Commit Graph

9703 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 630e1d3e95
update to go1.21.11
go1.21.11 (released 2024-06-04) includes security fixes to the archive/zip
and net/netip packages, as well as bug fixes to the compiler, the go command,
the runtime, and the os package. See the Go 1.21.11 milestone on our issue
tracker for details;

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.11+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.10...go1.21.11

From the security announcement;

We have just released Go versions 1.22.4 and 1.21.11, minor point releases.
These minor releases include 2 security fixes following the security policy:

- archive/zip: mishandling of corrupt central directory record

  The archive/zip package's handling of certain types of invalid zip files
  differed from the behavior of most zip implementations. This misalignment
  could be exploited to create an zip file with contents that vary depending
  on the implementation reading the file. The archive/zip package now rejects
  files containing these errors.

  Thanks to Yufan You for reporting this issue.

  This is CVE-2024-24789 and Go issue https://go.dev/issue/66869.

- net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

  The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected
  for IPv4-mapped IPv6 addresses, returning false for addresses which would
  return true in their traditional IPv4 forms.

  Thanks to Enze Wang of Alioth and Jianjun Chen of Zhongguancun Lab
  for reporting this issue.

  This is CVE-2024-24790 and Go issue https://go.dev/issue/67680.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-04 23:39:27 +02:00
Sebastiaan van Stijn f82007d3ca
Merge pull request #5115 from thaJeztah/bump_containerd
vendor: github.com/containerd/containerd v1.7.17
2024-06-04 22:38:33 +02:00
Sebastiaan van Stijn 558a910b85
vendor: github.com/containerd/containerd v1.7.17
no changes in vendored code

full diff: https://github.com/containerd/containerd/compare/v1.7.15...v1.7.17

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-04 22:16:39 +02:00
Sebastiaan van Stijn be2c284ee2
vendor: tags.cncf.io/container-device-interface v0.7.2
no changes in vendored code

full diff: https://github.com/cncf-tags/container-device-interface/compare/v0.6.2...v0.7.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-04 22:15:52 +02:00
Sebastiaan van Stijn 8b924a5119
Merge pull request #5111 from thaJeztah/completion_use_apiClient
cli/command: use shallower interface for completions
2024-06-04 13:42:03 +02:00
Sebastiaan van Stijn 20d1b661bc
cli/command: use shallower interface for completions
The completion functions only need the API-client, and not all of
the CLI. However, passing the API-client as argument would mean
that the API-client is initialized early, which may not be what
we want, so instead, defining an APIClientProvider interface to
preserve the behavior of initializing when needed only.

While updating, also simplify stack.format to only require an
io.Writer.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-04 12:04:11 +02:00
Sebastiaan van Stijn ce85b24440
Merge pull request #5110 from thaJeztah/bump_engine
vendor: github.com/docker/docker cd3804655a25 (master / v27.0.0-dev)
2024-06-04 10:34:15 +02:00
Sebastiaan van Stijn 7edcaca761
Merge pull request #5109 from korverdev/cli_folder_typos_2
Correct typos in comments in the `cli/` folder
2024-06-04 10:33:42 +02:00
Sebastiaan van Stijn b6a3ce4167
vendor: github.com/docker/docker cd3804655a25 (master / v27.0.0-dev)
full diff: e622cea556...cd3804655a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-04 09:17:20 +02:00
Casey Korver d4491fc093 Correct typos in the cli/ folder
Signed-off-by: Casey Korver <casey@korver.dev>
2024-06-04 03:08:56 +00:00
Sebastiaan van Stijn 05c7d4b319
Merge pull request #5096 from thaJeztah/update_actions
gha: update to actions/upload-artifact@v4
2024-06-03 16:40:46 +02:00
Sebastiaan van Stijn b9cd722595
gha: update to actions/upload-artifact@v4
v3 is using Node.js 16 which are being deprecated:

    Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/upload-artifact@v3. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.

ci: incl. platform pair in artifact name

This fixes an the issue w/ `upload-artifact@v4`.
See: https://github.blog/2024-02-12-get-started-with-v4-of-github-actions-artifacts/#compatibility

Co-authored-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-06-03 16:10:23 +02:00
Sam Thibault 3ba4d27805
Merge pull request #5101 from twelsh-aw/codeowners_udpate
Update CODEOWNERS
2024-06-01 13:32:02 +02:00
Sebastiaan van Stijn 1a8fa8b73e
Merge pull request #5100 from thaJeztah/bump_engine
vendor: github.com/docker/docker e622cea55698 (master / v27.0.0-dev)
2024-05-31 22:00:08 +02:00
twelsh-aw 2ef6bc1c1b
Update CODEOWNERS
Signed-off-by: twelsh-aw <84401379+twelsh-aw@users.noreply.github.com>

Keep pinging desired individuals for certain changes, but allow others to keep reviewing in accordance with org Branch Protection rules

(note: runtime-owners team has notifications disabled)
2024-05-31 14:35:25 -04:00
Sebastiaan van Stijn e2fc6bd771
vendor: github.com/docker/docker e622cea55698 (master / v27.0.0-dev)
full diff: 06e3a49d66...e622cea556

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-31 17:39:37 +02:00
Sebastiaan van Stijn 16c8f4942e
vendor: github.com/Microsoft/hcsshim v0.11.5
full diff: https://github.com/Microsoft/hcsshim/compare/v0.11.4...v0.11.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-31 16:14:37 +02:00
Sebastiaan van Stijn b7548ba7f1
vendor: github.com/opencontainers/image-spec v1.1.0
full diff: https://github.com/opencontainers/image-spec/compare/v1.1.0-rc5...v1.1.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-31 16:10:21 +02:00
Bjorn Neergaard cd4d62e979
Merge pull request #5099 from thaJeztah/bump_gowinio
vendor: github.com/Microsoft/go-winio v0.6.2 (for go1.22 compatibility)
2024-05-31 08:09:30 -06:00
Sebastiaan van Stijn 12aaeae21b
vendor: github.com/Microsoft/go-winio v0.6.2
- Fix compatibility with go1.22
- fileinfo: internally fix FileBasicInfo memory alignment (fixes compatibility
  with go1.22)
- Switch from syscall to golang.org/x/sys/windows
- Remove golang.org/x/mod as dependency
- Remove golang.org/x/tools as dependency

full diff: https://github.com/Microsoft/go-winio/compare/v0.6.1...v0.6.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-31 15:49:19 +02:00
Bjorn Neergaard f53a2ae443
Merge pull request #5094 from thaJeztah/context_type_stub
context list: temporarily add ContextType to JSON output
2024-05-31 06:40:13 -06:00
Sebastiaan van Stijn fed9fa0f72
context list: temporarily add ContextType to JSON output
Docker Desktop currently ships with the "cloud integration" wrapper,
which outputs an additional ContextType field in the JSON output.

While this field is non-standard, it made its way into Visual Studio's
Docker integration, which uses this to exclude "aci" and "eci" context
types that are not supported by Visual Studio.

This patch;

- conditionally adds a ContextType field to the JSON output
- but ONLY when using the default "{{json .}}" or "json" formats
  (which are the formats used by Visual Studio)
- if the context is a "aci" or "eci" context, that type is
  preserved, otherwise the default "moby" type is used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-31 13:08:31 +02:00
Sebastiaan van Stijn 3da25f6c6d
Merge pull request #5097 from thaJeztah/context_test_coverage
cli/command/context: improve tests and add coverage for custom metadata in contexts
2024-05-31 12:24:31 +02:00
Sebastiaan van Stijn 40a1da8b42
cli/command/context: list: add test for JSON output
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-31 10:54:15 +02:00
Sebastiaan van Stijn 2e9eff235d
cli/command/context: test inspecting context with custom metadata
The CLI does not currently expose options to add custom metadata to
contexts, but contexts support them.

- update test-utilities to allow setting custom metadata
- update the inspect test to verify that custom metadata is included
  when inspecting a context.
- update the import/export tests to verify that custom metadata
  is preserved.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-31 10:49:50 +02:00
Sebastiaan van Stijn 54291dd47a
cli/command/context: add test-utility to create multiple contexts
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-31 10:31:16 +02:00
Albin Kerouanton 8ed44f916f
Merge pull request #4994 from robmry/47639_per-interface-sysctls
Document CLI support for per interface sysctls
2024-05-29 11:03:28 +02:00
Sebastiaan van Stijn 4d28ae98f4
Merge pull request #5085 from akerouanton/deprecate-api-cors-header
docs: deprecate daemon's api-cors-header flag
2024-05-28 23:45:54 +02:00
Albin Kerouanton 9d9bb19f01 docs: deprecate daemon's api-cors-header flag
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2024-05-28 12:10:00 +02:00
Sebastiaan van Stijn 358d499681
Merge pull request #5090 from thaJeztah/update_alpine
Dockerfile: update ALPINE_VERSION to 3.20
2024-05-27 17:52:03 +02:00
Sebastiaan van Stijn 7b4171c608
Merge pull request #5092 from thaJeztah/use_containerd_platforms
migrate to new github.com/containerd/platforms package
2024-05-27 14:37:39 +02:00
Sebastiaan van Stijn 90bd9c5308
Merge pull request #5089 from thaJeztah/bump_buildx
Dockerfile: update buildx to v0.14.1, compose v2.27.1
2024-05-27 14:27:21 +02:00
Sebastiaan van Stijn 10b4bb073f
Merge pull request #5086 from thaJeztah/update_creds_helper
vendor: github.com/docker/docker-credential-helpers v0.8.2
2024-05-27 14:26:42 +02:00
Sebastiaan van Stijn 7dc271a8be
migrate to new github.com/containerd/platforms package
The github.com/containerd/containerd/platforms package was moved to a separate
module in preparation of the containerd v2.0 release.

Switch to the new module, which means we also remove containerd as a direct
dependency.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-27 11:55:23 +02:00
Sebastiaan van Stijn 3cf12ae719
Merge pull request #5091 from thaJeztah/docs_simplify_output
docs: use --quiet in example to simplify output
2024-05-27 08:55:22 +02:00
Rob Murray d5d94e46fc Explain how to use "network connect --driver-opt" to set sysctls
Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-05-26 13:19:51 +01:00
Rob Murray 7f9dba60e2 Test quoted fields in --driver-opt
Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-05-26 13:17:22 +01:00
Rob Murray b7583a2c28 Explain how to use "--network driver-opt" to set sysctls
Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-05-26 13:17:22 +01:00
Rob Murray 068f118f88 Test quoted field in --network
Signed-off-by: Rob Murray <rob.murray@docker.com>
2024-05-26 13:14:01 +01:00
Sebastiaan van Stijn 82ed39e319
docs: use --quiet in example to simplify output
The output showed the Alpine version that was used for the example,
which can get outdated and distracts from the example steps.

Use --quiet to reduce the output, and to reduce maintenance (i.e.,
no need to keep the output updated with current versions).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-26 11:43:08 +02:00
Sebastiaan van Stijn e70f68595d
Dockerfile: update ALPINE_VERSION to 3.20
Update to the current version of Alpine, which is also the default for
the golang:alpine image

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-26 11:37:01 +02:00
Sebastiaan van Stijn 0b7aff333b
Dockerfile: update compose to v2.27.1
release notes: https://github.com/docker/compose/releases/tag/v2.27.1

full diff: https://github.com/docker/compose/compare/v2.24.3...v2.27.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-26 11:26:36 +02:00
Sebastiaan van Stijn f0e7e07b8b
Dockerfile: update buildx to v0.14.1
- 0.14.1 release notes: https://github.com/docker/buildx/releases/tag/v0.14.1
- 0.14.0 release notes: https://github.com/docker/buildx/releases/tag/v0.14.0
- 0.13.1 release notes: https://github.com/docker/buildx/releases/tag/v0.13.1
- 0.13.0 release notes: https://github.com/docker/buildx/releases/tag/v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-26 11:16:57 +02:00
Sebastiaan van Stijn 05905bd922
vendor: github.com/docker/docker-credential-helpers v0.8.2
no changes to vendored code

full diff: https://github.com/docker/docker-credential-helpers/compare/v0.8.1...v0.8.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-23 19:13:17 +02:00
Sebastiaan van Stijn 421e3b5e91
Merge pull request #5077 from thaJeztah/config_error_handling
cli/config: improve handling of errors
2024-05-22 14:39:50 +02:00
Sebastiaan van Stijn dc75e9ed6c
cli/config: do not discard permission errors when loading config-file
When attempting to load a config-file that exists, but is not accessible for
the current user, we should not discard the error.

This patch makes sure that the error is returned by Load(), but does not yet
change LoadDefaultConfigFile, as this requires a change in signature.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-22 10:31:59 +02:00
Sebastiaan van Stijn c80adf4e87
cli/config: TestLoadDefaultConfigFile: check that no warnings are printed
Loading the config should print no warnings on a successful load.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-22 10:31:59 +02:00
Sebastiaan van Stijn de91207b87
cli/config: add test for dangling symlink for config-file
This may need further discussion, but we currently handle dangling
symlinks gracefully, so let's add a test for this, and verify that
we don't replace symlinks with a file.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-22 10:31:58 +02:00
Sebastiaan van Stijn 426fb2fd81
cli/config: Load(), LoadDefaultConfigFile(): improve GoDoc
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-05-22 10:31:47 +02:00
Sebastiaan van Stijn 57a1180c52
Merge pull request #5084 from thaJeztah/improve_rm_flag_description
run, create: update "--rm" flag description to mention anonymous volumes
2024-05-21 16:26:12 +02:00