Commit Graph

389 Commits

Author SHA1 Message Date
Sebastiaan van Stijn adadd5472e
vendor: github.com/prometheus/client_golang v1.11.0
un-pin the dependency to let go modules resolve the version

full diff: https://github.com/prometheus/client_golang/compare/v1.6.0...v1.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 13:57:15 +01:00
Sebastiaan van Stijn 7408799ec3
vendor: github.com/prometheus/procfs v0.7.3
un-pinning the dependency to let go modules resolve the version to use.

full diff: https://github.com/prometheus/procfs/compare/v0.0.11...v0.7.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 13:47:51 +01:00
Sebastiaan van Stijn 29f799aae7
vendor: github.com/containerd/containerd v1.6.2
full diff: https://github.com/containerd/containerd/compare/v1.5.10...v1.6.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 13:37:29 +01:00
Sebastiaan van Stijn b2cef834fb
vendor: google.golang.org/grpc v1.44.0
full diff: https://github.com/grpc/grpc-go/compare/v1.38.0...v1.44.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 13:31:10 +01:00
Sebastiaan van Stijn bc2c8d7599
vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
full diff: 5770296d90...3147a52a75

This version contains a fix for CVE-2022-27191 (not sure if it affects us).

From the golang mailing list:

    Hello gophers,

    Version v0.0.0-20220315160706-3147a52a75dd of golang.org/x/crypto/ssh implements
    client authentication support for signature algorithms based on SHA-2 for use with
    existing RSA keys.

    Previously, a client would fail to authenticate with RSA keys to servers that
    reject signature algorithms based on SHA-1. This includes OpenSSH 8.8 by default
    and—starting today March 15, 2022 for recently uploaded keys.

    We are providing this announcement as the error (“ssh: unable to authenticate”)
    might otherwise be difficult to troubleshoot.

    Version v0.0.0-20220314234659-1baeb1ce4c0b (included in the version above) also
    fixes a potential security issue where an attacker could cause a crash in a
    golang.org/x/crypto/ssh server under these conditions:

    - The server has been configured by passing a Signer to ServerConfig.AddHostKey.
    - The Signer passed to AddHostKey does not also implement AlgorithmSigner.
    - The Signer passed to AddHostKey does return a key of type “ssh-rsa” from its PublicKey method.

    Servers that only use Signer implementations provided by the ssh package are
    unaffected. This is CVE-2022-27191.

    Alla prossima,

    Filippo for the Go Security team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 14:03:33 +01:00
Sebastiaan van Stijn 4f118c7636
vendor: github.com/docker/swarmkit 616e8db4c3b0
full diff: 3629f50980...616e8db4c3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:39:52 +01:00
Sebastiaan van Stijn 02a06cf9aa
vendor: golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
intermediate bump for easier review

full diff: 3af7569d3a...1f47c861a9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:25:40 +01:00
Sebastiaan van Stijn bc54802f5e
vendor: golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b
full diff: 7de9c90e9d...6886f2dfbf

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:24:03 +01:00
Sebastiaan van Stijn 56f51a35c1
vendor: golang.org/x/crypto v0.0.0-20211202192323-5770296d904e
intermediate bump for easier review

full diff: 5770296d90...5770296d90

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:22:18 +01:00
Sebastiaan van Stijn 1bb2591444
vendor: golang.org/x/net v0.0.0-20211216030914-fe4d6282115f
intermediate bump for easier review

full diff: e18ecbb051...fe4d628211

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:21:39 +01:00
Sebastiaan van Stijn ce2e036ad4
vendor: github.com/opencontainers/runc v1.1.0
intermediate bump for easier review

full diff: https://github.com/opencontainers/runc/compare/v1.0.3...v1.1.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:19:05 +01:00
Sebastiaan van Stijn fdbb5953a6
vendor: github.com/klauspost/compress v1.15.0
intermediate bump for easier review

full diff: https://github.com/klauspost/compress/compare/v1.14.3...v1.15.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:18:59 +01:00
Sebastiaan van Stijn 2b7cb5b1bf
vendor: github.com/cespare/xxhash v2.1.2
intermediate bump for easier review

full diff: https://github.com/cespare/xxhash/compare/v2.1.1...v2.1.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-16 15:15:00 +01:00
Sebastiaan van Stijn dc9e069ff2
vendor: github.com/docker/docker v20.10.3-0.20220309172631-83b51522df43
Changed `matcher.Matches(file)` to `matcher.MatchesOrParentMatches(file)`:

    cli/command/image/build/context.go:95:9: SA1019: matcher.Matches is deprecated: This implementation is buggy (it only checks a single parent dir against the pattern) and will be removed soon. Use either MatchesOrParentMatches or MatchesUsingParentResults instead.  (staticcheck)
        return matcher.Matches(file)
               ^

And updated a test to match the JSON omitting empty RootFS.Type fields (in
practice, this field should never be empty in real situations, and always
be "layer"). Changed the test to use subtests to easier find which case
is failing.

full diff: 343665850e...83b51522df

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:45:37 +01:00
Sebastiaan van Stijn e90cb75152
vendor: github.com/docker/distribution v2.8.1
full diff: https://github.com/docker/distribution/compare/0d3efadf0154...v2.8.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:20:28 +01:00
Sebastiaan van Stijn 30e47e5a04
vendor: github.com/prometheus/common v0.10.0
full diff: https://github.com/prometheus/common/compare/v0.9.1...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:17:15 +01:00
Sebastiaan van Stijn 576e4dce44
vendor: golang.org/x/text v0.3.7
full diff: https://github.com/golang/text/compare/v0.3.4...v0.3.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:17:13 +01:00
Sebastiaan van Stijn 7880acb052
vendor: golang.org/x/sys v0.0.0-20220114195835-da31bd327af9
full diff: 69cdffdb93...da31bd327a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:17:12 +01:00
Sebastiaan van Stijn 6da0fc299d
vendor: github.com/moby/sys/signal v0.7.0
full diff: https://github.com/moby/sys/signal/compare/v0.6.0...v0.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:17:10 +01:00
Sebastiaan van Stijn 4adea808ce
vendor: github.com/google/go-cmp v0.5.7
full diff: https://github.com/google/go-cmp/compare/v0.5.5...v0.5.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:17:07 +01:00
Sebastiaan van Stijn 12b06fa375
vendor: github.com/coreos/etcd v3.3.27
no changes in vendored files

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:17:02 +01:00
Sebastiaan van Stijn 16554e999a
vendor: github.com/containerd/containerd v1.5.10
full diff: https://github.com/containerd/containerd/compare/v1.5.5...v1.5.10

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 18:15:40 +01:00
Sebastiaan van Stijn fe8a12c621
vendor: github.com/opencontainers/image-spec v1.0.2
full diff: https://github.com/opencontainers/image-spec/compare/v1.0.1...v1.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 17:50:50 +01:00
Sebastiaan van Stijn 3669aa3518
vendor: github.com/Microsoft/go-winio v0.5.1
full diff: https://github.com/Microsoft/go-winio/compare/v0.4.19...v0.5.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 17:50:47 +01:00
Sebastiaan van Stijn 398026d310
vendor: gotest.tools/v3 v3.1.0
full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.0.3...v3.1.0

noteworthy changes:

- ci: add go1.16
- ci: add go1.17, remove go1.13
- golden: only create dir if update flag is set
- icmd: replace all usages of os/exec with golang.org/x/sys/execabs
- assert: ErrorIs
- fs: add DirFromPath
- Stop creating directory outside of testdata
- fs: Fix comparing symlink permissions

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-02 00:30:46 +01:00
Sebastiaan van Stijn 58747a6316
vendor: github.com/google/go-cmp v0.5.5
it was downgraded to v0.2.0, but should be safe to upgrade

full diff: https://github.com/google/go-cmp/compare/v0.2.0...v0.5.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 16:34:33 +01:00
Sebastiaan van Stijn 9f0430b8fb
vendor: remove redundant replace rules
These dependencies were either unused, or go modules already resolved them
to the same version as specified in the replace rule, so those could be
removed.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 16:31:30 +01:00
Sebastiaan van Stijn 5b92563338
vendor: move github.com/moby/sys packages to "requires" ("indirect")
These were an "upgrade" not a "downgrade" (It was put in vendor.conf
to push it ahead of the version resolved by go mod). Let's move it
to the "requires" section as an indirect, that way it will dissolve
once other modules require this version or up.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 16:01:48 +01:00
Sebastiaan van Stijn 8a3e3b22a7
vendor: gotest.tools/v3 v3.0.3
https://github.com/gotestyourself/gotest.tools/compare/v3.0.2...v3.0.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 15:50:32 +01:00
Sebastiaan van Stijn 20b5dfa591
vendor: gopkg.in/yaml.v2 v2.4.0
full diff: https://github.com/go-yaml/yaml/compare/v2.2.8...v2.4.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 15:46:53 +01:00
Sebastiaan van Stijn a26de1de0f
vendor: golang.org/x/text v0.3.4
remove the replace rule to update it to the actual version specified:

full diff: https://github.com/golang/text/compare/v0.3.3...v0.3.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 15:40:16 +01:00
Sebastiaan van Stijn 7917946a5c
vendor: golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
remove the replace rule to use the actual version (no changes in vendored code)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 15:37:48 +01:00
Sebastiaan van Stijn 109cc4ea4f
vendor: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
remove the replace rule to update it to the actual version specified:

full diff: 63515b42dc...69cdffdb93

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 15:35:55 +01:00
Sebastiaan van Stijn 25366b6a52
vendor: remove replace rules for k8s.io packages
They're no longer used, so we can remove the replace rules.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 15:15:27 +01:00
CrazyMax 7dc35c03fc
validate manpages target
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-02-25 17:11:17 +01:00
Nicolas De Loof 7b9580df51 Drop support for (archived) Compose-on-Kubernetes
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2022-02-22 13:47:34 +01:00
Sebastiaan van Stijn a3c1314968
vendor: compose-on-kubernetes v0.5.0 to remove use of github.com/golang/glog
glog has the same issue as k8s.io/klog, and is calling `user.Current()`
inside an `init()`; see 466fbb6507

Calling `user.Current()` on Windows can result in remove connections being
made to get the user's information, which can be a heavy call. See https://github.com/docker/cli/issues/2420

glog was only used in a single location in compose-on-kubernetes, so we may as
well remove it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 14:54:51 +01:00
CrazyMax 6fef143dbc
Set buildx as default builder
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-02-03 10:38:05 +01:00
CrazyMax 7e560ae76f
vendor with go mod
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2021-12-16 21:16:01 +01:00