Commit Graph

327 Commits

Author SHA1 Message Date
Paweł Gronowski 69575f6175
vendor: github.com/docker/docker 8b79278316b5 (master)
no changes in vendored files

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-20 15:45:19 +01:00
Paweł Gronowski b70a26deaf
vendor: github.com/docker/docker 330d777c53fb (v26.0.0-rc3-dev)
full diff: 70e46f2c7c...330d777c53

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-19 14:31:41 +01:00
Sebastiaan van Stijn 38c3ff67aa
vendor: github.com/docker/docker 70e46f2c7c2d (v26.0.0-rc3-dev)
full diff: https://github.com/docker/docker/compare/v26.0.0-rc2...70e46f2c7c2df8d8cc483d9831a907b12efa201b

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 16:53:20 +01:00
Sebastiaan van Stijn a4a79d75c0
vendor: google.golang.org/protobuf v1.33.0, github.com/golang/protobuf v1.5.4
full diffs:

- https://github.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.33.0
- https://github.com/golang/protobuf/compare/v1.5.3...v1.5.4

From the Go security announcement list;

> Version v1.33.0 of the google.golang.org/protobuf module fixes a bug in
> the google.golang.org/protobuf/encoding/protojson package which could cause
> the Unmarshal function to enter an infinite loop when handling some invalid
> inputs.
>
> This condition could only occur when unmarshaling into a message which contains
> a google.protobuf.Any value, or when the UnmarshalOptions.UnmarshalUnknown
> option is set. Unmarshal now correctly returns an error when handling these
> inputs.
>
> This is CVE-2024-24786.

In a follow-up post;

> A small correction: This vulnerability applies when the UnmarshalOptions.DiscardUnknown
> option is set (as well as when unmarshaling into any message which contains a
> google.protobuf.Any). There is no UnmarshalUnknown option.
>
> In addition, version 1.33.0 of google.golang.org/protobuf inadvertently
> introduced an incompatibility with the older github.com/golang/protobuf
> module. (https://github.com/golang/protobuf/issues/1596) Users of the older
> module should update to github.com/golang/protobuf@v1.5.4.

govulncheck results in our code shows that this does not affect the CLI:

    govulncheck ./...
    Scanning your code and 448 packages across 72 dependent modules for known vulnerabilities...

    === Symbol Results ===

    No vulnerabilities found.

    Your code is affected by 0 vulnerabilities.
    This scan also found 1 vulnerability in packages you import and 0
    vulnerabilities in modules you require, but your code doesn't appear to call
    these vulnerabilities.
    Use '-show verbose' for more details.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 16:41:42 +01:00
Sebastiaan van Stijn 115c8d56e5
vendor: github.com/containerd/containerd v1.7.14
no changes in vendored files, but now requires go1.21

full diff: https://github.com/containerd/containerd/compare/v1.7.13...v1.7.14

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 16:41:38 +01:00
Paweł Gronowski 645b973521
vendor: github.com/docker/docker v26.0.0-rc2
full diff: https://github.com/docker/docker/compare/f4c696eef17d...v26.0.0-rc2

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-08 17:10:05 +01:00
Paweł Gronowski a8379092af
vendor: github.com/docker/docker f4c696eef17d62a42
full diff: https://github.com/docker/docker/compare/v26.0.0-rc1+incompatible...f4c696eef17d62a421877d95c4810185750c5641

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-07 19:13:04 +01:00
Paweł Gronowski 5e80232398
vendor: github.com/docker/docker v26.0.0-rc1
full diff: https://github.com/docker/docker/compare/c70d7905fbd9...v26.0.0-rc1

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>

test: update fixtures

Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-03-01 18:23:25 +01:00
Sebastiaan van Stijn acc675014f
vendor: github.com/docker/docker c70d7905fbd9 (v26.0.0-dev)
full diff: 86b86412a1...c70d7905fb

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-26 17:54:20 +01:00
Sebastiaan van Stijn 79541b7e21
vendor: google.golang.org/grpc v1.59.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-26 17:53:12 +01:00
Sebastiaan van Stijn 096ced0894
vendor: OTEL v0.46.1 / v1.21.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-26 17:50:23 +01:00
Sebastiaan van Stijn f3c77df31e
vendor: github.com/prometheus/client_golang v1.17.0
full diffs:

- https://github.com/prometheus/client_golang/compare/v1.14.0...v1.17.0
- https://github.com/prometheus/client_model/compare/v0.3.0...v0.5.0
- https://github.com/prometheus/common/compare/v0.42.0...v0.44.0
- https://github.com/prometheus/procfs/compare/v0.9.0...v0.12.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-26 17:45:07 +01:00
Sebastiaan van Stijn 1b42d04d63
vendor: github.com/go-logr/logr v1.3.0
full diff: https://github.com/go-logr/logr/compare/v1.2.4...v1.3.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-26 17:39:47 +01:00
Sebastiaan van Stijn f5a29ff8eb
vendor: github.com/containerd/containerd v1.7.13
no changes in vendored files

full diff: https://github.com/containerd/containerd/compare/v1.7.12...v1.7.13

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-26 17:36:46 +01:00
Sebastiaan van Stijn df6220d434
vendor: github.com/docker/docker 86b86412a1b7 (v26.0-dev)
full diff: 9e075f3808...86b86412a1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-10 12:26:39 +01:00
Sebastiaan van Stijn 324309b086
vendor: github.com/docker/docker 9e075f3808a5 (master, v26.0.0-dev)
Vendor docker/docker with API < 1.24 removed. This should not affect client
code.

43ffb1ee9d..9e075f3808

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-07 02:27:53 +01:00
Sebastiaan van Stijn 93ad9fbdf6
vendor: github.com/moby/swarmkit/v2 v2.0.0-20240125134710-dcda100a8261
full diff: f082dd7a0c...dcda100a82

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-07 02:23:51 +01:00
Paweł Gronowski 68dac842a1
vendor: github.com/docker/docker 43ffb1ee9d5a (v26.0.0-dev)
full diff: https://github.com/docker/docker/compare/v25.0.0...43ffb1ee9d5a

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-01-24 14:59:08 +01:00
Sebastiaan van Stijn 4b1ed1f442
vendor: github.com/docker/docker v25.0.1
relevant changes:

- Fix isGitURL regular expression
- pkg/system: return even richer xattr errors

full diff: https://github.com/moby/moby/compare/v25.0.0...v25.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-24 12:17:20 +01:00
Sebastiaan van Stijn 337dd82d8b
vendor: github.com/docker/docker v25.0.0
full diff: https://github.com/docker/docker/compare/v25.0.0-rc.3...v25.0.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-19 15:03:52 +01:00
Sebastiaan van Stijn cdb1c105f6
vendor: github.com/docker/docker v25.0.0-rc.3
full diff: https://github.com/moby/moby/compare/v25.0.0-rc.2...v25.0.0-rc.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-17 23:28:28 +01:00
Sebastiaan van Stijn 21c2536051
vendor: golang.org/x/sys v0.16.0
full diff: https://github.com/golang/sys/compare/v0.15.0...v0.16.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-15 12:01:27 +01:00
Sebastiaan van Stijn d868dca00f
vendor: github.com/docker/docker v25.0.0-rc.2
- feat: make errdefs.IsXXX helper functions work with wrapped errors

full diff: https://github.com/moby/moby/compare/v25.0.0-rc.1...v25.0.0-rc.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-13 02:08:29 +01:00
Sebastiaan van Stijn 8b6ffbdf77
vendor: github.com/containerd/containerd v1.7.12
- full diff: https://github.com/containerd/containerd/compare/v1.7.11...v1.7.12
- release notes: https://github.com/containerd/containerd/releases/tag/v1.7.12

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-12 19:31:12 +01:00
Sebastiaan van Stijn a5e5563f13
vendor: github.com/docker/docker-credential-helpers v0.8.1
full diff: https://github.com/docker/docker-credential-helpers/compare/v0.8.0...v0.8.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-10 22:35:03 +01:00
Sebastiaan van Stijn 9db56ea2f6
vendor: golang.org/x/tools v0.16.0, golang.org/x/mod v0.14.0
removes dependency on golang.org/x/sys/execabs

full diff:

- https://github.com/golang/tools/compare/v0.10.0...v0.16.0
- https://github.com/golang/mod/compare/v0.11.0...v0.14.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 11:02:26 +01:00
Sebastiaan van Stijn efae960e5a
vendor: golang.org/x/net v0.19.0
drops various code to support go1.17 and older

full diff: https://golang.org/x/net/compare/v0.17.0...v0.19.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:55:39 +01:00
Sebastiaan van Stijn 996cce9098
vendor: golang.org/x/sync v0.6.0
full diff: https://github.com/golang/sync/compare/v0.3.0...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:52:47 +01:00
Sebastiaan van Stijn 4b10e55256
vendor: github.com/google/go-cmp v0.6.0
- removes purego fallbacks

full diff: https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:25:45 +01:00
Sebastiaan van Stijn 1ebc233b4b
vendor: github.com/creack/pty v1.1.21
full diff: https://github.com/creack/pty/compare/v1.18.0...v1.21.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:22:09 +01:00
Sebastiaan van Stijn b4fe77a124
vendor: github.com/docker/go-connections v0.5.0
no diff, as the tag is the same commit as we used already;
https://github.com/docker/go-connections/compare/fa09c952e3ea...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-05 18:25:04 +01:00
Sebastiaan van Stijn b43ea528b8
vendor: github.com/docker/docker v25.0.0-rc.1
full diff: https://github.com/docker/docker/compare/v25.0.0-beta.3...v25.0.0-rc.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-05 13:23:48 +01:00
Sebastiaan van Stijn c1016c05cf
vendor: github.com/mitchellh/mapstructure v1.5.0
note that this repository will be sunset, and the "endorsed" fork will be
maintened by "go-viper"; see [mapstructure#349][1]

[1]: https://github.com/mitchellh/mapstructure/issues/349

full diff: https://github.com/mitchellh/mapstructure/compare/v1.3.2...v1.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-27 17:42:31 +01:00
Sebastiaan van Stijn eed2d9c765
Merge pull request #4742 from thaJeztah/bump_runewidth
vendor: github.com/mattn/go-runewidth v0.0.15
2023-12-27 17:05:40 +01:00
Sebastiaan van Stijn 58524685da
vendor: github.com/mattn/go-runewidth v0.0.15
no code-changes, but project updated CI to test against current
Go versions;

https://github.com/mattn/go-runewidth/compare/v0.0.14...v0.0.15

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-27 10:40:19 +01:00
Sebastiaan van Stijn 1e38fc3b9d
vendor: github.com/klauspost/compress v1.17.4
full diff: https://github.com/klauspost/compress/compare/v1.17.2...v1.17.4

v1.17.4:

- huff0: Speed up symbol counting
- huff0: Remove byteReader
- gzhttp: Allow overriding decompression on transport
- gzhttp: Clamp compression level
- gzip: Error out if reserved bits are set

v1.17.3:

- fse: Fix max header size
- zstd: Improve better/best compression
- gzhttp: Fix missing content type on Close

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-27 10:34:40 +01:00
Sebastiaan van Stijn 0fa3a365f7
vendor: github.com/docker/docker v25.0.0-beta.3
no diff, just the tag (which is the same as the previous commit);
https://github.com/moby/moby/compare/7bc56c53657d...v25.0.0-beta.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-21 16:41:36 +01:00
Albin Kerouanton 336787c50a
vendor: github.com/docker/docker 7bc56c53657d (v25.0.0-dev)
full diff: 388216fc45...7bc56c5365

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-12-20 22:51:51 +01:00
Sebastiaan van Stijn 4d434dc691
vendor: github.com/docker/docker 388216fc45ab (v25.0.0-dev)
full diff: f3cc93630e...388216fc45

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-19 20:11:21 +01:00
Sebastiaan van Stijn 0de84f0190
vendor: golang.org/x/crypto v0.17.0
no changes in vendored files

full diff: https://github.com/golang/crypto/compare/v0.16.0...v0.17.0

from the security mailing:

> Hello gophers,
>
> Version v0.17.0 of golang.org/x/crypto fixes a protocol weakness in the
> golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise
> the integrity of the secure channel before it was established, allowing
> them to prevent transmission of a number of messages immediately after
> the secure channel was established without either side being aware.
>
> The impact of this attack is relatively limited, as it does not compromise
> confidentiality of the channel. Notably this attack would allow an attacker
> to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a
> handful of newer security features.
>
> This protocol weakness was also fixed in OpenSSH 9.6.
>
> Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk from Ruhr
> University Bochum for reporting this issue.
>
> This is CVE-2023-48795 and Go issue https://go.dev/issue/64784.
>
> Cheers,
> Roland on behalf of the Go team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-19 00:35:09 +01:00
Sebastiaan van Stijn 3cf0bf84a5
vendor: golang.org/x/crypto v0.16.0
full diff: https://github.com/golang/crypto/compare/v0.14.0...v0.16.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:47:30 +01:00
Sebastiaan van Stijn 36d4db27d5
vendor: golang.org/x/text v0.14.0
full diff: https://github.com/golang/text/compare/v0.13.0...v0.14.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:46:41 +01:00
Sebastiaan van Stijn 3d70100d5d
vendor: golang.org/x/sys v0.15.0
full diff: https://github.com/golang/sys/compare/v0.13.0...v0.15.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:45:50 +01:00
Sebastiaan van Stijn f63065a58b
vendor: github.com/docker/docker f3cc93630ed8 (v25.0.0-dev)
full diff: https://github.com/docker/docker/compare/v25.0.0-beta.2...f3cc93630ed8138a6775cbf150c6bfb341cb337b

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-13 12:48:42 +01:00
Sebastiaan van Stijn fa1914426d
vendor: github.com/docker/docker v25.0.0-beta.2
No changes, as it's the same commit: https://github.com/docker/docker/compare/92884c25b394...v25.0.0-beta.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-13 12:48:42 +01:00
Sebastiaan van Stijn aec7ec7f61
vendor: github.com/docker/docker 92884c25b394 (v25.0.0-dev)
full diff: 4046ae5e2f...92884c25b3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:57:38 +01:00
Sebastiaan van Stijn 0a3a16d2b4
vendor: github.com/containerd/containerd v1.7.11
full diff: https://github.com/containerd/containerd/compare/v1.7.8...v1.7.11

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:39:14 +01:00
Sebastiaan van Stijn 54c103aff4
vendor: upgrade OpenTelemetry to v1.19.0 / v0.45.0
Upgrade to the latest OpenTelemetry libraries; this will unblock a lot of
downstream projects in the ecosystem to upgrade, as some of the parts here
were pre-1.0/unstable.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:39:08 +01:00
Sebastiaan van Stijn d49970590c
vendor: github.com/felixge/httpsnoop v1.0.4
full diff: https://github.com/felixge/httpsnoop/compare/v1.0.3...v1.0.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:22:47 +01:00
Sebastiaan van Stijn 0cf7bff0be
vendor: github.com/docker/docker 4046ae5e2fd4 (v25.0.0-dev)
full diff: 029519a149...4046ae5e2f

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-06 02:06:38 +01:00