Commit Graph

9231 Commits

Author SHA1 Message Date
David Karlsson 848fe622ce docs: add default-network-opt daemon option
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2023-11-06 10:48:36 +01:00
Sebastiaan van Stijn 9cb175f02a
Merge pull request #4636 from elezar/bump-cdi-dependency
Update container-device-interface to v0.6.2
2023-11-04 13:20:52 +01:00
Evan Lezar 54eee599ba Update container-device-interface to v0.6.2
This includes migrating from the github.com/container-orchestrated-devices
repo to tags.cncf.io.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2023-11-04 01:18:41 +01:00
Sebastiaan van Stijn 814f70749a
Merge pull request #4633 from thaJeztah/bump_engine
vendor: github.com/docker/docker ed1a61dcb789 (v25.0.0-dev)
2023-11-03 16:16:03 +01:00
Sebastiaan van Stijn e088660985
vendor: github.com/docker/docker ed1a61dcb789 (v25.0.0-dev)
full diff: fc4d035e7a...ed1a61dcb7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-03 15:14:07 +01:00
Sebastiaan van Stijn 13d34b21ec
vendor: github.com/containerd/containerd v1.7.8
no changes in vendored files

full diff: https://github.com/containerd/containerd/compare/v1.7.7...v1.7.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:07:54 +01:00
Sebastiaan van Stijn aa24d611bd
vendor: google.golang.org/grpc v1.58.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:07:00 +01:00
Sebastiaan van Stijn 7841493823
vendor: golang.org/x/tools v0.10.0
full diff: https://github.com/golang/tools/compare/v0.8.0...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:06:07 +01:00
Sebastiaan van Stijn 1a0ae8c6b8
vendor: golang.org/x/mod v0.11.0
no changes in vendored files

full diff: https://github.com/golang/mod/compare/v0.10.0...v0.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:01:56 +01:00
Sebastiaan van Stijn a6351d0cd3
Merge pull request #4624 from gabriellavengeo/patch-1
Create codeql.yml
2023-10-26 16:51:12 +02:00
Gabriela Georgieva 39b1d37b3d
Update CodeQL workflow
Signed-off-by: Gabriela Georgieva <gabriela.georgieva@docker.com>
2023-10-26 15:25:48 +02:00
Sebastiaan van Stijn 5fc42fc64e
Merge pull request #4625 from thaJeztah/bump_engine
vendor: github.com/docker/docker fc4d035e7a4e (v25.0.0-dev)
2023-10-26 09:40:51 +02:00
Sebastiaan van Stijn 663a89b7ad
vendor: github.com/docker/docker fc4d035e7a4e (v25.0.0-dev)
full diff: cdb3f9fb8d...fc4d035e7a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:44 +02:00
Sebastiaan van Stijn 6891974ee9
vendor: github.com/opencontainers/image-spec v1.1.0-rc5
full diff: https://github.com/opencontainers/image-spec/compare/v1.1.0-rc4...v1.1.0-rc5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:43 +02:00
Sebastiaan van Stijn 827c404ca0
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230911190601-f082dd7a0cee
no changes in vendored files

full diff: 12f0c246fe...f082dd7a0c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:43 +02:00
Sebastiaan van Stijn 137c495f7b
vendor: github.com/go-logr/logr v1.2.4
full diff: https://github.com/go-logr/logr/compare/v1.2.3...v1.2.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:40 +02:00
Brian Goff dd11de7dbb
Merge pull request #4627 from thaJeztah/bump_compress
vendor: github.com/klauspost/compress v1.17.2
2023-10-25 17:41:02 -07:00
Brian Goff 4f0b466b1b
Merge pull request #4626 from thaJeztah/bump_grpc
vendor: google.golang.org/grpc v1.56.3
2023-10-25 17:39:05 -07:00
Sebastiaan van Stijn 6372c6aae6
vendor: github.com/klauspost/compress v1.17.2
fixes data corruption with zstd output in "best"

- 1.17.2 diff: https://github.com/klauspost/compress/compare/v1.17.1...v1.17.2
- full diff: https://github.com/klauspost/compress/compare/v1.16.5...v1.17.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:14:23 +02:00
Sebastiaan van Stijn 8073525c00
vendor: google.golang.org/grpc v1.56.3
server: prohibit more than MaxConcurrentStreams handlers from running at once
(CVE-2023-44487).

In addition to this change, applications should ensure they do not leave running
tasks behind related to the RPC before returning from method handlers, or should
enforce appropriate limits on any such work.

- https://github.com/grpc/grpc-go/compare/v1.56.2...v1.56.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:11:12 +02:00
Sebastiaan van Stijn 39e1de95ab
Merge pull request #4620 from thaJeztah/bump_golangci_lint
update to golangci-lint v1.55.0
2023-10-24 13:34:42 +02:00
Sebastiaan van Stijn b7b5b31a7e
update to golangci-lint v1.55.0
release notes:
https://github.com/golangci/golangci-lint/releases/tag/v1.55.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-24 11:10:53 +02:00
Sebastiaan van Stijn 9e1f8d646e
image/build: use "nolint" comment to work around gosec regression
Latest gosec linter has a regression in parsing "nosec" comments;
see https://github.com/securego/gosec/issues/1046

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-24 11:10:51 +02:00
Sebastiaan van Stijn 8bf53ab011
Merge pull request #4619 from thaJeztah/nodot
cli/command: remove dot-imports and unhandled errors, and fix TestSwarmUpdate
2023-10-24 11:10:15 +02:00
Sebastiaan van Stijn 2294b17e7d
cli/command/network: runCreate: inline types.NetworkCreate
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-23 18:33:26 +02:00
Sebastiaan van Stijn cdba442d00
Merge pull request #4613 from achneerov/feature/937-remove-dead-link
Removed broken link
2023-10-23 16:02:09 +02:00
Sebastiaan van Stijn 594aeb390a
cli/command: remove dot-imports and unhandled errors
Please the linters in preparation of updating golangci-lint;

- remove dot-imports
- add some checks for unhandled errors
- replace some fixed-value variables for consts

    cli/command/image/build/context.go:238:17: G107: Potential HTTP request made with variable url (gosec)
        if resp, err = http.Get(url); err != nil {
                       ^
    cli/command/idresolver/idresolver_test.go:7:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/registry_test.go:7:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/cli/command" // Prevents a circular import with "github.com/docker/cli/internal/test"
        ^
    cli/command/task/print_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/swarm/update_test.go:10:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/swarm/unlock_key_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/swarm/join_token_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/node/list_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/node/promote_test.go:8:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/node/demote_test.go:8:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package functions
        ^
    cli/command/node/ps_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/node/update_test.go:8:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/node/inspect_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package functions
        ^
    cli/command/secret/ls_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/secret/inspect_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/volume/inspect_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/volume/list_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/config/inspect_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/config/ls_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/network/list_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders"
        ^
    cli/command/container/list_test.go:10:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/service/list_test.go:12:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders"
        ^
    cli/command/service/client_test.go:6:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/stack/list_test.go:8:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/stack/services_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/stack/ps_test.go:10:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-23 15:21:47 +02:00
Sebastiaan van Stijn b08e34b9f9
swarm: TestSwarmUpdate: remove non-existing "--quiet" flag
The `docker swarm update` copmmand does not have a `--quiet` flag, but this
test was trying to set it.

    docker swarm update --help

    Usage:  docker swarm update [OPTIONS]

    Update the swarm

    Options:
          --autolock                        Change manager autolocking setting (true|false)
          --cert-expiry duration            Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s)
          --dispatcher-heartbeat duration   Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s)
          --external-ca external-ca         Specifications of one or more certificate signing endpoints
          --max-snapshots uint              Number of additional Raft snapshots to retain
          --snapshot-interval uint          Number of log entries between Raft snapshots (default 10000)
          --task-history-limit int          Task history retention limit (default 5)

The test didn't catch this issue, because errors when setting the flag were
not handled, so also adding error-handling;

    === Failed
    === FAIL: cli/command/swarm TestSwarmUpdate (0.00s)
        update_test.go:177: assertion failed: error is not nil: no such flag -quiet

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-23 15:21:29 +02:00
Sebastiaan van Stijn 9e54fa48ec
Merge pull request #4616 from thaJeztah/bump_gotest_tools
vendor: gotest.tools/v3 v3.5.1
2023-10-23 12:04:44 +02:00
Brian Goff 60b5508c94
Merge pull request #4611 from thaJeztah/stack_start_interval_carry
stacks: Add schema 3.12, and add support for start interval
2023-10-20 11:04:47 -07:00
Brian Goff defa52b8c6
stacks: Add support for start interval
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-20 18:42:59 +02:00
Sebastiaan van Stijn 9df7be5d5e
cli/compose: add schema 3.12 (no changes with 3.11 yet)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-20 18:42:55 +02:00
Sebastiaan van Stijn 3e5f6badcb
Merge pull request #4610 from thaJeztah/compose_golden
cli/compose/loader: use gotest.tools/v3/golden
2023-10-20 18:41:33 +02:00
Sebastiaan van Stijn 7a2ea5c536
vendor: gotest.tools/v3 v3.5.1
full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.5.0..v3.5.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-20 17:39:10 +02:00
Sebastiaan van Stijn f2fced4876
cli/compose/loader: remove platform-specific path handling
Paths in the advanced / compose-file format are not converted
to be platform-specific, so for these tests, it should not be
needed to convert the paths to be Windows-paths.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-20 17:09:03 +02:00
Sebastiaan van Stijn 74990623e5
cli/compose/loader: use gotest.tools/v3/golden
use the golden utility instead of self-crafting expected output,
this allows automaticaly updating the expected output.

This change does break this specific test on Windows due to platform-
specific paths. Other tests already have this issue on Windows, so
skipping the test for now.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-20 17:08:58 +02:00
Sebastiaan van Stijn 4d6cf135a3
Merge pull request #4614 from sam-thibault/cli-issue-502
Add docker ps status descriptions
2023-10-20 12:51:29 +02:00
Sam Thibault 8bf121c3bc
Add docker ps status descriptions
Signed-off-by: Sam Thibault <sam.thibault@docker.com>
2023-10-20 12:43:16 +02:00
achneerov a252a106cd - What I did
Removed broken link in #937
- How I did it
	Removed first section of CONTRIBUTING.md
- How to verify it
	Check CONTRIBUTING.md
- Description for the changelog
	Removed broken link in contributing to Docker documentation.
A picture of a cute animal (not mandatory but encouraged)
Closes #937

Signed-off-by: achneerov <achneerov@gmail.com>
2023-10-19 16:10:27 -04:00
Sebastiaan van Stijn 8743ffda39
Merge pull request #4605 from thaJeztah/update_engine
vendor: github.com/docker/docker cdb3f9fb8dca (v25.0.0-dev)
2023-10-16 12:04:10 +02:00
Akihiro Suda 74bace156c
docs: add `bind-recursive` mount option
Follow-up to PR 4316

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-10-16 10:15:40 +09:00
Sebastiaan van Stijn 46d0ba20f1
vendor: github.com/docker/docker cdb3f9fb8dca (v25.0.0-dev)
full diff: d3afa80b96...cdb3f9fb8d

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 22:09:04 +02:00
Sebastiaan van Stijn 3441151e07
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230823155524-12f0c246fed0
full diff: bc71908479...12f0c246fe

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 21:40:09 +02:00
Sebastiaan van Stijn 412ebb6771
vendor: github.com/containerd/containerd v1.7.7
full diff: https://github.com/containerd/containerd/compare/v1.6.24..v1.7.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 21:39:50 +02:00
Sebastiaan van Stijn 78eaac75cc
vendor: update OTEL dependencies
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 21:38:21 +02:00
Sebastiaan van Stijn 8890a38d42
Merge pull request #4604 from thaJeztah/x_net_17
vendor: golang.org/x/net v0.17.0
2023-10-13 21:08:44 +02:00
Sebastiaan van Stijn a27466fb6f
vendor: golang.org/x/net v0.17.0
full diff: https://github.com/golang/net/compare/v0.10.0...v0.17.0

This fixes the same CVE as go1.21.3 and go1.20.10;

- net/http: rapid stream resets can cause excessive work

  A malicious HTTP/2 client which rapidly creates requests and
  immediately resets them can cause excessive server resource consumption.
  While the total number of requests is bounded to the
  http2.Server.MaxConcurrentStreams setting, resetting an in-progress
  request allows the attacker to create a new request while the existing
  one is still executing.

  HTTP/2 servers now bound the number of simultaneously executing
  handler goroutines to the stream concurrency limit. New requests
  arriving when at the limit (which can only happen after the client
  has reset an existing, in-flight request) will be queued until a
  handler exits. If the request queue grows too large, the server
  will terminate the connection.

  This issue is also fixed in golang.org/x/net/http2 v0.17.0,
  for users manually configuring HTTP/2.

  The default stream concurrency limit is 250 streams (requests)
  per HTTP/2 connection. This value may be adjusted using the
  golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
  setting and the ConfigureServer function.

  This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
  This is also tracked by CVE-2023-44487.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:56:02 +02:00
Sebastiaan van Stijn 612a171557
vendor: golang.org/x/crypto v0.14.0
full diff: https://github.com/golang/crypto/compare/v0.9.0...v0.14.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:55:22 +02:00
Sebastiaan van Stijn 392db31e2a
vendor: golang.org/x/term v0.13.0
- term: consistently return zeroes on GetSize error

full diff: https://github.com/golang/term/compare/v0.8.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:53:19 +02:00
Sebastiaan van Stijn ac307788a6
vendor: golang.org/x/text v0.13.0
full diff: https://github.com/golang/text/compare/v0.9.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:50:23 +02:00