01:00
Sebastiaan van Stijn 8073525c00
vendor: google.golang.org/grpc v1.56.3
server: prohibit more than MaxConcurrentStreams handlers from running at once
(CVE-2023-44487).

In addition to this change, applications should ensure they do not leave running
tasks behind related to the RPC before returning from method handlers, or should
enforce appropriate limits on any such work.

- https://github.com/grpc/grpc-go/compare/v1.56.2...v1.56.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:11:12 +02:00
Sebastiaan van Stijn e0ad0127b1
vendor: google.golang.org/grpc v1.56.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:37:37 +02:00
Sebastiaan van Stijn c2308ad6fb
vendor: google.golang.org/protobuf v1.31.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:36:23 +02:00
Sebastiaan van Stijn aacdca0fe6
vendor: google.golang.org/protobuf v1.30.0
full diff: https://github.com/protocolbuffers/protobuf-go/compare/v1.28.1...v1.30.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-20 00:30:58 +02:00
Sebastiaan van Stijn 3cf34c6d9d
vendor: google.golang.org/grpc v1.53.0
Also updating google.golang.org/genproto:
full diff: 10f96fb3db...7f2fa6fef1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-20 00:26:26 +02:00
Sebastiaan van Stijn 6c8cc226f0
vendor: google.golang.org/grpc v1.50.1
full diff: https://github.com/grpc/grpc-go/compare/v1.48.0...v1.50.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-15 01:42:09 +01:00
Sebastiaan van Stijn a51ce7ca9a
go.mod: github.com/google/certificate-transparency-go v1.1.4
Manually updating the indirect dependency to force go.etcd.io/etcd/server/v3
to v3.5.5 or up, which is now compatible with go.opentelemetry.io/otel v1.0.0.

With this, we can remove the replace rule for this module.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-21 21:13:58 +01:00
Sebastiaan van Stijn 86038fdb68
vendor: github.com/containerd/containerd v1.6.10
full diff: https://github.com/containerd/containerd/compare/v1.6.8...v1.6.10

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 16:32:17 +01:00
Sebastiaan van Stijn 863780d0d7
vendor: github.com/moby/buildkit v0.10.2
full diff: https://github.com/moby/buildkit/compare/v0.10.0...v0.10.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-30 12:01:46 +02:00
Sebastiaan van Stijn f3a05eb800
vendor dependencies with go1.17
Some warnings about go1.16 compatibility, so including them here:

     + go mod tidy -modfile=vendor.mod
     github.com/docker/cli/cli/registry/client imports
           github.com/docker/distribution/registry/api/v2 imports
           github.com/gorilla/mux loaded from github.com/gorilla/mux@v1.7.0,
        but go 1.16 would select v1.8.0
     github.com/docker/cli/cli/compose/loader imports
        gopkg.in/yaml.v2 tested by
        gopkg.in/yaml.v2.test imports
        gopkg.in/check.v1 loaded from gopkg.in/check.v1@v1.0.0-20200227125254-8fa46927fb4f,
        but go 1.16 would select v1.0.0-20201130134442-10cb98267c6c
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/Shopify/logrus-bugsnag loaded from github.com/Shopify/logrus-bugsnag@v0.0.0-20170309145241-6dbc35f2c30d,
        but go 1.16 would select v0.0.0-20171204204709-577dee27f20d
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server/storage imports
        gopkg.in/rethinkdb/rethinkdb-go.v6 imports
        github.com/opentracing/opentracing-go loaded from github.com/opentracing/opentracing-go@v1.1.0,
        but go 1.16 would select v1.2.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server/storage imports
        gopkg.in/rethinkdb/rethinkdb-go.v6 imports
        github.com/opentracing/opentracing-go/ext loaded from github.com/opentracing/opentracing-go@v1.1.0,
        but go 1.16 would select v1.2.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server/storage imports
        gopkg.in/rethinkdb/rethinkdb-go.v6 imports
        github.com/opentracing/opentracing-go/log loaded from github.com/opentracing/opentracing-go@v1.1.0,
        but go 1.16 would select v1.2.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        github.com/spf13/afero loaded from github.com/spf13/afero@v1.1.2,
        but go 1.16 would select v1.2.2
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        github.com/spf13/cast loaded from github.com/spf13/cast@v1.3.0,
        but go 1.16 would select v1.3.1
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        github.com/spf13/jwalterweatherman loaded from github.com/spf13/jwalterweatherman@v1.0.0,
        but go 1.16 would select v1.1.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        gopkg.in/ini.v1 loaded from gopkg.in/ini.v1@v1.51.0,
        but go 1.16 would select v1.56.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        github.com/spf13/afero imports
        github.com/spf13/afero/mem loaded from github.com/spf13/afero@v1.1.2,
        but go 1.16 would select v1.2.2

     To upgrade to the versions selected by go 1.16:
        go mod tidy -go=1.16 && go mod tidy -go=1.17
     If reproducibility with go 1.16 is not needed:
        go mod tidy -compat=1.17
     For other options, see:
        https://golang.org/doc/modules/pruning

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 19:48:14 +01:00
Sebastiaan van Stijn 29f799aae7
vendor: github.com/containerd/containerd v1.6.2
full diff: https://github.com/containerd/containerd/compare/v1.5.10...v1.6.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 13:37:29 +01:00
Sebastiaan van Stijn b2cef834fb
vendor: google.golang.org/grpc v1.44.0
full diff: https://github.com/grpc/grpc-go/compare/v1.38.0...v1.44.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 13:31:10 +01:00
Sebastiaan van Stijn 16554e999a
vendor: github.com/containerd/containerd v1.5.10
full diff: https://github.com/containerd/containerd/compare/v1.5.5...v1.5.10

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:15:40 +01:00
Nicolas De Loof 7b9580df51 Drop support for (archived) Compose-on-Kubernetes
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-02-22 13:47:34 +01:00
CrazyMax 6fef143dbc
Set buildx as default builder
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-02-03 10:38:05 +01:00
CrazyMax 7e560ae76f
vendor with go mod
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2021-12-16 21:16:01 +01:00
Sebastiaan van Stijn 509cc32182
vendor: google.golang.org/grpc v1.5.2
full diff: https://github.com/grpc/grpc-go/compare/v1.27.1...v1.38.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-12 17:11:44 +02:00
Sebastiaan van Stijn 2ef71e502c
vendor: genproto 8816d57aaa9a, google.golang.org/protobuf v1.26.0, github.com/golang/protobuf v1.5.2
- full diff: 3f1135a288...8816d57aaa
- google.golang.org/protobuf is the new name for this package, and to use both,
  we also need the old github.com/golang/protobuf updated to v1.4.0 or above.
- github.com/golang/protobuf v1.5.2: full diff: https://github.com/golang/protobuf/compare/v1.3.5...v1.5.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-12 17:02:16 +02:00
Sebastiaan van Stijn cdde30e030
vendor: google.golang.org/genproto 3f1135a288c9a07e340ae8ba4cc6c7065a3160e8
full diff: 02b4e95473...3f1135a288

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:18:45 +02:00
Sebastiaan van Stijn a38db191b8
vendor: update google.golang.org/grpc v1.27.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:18:44 +02:00
Sebastiaan van Stijn 013151ff78
vendor: bump google.golang.org/grpc v1.23.1
full diff: https://github.com/grpc/grpc-go/compare/v1.23.0...v1.23.1

- grpc/grpc-go#3018 server: set and advertise max frame size of 16KB
- grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache
    - Before the fix, if the timer to remove a SubConn fires at the
      same time NewSubConn cancels the timer, it caused a mutex leak
      and deadlock.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-07 10:26:47 +01:00
Tibor Vass 70a4eb2a49 vendor: update grpc to v1.23.0
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-10-02 17:48:26 +00:00
Sebastiaan van Stijn 909b85460c
bump LK4D4/vndr v0.0.3 and revendor
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-14 16:13:27 -07:00
Sebastiaan van Stijn 93d76c5c90
bump google.golang.org/grpc v1.20.1
full diff: https://github.com/grpc/grpc-go/compare/v1.12.2...v1.20.1

includes  grpc/grpc-go#2695 transport: do not close channel that can lead to panic
addresses moby/moby#39053

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-13 14:40:29 -07:00
Sebastiaan van Stijn 25e6a64e2a
bump google.golang.org/grpc v1.12.2
full diff: https://github.com/grpc/grpc-go/compare/v1.12.0...v1.12.2

- grpc/grpc-go#2074 transport/server: fix race between writing status and header
  - fix grpc/grpc-go#1972 Possible race sending headers from server while receiving message over size limit
- grpc/grpc-go#2074 transport: account for user configured small io write buffer
  - fix grpc/grpc-go#2089 Server abruptly terminates connections if write buffer is small enough

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-12 20:46:34 +02:00
Vincent Demeester 8788a4804f
Bump some dependencies to more recent versions (and tagged if available)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-07-25 14:16:41 +02:00
Vincent Demeester b1065767cd
Bump moby version (and its dependencies)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-06-08 11:26:10 +02:00
Sebastiaan van Stijn 74ec7a5b2c
bump gRPC to v1.3.0, add genproto, update protobuf
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-07-03 17:40:36 -07:00
Tonis Tiigi 4adf701567 vendor: update moby
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2017-06-23 11:34:22 -07:00
Daniel Nephin 6686ada6a4 Add vendor
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-04-17 18:12:58 -04:00