Sebastiaan van Stijn
4745b957d2
vendor: golang.org/x/net v0.22.0, golang.org/x/crypto v0.21.0
...
full diffs changes relevant to vendored code:
- https://github.com/golang/net/compare/v0.19.0...v0.22.0
- http2: remove suspicious uint32->v conversion in frame code
- http2: send an error of FLOW_CONTROL_ERROR when exceed the maximum octets
- https://github.com/golang/crypto/compare/v0.17.0...v0.21.0
- (no changes in vendored code)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 14:50:53 +02:00
Sebastiaan van Stijn
9a2133f2d4
vendor: golang.org/x/sys v0.18.0
...
full diff: https://github.com/golang/sys/compare/v0.16.0...v0.18.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 14:46:54 +02:00
Jonathan A. Sternberg
89db01ef97
cli: add otel sdk tracing and metric providers to the core cli
...
This adds the code used by buildx and compose into the default CLI
program to help normalize the usage of these APIs and allow code reuse
between projects. It also allows these projects to benefit from
improvements or changes that may be made by another team.
At the moment, these APIs are a pretty thin layer on the OTEL SDK. It
configures an additional exporter to a docker endpoint that's used for
usage collection and is only active if the option is configured in
docker desktop.
This also upgrades the OTEL version to v1.19 which is the one being used
by buildkit, buildx, compose, etc.
Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
2024-03-25 11:11:34 -05:00
Sebastiaan van Stijn
21c2536051
vendor: golang.org/x/sys v0.16.0
...
full diff: https://github.com/golang/sys/compare/v0.15.0...v0.16.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-15 12:01:27 +01:00
Sebastiaan van Stijn
9db56ea2f6
vendor: golang.org/x/tools v0.16.0, golang.org/x/mod v0.14.0
...
removes dependency on golang.org/x/sys/execabs
full diff:
- https://github.com/golang/tools/compare/v0.10.0...v0.16.0
- https://github.com/golang/mod/compare/v0.11.0...v0.14.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 11:02:26 +01:00
Sebastiaan van Stijn
efae960e5a
vendor: golang.org/x/net v0.19.0
...
drops various code to support go1.17 and older
full diff: https://golang.org/x/net/compare/v0.17.0...v0.19.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:55:39 +01:00
Sebastiaan van Stijn
996cce9098
vendor: golang.org/x/sync v0.6.0
...
full diff: https://github.com/golang/sync/compare/v0.3.0...v0.6.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:52:47 +01:00
Sebastiaan van Stijn
3cf0bf84a5
vendor: golang.org/x/crypto v0.16.0
...
full diff: https://github.com/golang/crypto/compare/v0.14.0...v0.16.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:47:30 +01:00
Sebastiaan van Stijn
36d4db27d5
vendor: golang.org/x/text v0.14.0
...
full diff: https://github.com/golang/text/compare/v0.13.0...v0.14.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:46:41 +01:00
Sebastiaan van Stijn
3d70100d5d
vendor: golang.org/x/sys v0.15.0
...
full diff: https://github.com/golang/sys/compare/v0.13.0...v0.15.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:45:50 +01:00
Sebastiaan van Stijn
f9622b659f
vendor: update go-connections for TLS 1.3 support
...
full diff: https://github.com/docker/go-connections/compare/v0.4.0...0b8c1f4e07a0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-10 15:56:11 +01:00
Sebastiaan van Stijn
7841493823
vendor: golang.org/x/tools v0.10.0
...
full diff: https://github.com/golang/tools/compare/v0.8.0...v0.10.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:06:07 +01:00
Sebastiaan van Stijn
a27466fb6f
vendor: golang.org/x/net v0.17.0
...
full diff: https://github.com/golang/net/compare/v0.10.0...v0.17.0
This fixes the same CVE as go1.21.3 and go1.20.10;
- net/http: rapid stream resets can cause excessive work
A malicious HTTP/2 client which rapidly creates requests and
immediately resets them can cause excessive server resource consumption.
While the total number of requests is bounded to the
http2.Server.MaxConcurrentStreams setting, resetting an in-progress
request allows the attacker to create a new request while the existing
one is still executing.
HTTP/2 servers now bound the number of simultaneously executing
handler goroutines to the stream concurrency limit. New requests
arriving when at the limit (which can only happen after the client
has reset an existing, in-flight request) will be queued until a
handler exits. If the request queue grows too large, the server
will terminate the connection.
This issue is also fixed in golang.org/x/net/http2 v0.17.0,
for users manually configuring HTTP/2.
The default stream concurrency limit is 250 streams (requests)
per HTTP/2 connection. This value may be adjusted using the
golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
setting and the ConfigureServer function.
This is CVE-2023-39325 and Go issue https://go.dev/issue/63417 .
This is also tracked by CVE-2023-44487.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:56:02 +02:00
Sebastiaan van Stijn
392db31e2a
vendor: golang.org/x/term v0.13.0
...
- term: consistently return zeroes on GetSize error
full diff: https://github.com/golang/term/compare/v0.8.0...v0.13.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:53:19 +02:00
Sebastiaan van Stijn
ac307788a6
vendor: golang.org/x/text v0.13.0
...
full diff: https://github.com/golang/text/compare/v0.9.0...v0.13.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:50:23 +02:00
Sebastiaan van Stijn
48655f794c
vendor: golang.org/x/sys v0.13.0
...
full diff: https://github.com/golang/sys/compare/v0.10.0...v0.13.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:49:37 +02:00
Sebastiaan van Stijn
56396ba357
vendor: golang.org/x/tools v0.8.0
...
full diff:
- https://github.com/golang/mod/compare/v0.9.0...v0.10.0
- https://github.com/golang/tools/compare/v0.7.0...v0.8.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:36:16 +02:00
Sebastiaan van Stijn
ffea6940e7
vendor: golang.org/x/sys v0.10.0
...
full diff: https://github.com/golang/sys/compare/v0.8.0...v0.10.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:29:33 +02:00
Sebastiaan van Stijn
1554b49329
vendor: golang.org/x/sync v0.3.0
...
full diff: https://github.com/golang/sync/compare/v0.1.0...v0.3.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:28:31 +02:00
Sebastiaan van Stijn
92906a9936
vendor: github.com/Microsoft/go-winio v0.6.1
...
Unfortunately also brings in golang.org/x/tools and golang.org/x/mod as
a dependency, due to go-winio using a "tools.go" file.
full diff: https://github.com/Microsoft/go-winio/compare/v0.5.2...v0.6.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-20 13:10:06 +02:00
Sebastiaan van Stijn
78e4633929
vendor: github.com/docker/docker-credential-helpers v0.8.0
...
full diff: https://github.com/docker/docker-credential-helpers/compare/v0.7.0...v0.8.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-17 16:06:44 +02:00
Sebastiaan van Stijn
e15ae9e2ee
vendor: golang.org/x/net v0.10.0
...
full diff: https://github.com/golang/net/compare/v0.8.0...v0.10.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-12 11:19:45 +02:00
Sebastiaan van Stijn
45fd37aaac
vendor: golang.org/x/sys v0.8.0
...
full diff: https://github.com/golang/sys/compare/v0.6.0...v0.8.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-12 11:11:33 +02:00
Sebastiaan van Stijn
6e2163a712
vendor: golang.org/x/text v0.8.0
...
full diff: https://github.com/golang/text/compare/v0.7.0...v0.8.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-04-17 23:11:05 +02:00
Kevin Alvarez
89583b92b7
improve plugins listing performance
...
We can slightly improve plugins listing by spawning a
goroutine for each iteration.
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-04-01 16:02:34 +02:00
CrazyMax
e14f5fc1a7
revert "improve plugins discovery performance"
...
This reverts commit 62f2358b99
.
Spawning a goroutine for each iteration in the loop when listing
plugins is racy unfortunately. `plugins` slice is protected with
a mutex so not sure why it fails.
I tried using a channel to collect the plugins instead of a slice
to guarantee that they will be appended to the list in the order
they are processed but no dice.
I also tried without errgroup package and simply use sync.WaitGroup
but same. I have also created an extra channel to receive errors
from the goroutines but racy too.
I think the change in this function is not related to the race
condition but newPlugin is. So revert in the meantime :(
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-03-31 16:20:42 +02:00
Sebastiaan van Stijn
149d289638
vendor: golang.org/x/sys v0.6.0
...
full diff: https://github.com/golang/sys/compare/v0.5.0..v0.6.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-30 19:56:27 +02:00
CrazyMax
62f2358b99
improve plugins discovery performance
...
We are currently loading plugin commands stubs for every
command invocation to add support for Cobra v2 completion.
This cause a significant performance hit if there is a
lot of plugins in the user space (7 atm in Docker Desktop):
`docker --version` takes in current 23.0.1 ~93ms
Instead of removing completion for plugins to fix the
regression, we can slightly improve plugins discovery by
spawning a goroutine for each iteration in the loop when
listing plugins:
`docker --version` now takes ~38ms
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2023-03-28 06:16:55 +02:00
Sebastiaan van Stijn
d213548bd0
vendor: golang.org/x/net v0.7.0
...
full diff: https://github.com/golang/net/compare/v0.5.0...v0.7.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-15 01:42:00 +01:00
Sebastiaan van Stijn
f40bbf4f7f
vendor: golang.org/x/time v0.3.0
...
full diff: https://github.com/golang/time/compare/v0.1.0...v0.3.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-15 01:35:57 +01:00
Sebastiaan van Stijn
3e9c6e84ce
vendor: golang.org/x/sys v0.5.0
...
full diff: https://github.com/golang/sys/compare/v0.4.0...v0.5.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-15 01:32:29 +01:00
Sebastiaan van Stijn
526e5e7c95
vendor: golang.org/x/net v0.5.0
...
full diff: https://github.com/golang/net/compare/v0.4.0...v0.5.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-23 11:59:15 +01:00
Sebastiaan van Stijn
caf8b152c6
vendor: golang.org/x/sys v0.4.0
...
full diff: https://github.com/golang/sys/compare/v0.3.0...v0.4.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-23 11:45:55 +01:00
Sebastiaan van Stijn
929f23fcf9
vendor: golang.org/x/net v0.4.0
...
full diff: https://github.com/golang/net/compare/v0.1.0...v0.4.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-22 23:00:49 +01:00
Sebastiaan van Stijn
2df9ff91e1
vendor: golang.org/x/term v0.3.0
...
full diff: https://github.com/golang/term/compare/v0.1.0...v0.3.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-22 22:59:45 +01:00
Sebastiaan van Stijn
1b75c7c52a
vendor: golang.org/x/text v0.5.0
...
full diff: https://github.com/golang/text/compare/v0.4.0...v0.5.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-22 22:53:24 +01:00
Sebastiaan van Stijn
e3e0b7a6c8
vendor: golang.org/x/sys v0.3.0
...
full diff: https://github.com/golang/sys/compare/v0.2.0...v0.3.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-22 22:51:19 +01:00
Sebastiaan van Stijn
722cde068f
vendor: golang.org/x/sys v0.2.0
...
full diff: https://github.com/golang/sys/compare/v0.1.0...v0.2.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-17 11:01:16 +01:00
Sebastiaan van Stijn
633ef7a093
vendor: golang.org/x/crypto v0.1.0 (fix OpenSSL > 9.3 compatibility)
...
- fixes compatibility with OpenSSH >= 8.9 (https://github.com/moby/buildkit/issues/3273 )
- relates to https://github.com/golang/go/issues/51689#issuecomment-1197085791
full diff: https://github.com/golang/crypto/compare/3147a52a75dd...v0.1.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 16:05:32 +01:00
Sebastiaan van Stijn
880b7fc671
vendor: golang.org/x/net v0.1.0
...
The golang.org/x/ projects are now doing tagged releases.
full diff: https://github.com/golang/net/compare/f3363e06e74c...v0.1.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 16:02:41 +01:00
Sebastiaan van Stijn
0f568cfa97
vendor: golang.org/x/text v0.4.0
...
full diff: https://github.com/golang/text/compare/v0.3.7...v0.4.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 16:00:18 +01:00
Sebastiaan van Stijn
63ea1e4242
vendor: golang.org/x/term v0.1.0
...
full diff: https://github.com/golang/term/compare/03fcf44c2211...v0.1.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 15:58:54 +01:00
Sebastiaan van Stijn
57b6ed34cc
vendor: golang.org/x/time v0.1.0
...
The golang.org/x/ projects are now doing tagged releases.
full diff: https://github.com/golang/time/compare/1f47c861a9ac...v0.1.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 15:53:35 +01:00
Sebastiaan van Stijn
7b3900145e
vendor: golang.org/x/sys v0.1.0
...
The golang.org/x/ projects are now doing tagged releases.
full diff: c680a09ffe
...v0.1.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 15:48:59 +01:00
Sebastiaan van Stijn
46ba87dcf1
vendor: github.com/google/go-cmp v0.5.9 to remove golang.org/x/xerrors
...
full diff: https://github.com/google/go-cmp/compare/v0.5.7...v0.5.9
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-05 23:24:04 +01:00
Sebastiaan van Stijn
fc7e831a6a
vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c
...
Update to the latest version that contains a fix for CVE-2022-27664;
f3363e06e7
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 23:14:47 +02:00
Sebastiaan van Stijn
eaf6461ee6
vendor: golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64
...
full diff: 3c1f35247d...c680a09ffe
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 15:58:05 +02:00
Sebastiaan van Stijn
649aa6175b
vendor: golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10
...
full diff: bc2c85ada1...3c1f35247d
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-20 17:04:20 +02:00
Sebastiaan van Stijn
65d45664b1
vendor: golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
...
full diff: 33da011f77...bc2c85ada1
notable changes;
- unix: use ByteSliceFromString in (*Ifreq).Name
- unix: update openbsd Statfs_t fields
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-07-21 17:32:13 +02:00
Sebastiaan van Stijn
05279c7c6a
vendor: golang.org/x/sys v0.0.0-20220412211240-33da011f77ad
...
Includes fixes for:
- CVE-2022-29526 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526 );
(description at https://go.dev/issue/52313 ).
full diff: 1e041c57c4...33da011f77
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-05-11 14:33:05 +02:00