Commit Graph

91 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 633ef7a093
vendor: golang.org/x/crypto v0.1.0 (fix OpenSSL > 9.3 compatibility)
- fixes compatibility with OpenSSH >= 8.9 (https://github.com/moby/buildkit/issues/3273)
- relates to https://github.com/golang/go/issues/51689#issuecomment-1197085791

full diff: https://github.com/golang/crypto/compare/3147a52a75dd...v0.1.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 16:05:32 +01:00
Sebastiaan van Stijn 880b7fc671
vendor: golang.org/x/net v0.1.0
The golang.org/x/ projects are now doing tagged releases.

full diff: https://github.com/golang/net/compare/f3363e06e74c...v0.1.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 16:02:41 +01:00
Sebastiaan van Stijn 0f568cfa97
vendor: golang.org/x/text v0.4.0
full diff: https://github.com/golang/text/compare/v0.3.7...v0.4.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 16:00:18 +01:00
Sebastiaan van Stijn 63ea1e4242
vendor: golang.org/x/term v0.1.0
full diff: https://github.com/golang/term/compare/03fcf44c2211...v0.1.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 15:58:54 +01:00
Sebastiaan van Stijn 57b6ed34cc
vendor: golang.org/x/time v0.1.0
The golang.org/x/ projects are now doing tagged releases.

full diff: https://github.com/golang/time/compare/1f47c861a9ac...v0.1.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 15:53:35 +01:00
Sebastiaan van Stijn 7b3900145e
vendor: golang.org/x/sys v0.1.0
The golang.org/x/ projects are now doing tagged releases.

full diff: c680a09ffe...v0.1.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 15:48:59 +01:00
Sebastiaan van Stijn 46ba87dcf1
vendor: github.com/google/go-cmp v0.5.9 to remove golang.org/x/xerrors
full diff: https://github.com/google/go-cmp/compare/v0.5.7...v0.5.9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-05 23:24:04 +01:00
Sebastiaan van Stijn fc7e831a6a
vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c
Update to the latest version that contains a fix for CVE-2022-27664;
f3363e06e7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 23:14:47 +02:00
Sebastiaan van Stijn eaf6461ee6
vendor: golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64
full diff: 3c1f35247d...c680a09ffe

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 15:58:05 +02:00
Sebastiaan van Stijn 649aa6175b
vendor: golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10
full diff: bc2c85ada1...3c1f35247d

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-20 17:04:20 +02:00
Sebastiaan van Stijn 65d45664b1
vendor: golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
full diff: 33da011f77...bc2c85ada1

notable changes;

- unix: use ByteSliceFromString in (*Ifreq).Name
- unix: update openbsd Statfs_t fields

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-21 17:32:13 +02:00
Sebastiaan van Stijn 05279c7c6a
vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
Includes fixes for:

- CVE-2022-29526 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526);
  (description at https://go.dev/issue/52313).

full diff: 1e041c57c4...33da011f77

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-11 14:33:05 +02:00
Sebastiaan van Stijn acf6aee911
vendor: golang.org/x/sys v0.0.0-20220405210540-1e041c57c461
full diff: da31bd327a...1e041c57c4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-30 12:01:42 +02:00
Sebastiaan van Stijn f3a05eb800
vendor dependencies with go1.17
Some warnings about go1.16 compatibility, so including them here:

     + go mod tidy -modfile=vendor.mod
     github.com/docker/cli/cli/registry/client imports
           github.com/docker/distribution/registry/api/v2 imports
           github.com/gorilla/mux loaded from github.com/gorilla/mux@v1.7.0,
        but go 1.16 would select v1.8.0
     github.com/docker/cli/cli/compose/loader imports
        gopkg.in/yaml.v2 tested by
        gopkg.in/yaml.v2.test imports
        gopkg.in/check.v1 loaded from gopkg.in/check.v1@v1.0.0-20200227125254-8fa46927fb4f,
        but go 1.16 would select v1.0.0-20201130134442-10cb98267c6c
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/Shopify/logrus-bugsnag loaded from github.com/Shopify/logrus-bugsnag@v0.0.0-20170309145241-6dbc35f2c30d,
        but go 1.16 would select v0.0.0-20171204204709-577dee27f20d
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server/storage imports
        gopkg.in/rethinkdb/rethinkdb-go.v6 imports
        github.com/opentracing/opentracing-go loaded from github.com/opentracing/opentracing-go@v1.1.0,
        but go 1.16 would select v1.2.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server/storage imports
        gopkg.in/rethinkdb/rethinkdb-go.v6 imports
        github.com/opentracing/opentracing-go/ext loaded from github.com/opentracing/opentracing-go@v1.1.0,
        but go 1.16 would select v1.2.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server/storage imports
        gopkg.in/rethinkdb/rethinkdb-go.v6 imports
        github.com/opentracing/opentracing-go/log loaded from github.com/opentracing/opentracing-go@v1.1.0,
        but go 1.16 would select v1.2.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        github.com/spf13/afero loaded from github.com/spf13/afero@v1.1.2,
        but go 1.16 would select v1.2.2
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        github.com/spf13/cast loaded from github.com/spf13/cast@v1.3.0,
        but go 1.16 would select v1.3.1
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        github.com/spf13/jwalterweatherman loaded from github.com/spf13/jwalterweatherman@v1.0.0,
        but go 1.16 would select v1.1.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        gopkg.in/ini.v1 loaded from gopkg.in/ini.v1@v1.51.0,
        but go 1.16 would select v1.56.0
     github.com/docker/cli/cli/command imports
        github.com/theupdateframework/notary/client tested by
        github.com/theupdateframework/notary/client.test imports
        github.com/theupdateframework/notary/server imports
        github.com/theupdateframework/notary/utils imports
        github.com/spf13/viper imports
        github.com/spf13/afero imports
        github.com/spf13/afero/mem loaded from github.com/spf13/afero@v1.1.2,
        but go 1.16 would select v1.2.2

     To upgrade to the versions selected by go 1.16:
        go mod tidy -go=1.16 && go mod tidy -go=1.17
     If reproducibility with go 1.16 is not needed:
        go mod tidy -compat=1.17
     For other options, see:
        https://golang.org/doc/modules/pruning

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-26 19:48:14 +01:00
Sebastiaan van Stijn bc2c8d7599
vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
full diff: 5770296d90...3147a52a75

This version contains a fix for CVE-2022-27191 (not sure if it affects us).

From the golang mailing list:

    Hello gophers,

    Version v0.0.0-20220315160706-3147a52a75dd of golang.org/x/crypto/ssh implements
    client authentication support for signature algorithms based on SHA-2 for use with
    existing RSA keys.

    Previously, a client would fail to authenticate with RSA keys to servers that
    reject signature algorithms based on SHA-1. This includes OpenSSH 8.8 by default
    and—starting today March 15, 2022 for recently uploaded keys.

    We are providing this announcement as the error (“ssh: unable to authenticate”)
    might otherwise be difficult to troubleshoot.

    Version v0.0.0-20220314234659-1baeb1ce4c0b (included in the version above) also
    fixes a potential security issue where an attacker could cause a crash in a
    golang.org/x/crypto/ssh server under these conditions:

    - The server has been configured by passing a Signer to ServerConfig.AddHostKey.
    - The Signer passed to AddHostKey does not also implement AlgorithmSigner.
    - The Signer passed to AddHostKey does return a key of type “ssh-rsa” from its PublicKey method.

    Servers that only use Signer implementations provided by the ssh package are
    unaffected. This is CVE-2022-27191.

    Alla prossima,

    Filippo for the Go Security team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 14:03:33 +01:00
Sebastiaan van Stijn 02a06cf9aa
vendor: golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
intermediate bump for easier review

full diff: 3af7569d3a...1f47c861a9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:25:40 +01:00
Sebastiaan van Stijn bc54802f5e
vendor: golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b
full diff: 7de9c90e9d...6886f2dfbf

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:24:03 +01:00
Sebastiaan van Stijn 1bb2591444
vendor: golang.org/x/net v0.0.0-20211216030914-fe4d6282115f
intermediate bump for easier review

full diff: e18ecbb051...fe4d628211

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:21:39 +01:00
Sebastiaan van Stijn 576e4dce44
vendor: golang.org/x/text v0.3.7
full diff: https://github.com/golang/text/compare/v0.3.4...v0.3.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:17:13 +01:00
Sebastiaan van Stijn 7880acb052
vendor: golang.org/x/sys v0.0.0-20220114195835-da31bd327af9
full diff: 69cdffdb93...da31bd327a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:17:12 +01:00
Sebastiaan van Stijn 58747a6316
vendor: github.com/google/go-cmp v0.5.5
it was downgraded to v0.2.0, but should be safe to upgrade

full diff: https://github.com/google/go-cmp/compare/v0.2.0...v0.5.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 16:34:33 +01:00
Sebastiaan van Stijn a26de1de0f
vendor: golang.org/x/text v0.3.4
remove the replace rule to update it to the actual version specified:

full diff: https://github.com/golang/text/compare/v0.3.3...v0.3.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 15:40:16 +01:00
Sebastiaan van Stijn 7917946a5c
vendor: golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
remove the replace rule to use the actual version (no changes in vendored code)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 15:37:48 +01:00
Sebastiaan van Stijn 109cc4ea4f
vendor: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
remove the replace rule to update it to the actual version specified:

full diff: 63515b42dc...69cdffdb93

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 15:35:55 +01:00
Nicolas De Loof 7b9580df51 Drop support for (archived) Compose-on-Kubernetes
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-02-22 13:47:34 +01:00
CrazyMax 6fef143dbc
Set buildx as default builder
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-02-03 10:38:05 +01:00
CrazyMax 7e560ae76f
vendor with go mod
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2021-12-16 21:16:01 +01:00
Sebastiaan van Stijn 61a1775adb
vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
Go 1.17 requires golang.org/x/sys a76c4d0a0096537dc565908b53073460d96c8539 (May 8,
2021) or later, see https://github.com/golang/go/issues/45702. While this seems
to affect macOS only, let's update to the latest version.

full diff: d19ff857e8...63515b42dc

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-23 18:10:31 +02:00
Sebastiaan van Stijn 6d25af0cd7
vendor: golang.org/x/time 3af7569d3a1e776fc2a3c1cec133b43105ea9c2e
full diff: 555d28b269...3af7569d3a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-21 14:29:38 +02:00
Sebastiaan van Stijn 8ebe404dfc
vendor: golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
full diff: 134d130e1a...d19ff857e8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-21 14:29:34 +02:00
Sebastiaan van Stijn af1687406b
vendor: golang.org/x/sync 036812b2e83c0ddf193dd5a34e034151da389d09
full diff: cd5d95a43a...036812b2e8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-21 14:29:32 +02:00
Sebastiaan van Stijn dea9976143
vendor: golang.org/x/net e18ecbb051101a46fc263334b127c89bc7bff7ea
full diff: ab34263943...e18ecbb051

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-21 14:29:30 +02:00
Sebastiaan van Stijn 716291337b
vendor: golang.org/x/crypto 0c34fe9e7dc2486962ef9867e3edb3503537209f
full diff: c1f2f97bff...0c34fe9e7d

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-21 14:29:28 +02:00
Tonis Tiigi e50cf79579 vendor: update x/sys to 134d130e
Makes possible to build for windows/arm64

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-03-03 23:32:34 -08:00
Tibor Vass 7bef248765 vendor docker, docker-credential-helpers and golang/sys for execabs package
Signed-off-by: Tibor Vass <tibor@docker.com>
2021-01-26 17:18:04 +00:00
Sebastiaan van Stijn 9a0a071d55 vendor: buildkit v0.8.0-rc2, docker
diffs:

- full diff: af34b94a78...6c0a036dce
- full diff: 4d1f260e84...v0.8.0-rc2

New dependencies:

- go.opencensus.io v0.22.3
- github.com/containerd/typeurl v1.0.1
- github.com/golang/groupcache 869f871628b6baa9cfbc11732cdf6546b17c1298

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-02 21:01:12 +00:00
Sebastiaan van Stijn 0e96d92567 vendor: golang.org/x/crypto c1f2f97bffc9c53fc40a1a28a5b460094c0050d9
full diff: 75b288015a...c1f2f97bff

relevant changes:

- pkcs12: document that we use the wrong PEM type
- pkcs12: drop PKCS#12 attributes with unknown OIDs
- ocsp: Improve documentation for ParseResponse and ParseResponseForCert

other changes (not in vendor);

- ssh: improve error message for KeyboardInteractiveChallenge
- ssh: remove slow unnecessary diffie-hellman-group-exchange primality check
- ssh/terminal: replace with a golang.org/x/term wrapper
    - Deprecates ssh/terminal in favor of golang.org/x/term
- ssh/terminal: add support for zos
- ssh/terminal: bump x/term dependency to fix js/nacl
- nacl/auth: use Size instead of KeySize for Sum output
- sha3: remove go:nocheckptr annotation

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-12-02 21:01:12 +00:00
Sebastiaan van Stijn 32d8f358df
vendor: github.com/moby/term 7f0af18e79f2784809e9cef63d0df5aa2c79d76e
full diff: 73f35e472e...7f0af18e79

- update gotest.tools to v3
- Use unix.Ioctl{Get,Set}Termios on all unix platforms
- Make Termios type alias, remove casts

vendor: golang.org/x/sys eeed37f84f13f52d35e095e8023ba65671ff86a1

ed371f2e16...eeed37f84f

- all: add GOOS=ios
- unix: add back IoctlCtlInfo on darwin
- windows: add SetConsoleCursorPosition
- unix: update Dockerfile to Linux 5.9 and Go 1.15.2 (adds `CAP_CHECKPOINT_RESTORE`)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-11-03 17:40:01 +01:00
Sebastiaan van Stijn dbe2f594ed
vendor: golang.org/x/sys ed371f2e16b4b305ee99df548828de367527b76b
full diff: 85ca7c5b95...ed371f2e16

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 14:07:54 +02:00
Sebastiaan van Stijn e70e756053
vendor golang.org/x/net v0.0.0-20200707034311-ab3426394381
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 14:07:52 +02:00
Sebastiaan van Stijn 1c3a97b0ff
vendor golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 14:07:50 +02:00
Sebastiaan van Stijn 668aea3f13
vendor: golang.org/x/text v0.3.3
full diff: https://github.com/golang/text/compare/v0.3.2...v0.3.3

includes a fix for [CVE-2020-14040][1]

[1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14040

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-06-17 13:22:37 +02:00
Sebastiaan van Stijn d10e2b9a6d
vendor: golang.org/x/sys 85ca7c5b95cdf1e557abb38a283d1e61a5959c31
full diff: d5e6a3e2c0...85ca7c5b95

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-05-09 17:26:23 +02:00
Sebastiaan van Stijn edf70dc308
vendor: golang.org/x/oauth2 bf48bf16ab8d622ce64ec6ce98d2c98f916b6303
full diff: ef147856a6...bf48bf16ab

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:19:04 +02:00
Sebastiaan van Stijn 9a41e375b5
vendor: golang.org/x/time 555d28b269f0569763d25dbe1a237ae74c6bcc82
full diff: fbb02b2291...555d28b269

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:19:02 +02:00
Sebastiaan van Stijn 37d184fe16
vendor: golang.org/x/crypto 2aa609cf4a9d7d1126360de73b55b6002f9e052a
full diff: bac4c82f69...2aa609cf4a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:19:00 +02:00
Sebastiaan van Stijn 7b9012ddde
vendor: golang.org/x/sys d5e6a3e2c0ae16fc7480523ebcb7fd4dd3215489
full diff: 6d18c012ae...d5e6a3e2c0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:18:56 +02:00
Sebastiaan van Stijn 3aab460ee1
vendor: golang.org/x/net 0de0cce0169b09b364e001f108dc0399ea8630b3
full diff: f3200d17e0...0de0cce016

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:18:55 +02:00
Sebastiaan van Stijn e32fe12ae3
vendor: golang.org/x/text v0.3.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:18:53 +02:00
Sebastiaan van Stijn 0dc9d17a2e
vendor: github.com/moby/buildkit ae7ff7174f73bcb4df89b97e1623b3fb0bfb0a0c
full diff: 4f4e030675...ae7ff7174f

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:18:42 +02:00