Sebastiaan van Stijn
4745b957d2
vendor: golang.org/x/net v0.22.0, golang.org/x/crypto v0.21.0
...
full diffs changes relevant to vendored code:
- https://github.com/golang/net/compare/v0.19.0...v0.22.0
- http2: remove suspicious uint32->v conversion in frame code
- http2: send an error of FLOW_CONTROL_ERROR when exceed the maximum octets
- https://github.com/golang/crypto/compare/v0.17.0...v0.21.0
- (no changes in vendored code)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-04-09 14:50:53 +02:00
Sebastiaan van Stijn
efae960e5a
vendor: golang.org/x/net v0.19.0
...
drops various code to support go1.17 and older
full diff: https://golang.org/x/net/compare/v0.17.0...v0.19.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:55:39 +01:00
Sebastiaan van Stijn
f9622b659f
vendor: update go-connections for TLS 1.3 support
...
full diff: https://github.com/docker/go-connections/compare/v0.4.0...0b8c1f4e07a0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-10 15:56:11 +01:00
Sebastiaan van Stijn
a27466fb6f
vendor: golang.org/x/net v0.17.0
...
full diff: https://github.com/golang/net/compare/v0.10.0...v0.17.0
This fixes the same CVE as go1.21.3 and go1.20.10;
- net/http: rapid stream resets can cause excessive work
A malicious HTTP/2 client which rapidly creates requests and
immediately resets them can cause excessive server resource consumption.
While the total number of requests is bounded to the
http2.Server.MaxConcurrentStreams setting, resetting an in-progress
request allows the attacker to create a new request while the existing
one is still executing.
HTTP/2 servers now bound the number of simultaneously executing
handler goroutines to the stream concurrency limit. New requests
arriving when at the limit (which can only happen after the client
has reset an existing, in-flight request) will be queued until a
handler exits. If the request queue grows too large, the server
will terminate the connection.
This issue is also fixed in golang.org/x/net/http2 v0.17.0,
for users manually configuring HTTP/2.
The default stream concurrency limit is 250 streams (requests)
per HTTP/2 connection. This value may be adjusted using the
golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
setting and the ConfigureServer function.
This is CVE-2023-39325 and Go issue https://go.dev/issue/63417 .
This is also tracked by CVE-2023-44487.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:56:02 +02:00
Sebastiaan van Stijn
e15ae9e2ee
vendor: golang.org/x/net v0.10.0
...
full diff: https://github.com/golang/net/compare/v0.8.0...v0.10.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-06-12 11:19:45 +02:00
Sebastiaan van Stijn
d213548bd0
vendor: golang.org/x/net v0.7.0
...
full diff: https://github.com/golang/net/compare/v0.5.0...v0.7.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-15 01:42:00 +01:00
Sebastiaan van Stijn
526e5e7c95
vendor: golang.org/x/net v0.5.0
...
full diff: https://github.com/golang/net/compare/v0.4.0...v0.5.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-23 11:59:15 +01:00
Sebastiaan van Stijn
929f23fcf9
vendor: golang.org/x/net v0.4.0
...
full diff: https://github.com/golang/net/compare/v0.1.0...v0.4.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-22 23:00:49 +01:00
Sebastiaan van Stijn
880b7fc671
vendor: golang.org/x/net v0.1.0
...
The golang.org/x/ projects are now doing tagged releases.
full diff: https://github.com/golang/net/compare/f3363e06e74c...v0.1.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 16:02:41 +01:00
Sebastiaan van Stijn
fc7e831a6a
vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c
...
Update to the latest version that contains a fix for CVE-2022-27664;
f3363e06e7
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 23:14:47 +02:00
Sebastiaan van Stijn
1bb2591444
vendor: golang.org/x/net v0.0.0-20211216030914-fe4d6282115f
...
intermediate bump for easier review
full diff: e18ecbb051...fe4d628211
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:21:39 +01:00
Nicolas De Loof
7b9580df51
Drop support for (archived) Compose-on-Kubernetes
...
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-02-22 13:47:34 +01:00
CrazyMax
7e560ae76f
vendor with go mod
...
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2021-12-16 21:16:01 +01:00
Sebastiaan van Stijn
dea9976143
vendor: golang.org/x/net e18ecbb051101a46fc263334b127c89bc7bff7ea
...
full diff: ab34263943...e18ecbb051
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-06-21 14:29:30 +02:00
Sebastiaan van Stijn
e70e756053
vendor golang.org/x/net v0.0.0-20200707034311-ab3426394381
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-09 14:07:52 +02:00
Sebastiaan van Stijn
3aab460ee1
vendor: golang.org/x/net 0de0cce0169b09b364e001f108dc0399ea8630b3
...
full diff: f3200d17e0...0de0cce016
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-04-22 17:18:55 +02:00
Tonis Tiigi
668a9ff8ef
vendor: update net and sys
...
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2019-06-02 00:39:23 -07:00
Sebastiaan van Stijn
909b85460c
bump LK4D4/vndr v0.0.3 and revendor
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-05-14 16:13:27 -07:00
Sebastiaan van Stijn
b6cee4567c
bump golang.org/x/net eb5bcb51f2a31c7d5141d810b70815c05d9c9146
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-04-13 03:09:33 +02:00
Vincent Demeester
8788a4804f
Bump some dependencies to more recent versions (and tagged if available)
...
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-07-25 14:16:41 +02:00
Vincent Demeester
b1065767cd
Bump moby version (and its dependencies)
...
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-06-08 11:26:10 +02:00
Mathieu Champlon
5d54584f03
Bump moby to d37f5c6bdf788a6cb82c07fb707e31a240eff5f9
...
Also bringing:
. golang.org/x/net 5561cd9b4330353950f399814f427425c0a26fd2
. github.com/docker/distribution 83389a148052d74ac602f5f1d62f86ff2f3c4aa5
. github.com/docker/swarmkit bd69f6e8e301645afd344913fa1ede53a0a111fb
. github.com/docker/go-metrics d466d4f6fd960e01820085bd7e1a24426ee7ef18
. github.com/prometheus/client_golang 52437c81da6b127a9925d17eb3a382a2e5fd395e
. github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9
. github.com/prometheus/client_model fa8ad6fec33561be4280a8f0514318c79d7f6cb6
. github.com/prometheus/common ebdfc6da46522d58825777cf1f90490a5b1ef1d8
. github.com/prometheus/procfs abf152e5f3e97f2fafac028d2cc06c1feb87ffa5
. github.com/matttproud/golang_protobuf_extensions v1.0.0
Signed-off-by: Mathieu Champlon <mathieu.champlon@docker.com>
2018-05-18 11:44:14 +02:00
Vincent Demeester
12c0825a4c
Update golang.org/x/net to not panic
...
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-12-28 14:40:09 +01:00
Vincent Demeester
61713c42a4
Update vendoring
...
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-12-26 11:45:56 +01:00
Vincent Demeester
8417e49792
Add support for kubernetes in docker cli
...
- Add support for kubernetes for docker stack command
- Update to go 1.9
- Add kubernetes to vendors
- Print orchestrator in docker version command
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
2017-12-26 11:22:32 +01:00
Sebastiaan van Stijn
679ae70241
bump golang.org/x/net to 7dcfb8076726a3fdd9353b6b8a1f1b6be6811bd6
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-07-03 17:40:41 -07:00
Daniel Nephin
6686ada6a4
Add vendor
...
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-04-17 18:12:58 -04:00