Commit Graph

8923 Commits

Author SHA1 Message Date
Sebastiaan van Stijn c05bf59c7d
Merge pull request #4848 from thaJeztah/24.0_vendor_docker_24.0.9
[24.0] vendor: github.com/docker/docker v24.0.9
2024-02-07 10:47:03 +01:00
Sebastiaan van Stijn 0bf165cbcd
vendor: github.com/docker/docker v24.0.9
no changes in vendored code

full diff: https://github.com/docker/docker/compare/v24.0.8....v24.0.9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-03 11:55:41 +01:00
Brian Goff 2936816130
Merge pull request #4840 from thaJeztah/24.0_vendor_runc_1.1.12
[24.0] vendor: github.com/opencontainers/runc v1.1.12
2024-01-31 12:53:14 -08:00
Sebastiaan van Stijn 50a008a288
vendor: github.com/opencontainers/runc v1.1.12
no changes in vendored code

- release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.12
- full diff: https://github.com/opencontainers/runc/compare/v1.1.11...v1.1.12

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-31 21:30:49 +01:00
Brian Goff 07d335afb2
Merge pull request #4838 from thaJeztah/24.0_vendor_runc_v1.1.11
[24.0] vendor: github.com/docker/docker v24.0.8
2024-01-31 12:07:26 -08:00
Sebastiaan van Stijn 3e7d90796c
vendor: github.com/docker/docker v24.0.8
- Ensure that non-JSON-parsing errors are returned to the caller
- pkg/idtools: remove sync.Once, and include lookup error
- pkg/ioutils: Make subsequent Close attempts noop

full diff: https://github.com/docker/docker/compare/v24.0.7...v24.0.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-31 15:47:20 +01:00
Sebastiaan van Stijn 979eeaa248
vendor: github.com/opencontainers/runc v1.1.11
full diff: https://github.com/opencontainers/runc/compare/v1.1.7...v1.1.11

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-31 15:39:59 +01:00
Sebastiaan van Stijn e0dfb46e22
Merge pull request #4829 from thaJeztah/24.0_backport_go_compat
[24.0 backport] add //go:build directives to prevent downgrading to go1.16 language
2024-01-25 15:19:29 +01:00
Sebastiaan van Stijn ca4e8ebdbd
add //go:build directives to prevent downgrading to go1.16 language
This is a follow-up to 0e73168b7e

This repository is not yet a module (i.e., does not have a `go.mod`). This
is not problematic when building the code in GOPATH or "vendor" mode, but
when using the code as a module-dependency (in module-mode), different semantics
are applied since Go1.21, which switches Go _language versions_ on a per-module,
per-package, or even per-file base.

A condensed summary of that logic [is as follows][1]:

- For modules that have a go.mod containing a go version directive; that
  version is considered a minimum _required_ version (starting with the
  go1.19.13 and go1.20.8 patch releases: before those, it was only a
  recommendation).
- For dependencies that don't have a go.mod (not a module), go language
  version go1.16 is assumed.
- Likewise, for modules that have a go.mod, but the file does not have a
  go version directive, go language version go1.16 is assumed.
- If a go.work file is present, but does not have a go version directive,
  language version go1.17 is assumed.

When switching language versions, Go _downgrades_ the language version,
which means that language features (such as generics, and `any`) are not
available, and compilation fails. For example:

    # github.com/docker/cli/cli/context/store
    /go/pkg/mod/github.com/docker/cli@v25.0.0-beta.2+incompatible/cli/context/store/storeconfig.go:6:24: predeclared any requires go1.18 or later (-lang was set to go1.16; check go.mod)
    /go/pkg/mod/github.com/docker/cli@v25.0.0-beta.2+incompatible/cli/context/store/store.go:74:12: predeclared any requires go1.18 or later (-lang was set to go1.16; check go.mod)

Note that these fallbacks are per-module, per-package, and can even be
per-file, so _(indirect) dependencies_ can still use modern language
features, as long as their respective go.mod has a version specified.

Unfortunately, these failures do not occur when building locally (using
vendor / GOPATH mode), but will affect consumers of the module.

Obviously, this situation is not ideal, and the ultimate solution is to
move to go modules (add a go.mod), but this comes with a non-insignificant
risk in other areas (due to our complex dependency tree).

We can revert to using go1.16 language features only, but this may be
limiting, and may still be problematic when (e.g.) matching signatures
of dependencies.

There is an escape hatch: adding a `//go:build` directive to files that
make use of go language features. From the [go toolchain docs][2]:

> The go line for each module sets the language version the compiler enforces
> when compiling packages in that module. The language version can be changed
> on a per-file basis by using a build constraint.
>
> For example, a module containing code that uses the Go 1.21 language version
> should have a `go.mod` file with a go line such as `go 1.21` or `go 1.21.3`.
> If a specific source file should be compiled only when using a newer Go
> toolchain, adding `//go:build go1.22` to that source file both ensures that
> only Go 1.22 and newer toolchains will compile the file and also changes
> the language version in that file to Go 1.22.

This patch adds `//go:build` directives to those files using recent additions
to the language. It's currently using go1.19 as version to match the version
in our "vendor.mod", but we can consider being more permissive ("any" requires
go1.18 or up), or more "optimistic" (force go1.21, which is the version we
currently use to build).

For completeness sake, note that any file _without_ a `//go:build` directive
will continue to use go1.16 language version when used as a module.

[1]: 58c28ba286/src/cmd/go/internal/gover/version.go (L9-L56)
[2]; https://go.dev/doc/toolchain#:~:text=The%20go%20line%20for,file%20to%20Go%201.22

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 70216b662d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-25 14:34:59 +01:00
Sebastiaan van Stijn d44992a3de
Merge pull request #4827 from thaJeztah/24.0_update_engine
[24.0] vendor: github.com/docker/docker v24.0.7
2024-01-25 11:40:56 +01:00
Sebastiaan van Stijn 41e3a4ce1f
vendor: github.com/docker/docker v24.0.7
- api/types/versions: rename max/min as it collides with go1.21 builtin
- full diff: https://github.com/docker/cli/compare/v24.0.6...v24.0.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-25 10:52:36 +01:00
Sebastiaan van Stijn 6bce8001c0
Merge pull request #4826 from thaJeztah/24.0_update_golang_1.20.13
[24.0] update to go1.20.13
2024-01-24 16:52:19 +01:00
Sebastiaan van Stijn 02d2f482da
Merge pull request #4824 from thaJeztah/24.0_backport_4653-fix-credential-helper
[24.0 backport] Fix setting ServerAddress property in NativeStore
2024-01-24 16:52:01 +01:00
Sebastiaan van Stijn 27f03ce8e1
update to go1.20.13
go1.20.13 (released 2024-01-09) includes fixes to the runtime and the crypto/tls
package. See the Go 1.20.13 milestone on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.20.13+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.20.12...go1.20.13

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-24 16:08:00 +01:00
Eric Bode bda52bd5c2
Fix setting ServerAddress property in NativeStore
This will return the ServerAddress property when using the NativeStore.
This happens when you use docker credential helpers, not the credential
store.

The reason this fix is needed is because it needs to be propagated
properly down towards `moby/moby` project in the following logic:

```golang
func authorizationCredsFromAuthConfig(authConfig registrytypes.AuthConfig) docker.AuthorizerOpt {
	cfgHost := registry.ConvertToHostname(authConfig.ServerAddress)
	if cfgHost == "" || cfgHost == registry.IndexHostname {
		cfgHost = registry.DefaultRegistryHost
	}

	return docker.WithAuthCreds(func(host string) (string, string, error) {
		if cfgHost != host {
			logrus.WithFields(logrus.Fields{
				"host":    host,
				"cfgHost": cfgHost,
			}).Warn("Host doesn't match")
			return "", "", nil
		}
		if authConfig.IdentityToken != "" {
			return "", authConfig.IdentityToken, nil
		}
		return authConfig.Username, authConfig.Password, nil
	})
}
```
This logic resides in the following file :
`daemon/containerd/resolver.go` .

In the case when using the containerd storage feature when setting the
`cfgHost` variable from the `authConfig.ServerAddress` it will always be
empty. Since it will never be returned from the NativeStore currently.
Therefore Docker Hub images will work fine, but anything else will fail
since the `cfgHost` will always be the `registry.DefaultRegistryHost`.

Signed-off-by: Eric Bode <eric.bode@foundries.io>
(cherry picked from commit b24e7f85a4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-24 15:44:59 +01:00
Sebastiaan van Stijn bb3e6c03e4
Merge pull request #4768 from thaJeztah/24.0_backport_update_alpine_3.18
[24.0 backport] Dockerfile: update ALPINE_VERSION to 3.18
2024-01-10 15:10:38 +01:00
Sebastiaan van Stijn 6bb590f0b9
Dockerfile: update ALPINE_VERSION to 3.18
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6a74a63ee2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-10 14:21:52 +01:00
Sebastiaan van Stijn b0c5946ba5
Merge pull request #4750 from dvdksn/24.0_backport_docs-cli-format-example-links
[24.0 backport] docs: add links to volume ls, network ls, stack ps formatting examples
2024-01-03 17:22:25 +01:00
David Karlsson bff22cbacf docs: add links to volume ls, network ls, stack ps formatting examples
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 878b1c55b7)
2024-01-03 17:05:27 +01:00
Sebastiaan van Stijn 0f82fd8861
Merge pull request #4710 from thaJeztah/24.0_backport_deprecated
[24.0 backport] docs/deprecated: add missing versions for "-g / --graph", and mark logentries log-driver for removal
2023-12-13 10:43:40 +01:00
Sebastiaan van Stijn f8b1e75618
docs/deprecated: mark logentries log-driver for removal
The service has been discontinued on November 15, 2022:

> Dear Logentries user,
>
> We have identified you as the owner of, or collaborator of, a Logentries
> account.
>
> The Logentries service will be discontinued on November 15th, 2022. This
> means that your Logentries account access will be removed and all your
> log data will be permanently deleted on this date.
>
> Next Steps
> If you are interested in an alternative Rapid7 log management solution,
> InsightOps will be available for purchase through December 16th, 2022.
> Please note, there is no support to migrate your existing Logentries
> account to InsightOps.
>
> Thank you for being a valued user of Logentries.
>
> Thank you,
> Rapid7 Customer Success

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c1a1a920fc96a638ba40573908d15f252631264b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-13 10:00:16 +01:00
Sebastiaan van Stijn 7ba6984ec6
docs/deprecated.md: add version for "-g" / "--graph" removal
commit 304c100ed2 updated the deprecation
status for these options, but forgot to update the status in the table.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3f519b8241)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-13 09:57:26 +01:00
Sebastiaan van Stijn fb2f337bc1
Merge pull request #4706 from thaJeztah/24.0_backport_docs
[24.0 backport] assorted documentation updates
2023-12-11 22:03:10 +01:00
Per Lundberg a976e5084a
exec.md: remove misleading part
"By default" implies that this is something which could be
disabled for an individual `docker exec` call. This doesn't seem
to be the case, so removing the "by default" part would make
these docs clearer to me.

Signed-off-by: Per Lundberg <per.lundberg@hibox.tv>
(cherry picked from commit a431b1dda6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-11 21:52:34 +01:00
TheRealGramdalf 3ab117e7cd
Fix typo in dockerd reference documentation
Signed-off-by: Graeme Wiebe <graeme.wiebe@gmail.com>
(cherry picked from commit e93ec2f6a6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-11 21:52:22 +01:00
Sebastiaan van Stijn f9cdb6f96a
docs: update debian examples to use bookworm
"bullseye" is no longer the "latest" debian, so these
examples were now incorrect.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6468c63c81)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-11 21:51:18 +01:00
Hugo Chastel 13a7d571a1
Add zstd as supported in load command doc
Signed-off-by: Hugo Chastel <Hugo-C@users.noreply.github.com>
(cherry picked from commit f387558b55)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-11 21:51:06 +01:00
saurabh 55cec698b7
--env-file about comments doc updated
Signed-off-by: Saurabh Kumar <saurabhkumar0184@gmail.com>

(cherry picked from commit efc9236794)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-11 21:50:52 +01:00
Sebastiaan van Stijn 9df8eb2b9c
docs: update redirect metadata for hugo
docs.docker.com switched from Jekyll to Hugo, which uses "aliases"
instead of "redirect_from".

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 07338fe965)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-11 21:50:38 +01:00
Sebastiaan van Stijn f5a9aabe74
Merge pull request #4695 from thaJeztah/24.0_update_golang_1.20.12
[24.0] update to go1.20.12
2023-12-07 17:40:21 +01:00
Sebastiaan van Stijn cda067a175
update to go1.20.12
go1.20.12 (released 2023-12-05) includes security fixes to the go command,
and the net/http and path/filepath packages, as well as bug fixes to the
compiler and the go command. See the Go 1.20.12 milestone on our issue
tracker for details.

- https://github.com/golang/go/issues?q=milestone%3AGo1.20.12+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.20.11...go1.20.12

from the security mailing:

[security] Go 1.21.5 and Go 1.20.12 are released

Hello gophers,

We have just released Go versions 1.21.5 and 1.20.12, minor point releases.

These minor releases include 3 security fixes following the security policy:

- net/http: limit chunked data overhead

  A malicious HTTP sender can use chunk extensions to cause a receiver
  reading from a request or response body to read many more bytes from
  the network than are in the body.

  A malicious HTTP client can further exploit this to cause a server to
  automatically read a large amount of data (up to about 1GiB) when a
  handler fails to read the entire body of a request.

  Chunk extensions are a little-used HTTP feature which permit including
  additional metadata in a request or response body sent using the chunked
  encoding. The net/http chunked encoding reader discards this metadata.
  A sender can exploit this by inserting a large metadata segment with
  each byte transferred. The chunk reader now produces an error if the
  ratio of real body to encoded bytes grows too small.

  Thanks to Bartek Nowotarski for reporting this issue.

  This is CVE-2023-39326 and Go issue https://go.dev/issue/64433.

- cmd/go: go get may unexpectedly fallback to insecure git

  Using go get to fetch a module with the ".git" suffix may unexpectedly
  fallback to the insecure "git://" protocol if the module is unavailable
  via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE
  is not set for said module. This only affects users who are not using
  the module proxy and are fetching modules directly (i.e. GOPROXY=off).

  Thanks to David Leadbeater for reporting this issue.

  This is CVE-2023-45285 and Go issue https://go.dev/issue/63845.

- path/filepath: retain trailing \ when cleaning paths like \\?\c:\

  Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the
  volume name in Windows paths starting with \\?\, resulting in
  filepath.Clean(\\?\c:\) returning \\?\c: rather than \\?\c:\ (among
  other effects). The previous behavior has been restored.

  This is an update to CVE-2023-45283 and Go issue https://go.dev/issue/64028.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-06 01:41:51 +01:00
Sebastiaan van Stijn 998d2e8d78
update to go1.20.11
go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath
package, as well as bug fixes to the linker and the net/http package. See the
Go 1.20.11 milestone on our issue tracker for details:

- https://github.com/golang/go/issues?q=milestone%3AGo1.20.11+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.20.10...go1.20.11

from the security mailing:

[security] Go 1.21.4 and Go 1.20.11 are released

Hello gophers,

We have just released Go versions 1.21.4 and 1.20.11, minor point releases.

These minor releases include 2 security fixes following the security policy:

- path/filepath: recognize `\??\` as a Root Local Device path prefix.

  On Windows, a path beginning with `\??\` is a Root Local Device path equivalent
  to a path beginning with `\\?\`. Paths with a `\??\` prefix may be used to
  access arbitrary locations on the system. For example, the path `\??\c:\x`
  is equivalent to the more common path c:\x.

  The filepath package did not recognize paths with a `\??\` prefix as special.

  Clean could convert a rooted path such as `\a\..\??\b` into
  the root local device path `\??\b`. It will now convert this
  path into `.\??\b`.

  `IsAbs` did not report paths beginning with `\??\` as absolute.
  It now does so.

  VolumeName now reports the `\??\` prefix as a volume name.

  `Join(`\`, `??`, `b`)` could convert a seemingly innocent
  sequence of path elements into the root local device path
  `\??\b`. It will now convert this to `\.\??\b`.

  This is CVE-2023-45283 and https://go.dev/issue/63713.

- path/filepath: recognize device names with trailing spaces and superscripts

  The `IsLocal` function did not correctly detect reserved names in some cases:

  - reserved names followed by spaces, such as "COM1 ".
  - "COM" or "LPT" followed by a superscript 1, 2, or 3.

  `IsLocal` now correctly reports these names as non-local.

  This is CVE-2023-45284 and https://go.dev/issue/63713.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-06 01:41:18 +01:00
Sebastiaan van Stijn 65bc42b4af
Merge pull request #4682 from thaJeztah/24.0_backport_noraw
[24.0 backport] docs: remove "{% raw %}" / "{% endraw %}" Jekyl (liquid) leftovers
2023-11-28 10:26:40 +01:00
Sebastiaan van Stijn 00dbc19cab
Merge pull request #4680 from thaJeztah/24.0_backport_fix_flag_typo
[24.0 backport] docs/man: fix -name flag with single hyphen
2023-11-27 22:12:19 +01:00
Sebastiaan van Stijn 207d9edaa7
docs: reference/commandlin/cli: remove redundant italic
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 354f62f0c5)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-27 22:06:20 +01:00
Sebastiaan van Stijn e799792d8a
docs: remove "{% raw %}" / "{% endraw %}" Jekyl (liquid) leftovers
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e2626200aa)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-27 22:06:20 +01:00
Sebastiaan van Stijn 327b84fcbf
docs/man: fix -name flag with single hyphen
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 174cbb588f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-27 21:00:38 +01:00
Sebastiaan van Stijn 48ec4f339e
Merge pull request #4639 from dvdksn/backport_dockerd-default-nw-opt
[24.0 Backport] docs: add default-network-opt daemon option
2023-11-06 13:31:52 +01:00
David Karlsson 88a745999d docs: add default-network-opt daemon option
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
(cherry picked from commit 848fe622ce)
2023-11-06 13:23:17 +01:00
Sebastiaan van Stijn afdd53b4e3
Merge pull request #4629 from thaJeztah/24.0_update_engine
[24.0] vendor: github.com/docker/docker v24.0.6
2023-10-26 09:06:42 +02:00
Brian Goff 12c309fe91
Merge pull request #4628 from thaJeztah/24.0_backport_bump_compress
[24.0 backport] vendor: github.com/klauspost/compress v1.17.2
2023-10-25 17:42:02 -07:00
Sebastiaan van Stijn f42719820d
vendor: github.com/docker/docker v24.0.6
full diff: https://github.com/moby/moby/compare/v24.0.5...v24.0.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 00:37:11 +02:00
Sebastiaan van Stijn 17770189de
vendor: github.com/klauspost/compress v1.17.2
fixes data corruption with zstd output in "best"

- 1.17.2 diff: https://github.com/klauspost/compress/compare/v1.17.1...v1.17.2
- full diff: https://github.com/klauspost/compress/compare/v1.16.5...v1.17.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6372c6aae6)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:17:39 +02:00
Sebastiaan van Stijn cde0441dc8
vendor: github.com/klauspost/compress v1.16.5
full diff: https://github.com/klauspost/compress/compare/v1.16.3...v1.16.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 497b13c661)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:17:35 +02:00
Sebastiaan van Stijn d9f94d5719
Merge pull request #4618 from thaJeztah/24.0_backport_cli-issue-502
[24.0 backport] Add docker ps status descriptions
2023-10-23 16:11:33 +02:00
Sam Thibault 54d83fbbf4
Add docker ps status descriptions
Signed-off-by: Sam Thibault <sam.thibault@docker.com>
(cherry picked from commit 8bf121c3bc)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-23 12:34:39 +02:00
Sebastiaan van Stijn 30a185e936
Merge pull request #4609 from thaJeztah/24.0_backport_x_net
[24.0 backport] vendor: golang.org/x/net v0.17.0
2023-10-19 14:06:59 +02:00
Sebastiaan van Stijn d43c48d5ab
vendor: golang.org/x/net v0.17.0
full diff: https://github.com/golang/net/compare/v0.10.0...v0.17.0

This fixes the same CVE as go1.21.3 and go1.20.10;

- net/http: rapid stream resets can cause excessive work

  A malicious HTTP/2 client which rapidly creates requests and
  immediately resets them can cause excessive server resource consumption.
  While the total number of requests is bounded to the
  http2.Server.MaxConcurrentStreams setting, resetting an in-progress
  request allows the attacker to create a new request while the existing
  one is still executing.

  HTTP/2 servers now bound the number of simultaneously executing
  handler goroutines to the stream concurrency limit. New requests
  arriving when at the limit (which can only happen after the client
  has reset an existing, in-flight request) will be queued until a
  handler exits. If the request queue grows too large, the server
  will terminate the connection.

  This issue is also fixed in golang.org/x/net/http2 v0.17.0,
  for users manually configuring HTTP/2.

  The default stream concurrency limit is 250 streams (requests)
  per HTTP/2 connection. This value may be adjusted using the
  golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
  setting and the ConfigureServer function.

  This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
  This is also tracked by CVE-2023-44487.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a27466fb6f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:35:49 +02:00
Sebastiaan van Stijn 1919679638
vendor: golang.org/x/crypto v0.14.0
full diff: https://github.com/golang/crypto/compare/v0.9.0...v0.14.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 612a171557)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:34:31 +02:00
Sebastiaan van Stijn 6c5bc490d4
vendor: golang.org/x/term v0.13.0
- term: consistently return zeroes on GetSize error

full diff: https://github.com/golang/term/compare/v0.8.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 392db31e2a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-19 12:33:19 +02:00