Commit Graph

9373 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 1a0ae8c6b8
vendor: golang.org/x/mod v0.11.0
no changes in vendored files

full diff: https://github.com/golang/mod/compare/v0.10.0...v0.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:01:56 +01:00
Sebastiaan van Stijn a6351d0cd3
Merge pull request #4624 from gabriellavengeo/patch-1
Create codeql.yml
2023-10-26 16:51:12 +02:00
Gabriela Georgieva 39b1d37b3d
Update CodeQL workflow
Signed-off-by: Gabriela Georgieva <gabriela.georgieva@docker.com>
2023-10-26 15:25:48 +02:00
Sebastiaan van Stijn 5fc42fc64e
Merge pull request #4625 from thaJeztah/bump_engine
vendor: github.com/docker/docker fc4d035e7a4e (v25.0.0-dev)
2023-10-26 09:40:51 +02:00
Sebastiaan van Stijn 663a89b7ad
vendor: github.com/docker/docker fc4d035e7a4e (v25.0.0-dev)
full diff: cdb3f9fb8d...fc4d035e7a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:44 +02:00
Sebastiaan van Stijn 6891974ee9
vendor: github.com/opencontainers/image-spec v1.1.0-rc5
full diff: https://github.com/opencontainers/image-spec/compare/v1.1.0-rc4...v1.1.0-rc5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:43 +02:00
Sebastiaan van Stijn 827c404ca0
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230911190601-f082dd7a0cee
no changes in vendored files

full diff: 12f0c246fe...f082dd7a0c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:43 +02:00
Sebastiaan van Stijn 137c495f7b
vendor: github.com/go-logr/logr v1.2.4
full diff: https://github.com/go-logr/logr/compare/v1.2.3...v1.2.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:40 +02:00
Brian Goff dd11de7dbb
Merge pull request #4627 from thaJeztah/bump_compress
vendor: github.com/klauspost/compress v1.17.2
2023-10-25 17:41:02 -07:00
Brian Goff 4f0b466b1b
Merge pull request #4626 from thaJeztah/bump_grpc
vendor: google.golang.org/grpc v1.56.3
2023-10-25 17:39:05 -07:00
Sebastiaan van Stijn 6372c6aae6
vendor: github.com/klauspost/compress v1.17.2
fixes data corruption with zstd output in "best"

- 1.17.2 diff: https://github.com/klauspost/compress/compare/v1.17.1...v1.17.2
- full diff: https://github.com/klauspost/compress/compare/v1.16.5...v1.17.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:14:23 +02:00
Sebastiaan van Stijn 8073525c00
vendor: google.golang.org/grpc v1.56.3
server: prohibit more than MaxConcurrentStreams handlers from running at once
(CVE-2023-44487).

In addition to this change, applications should ensure they do not leave running
tasks behind related to the RPC before returning from method handlers, or should
enforce appropriate limits on any such work.

- https://github.com/grpc/grpc-go/compare/v1.56.2...v1.56.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:11:12 +02:00
Sebastiaan van Stijn 39e1de95ab
Merge pull request #4620 from thaJeztah/bump_golangci_lint
update to golangci-lint v1.55.0
2023-10-24 13:34:42 +02:00
Sebastiaan van Stijn b7b5b31a7e
update to golangci-lint v1.55.0
release notes:
https://github.com/golangci/golangci-lint/releases/tag/v1.55.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-24 11:10:53 +02:00
Sebastiaan van Stijn 9e1f8d646e
image/build: use "nolint" comment to work around gosec regression
Latest gosec linter has a regression in parsing "nosec" comments;
see https://github.com/securego/gosec/issues/1046

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-24 11:10:51 +02:00
Sebastiaan van Stijn 8bf53ab011
Merge pull request #4619 from thaJeztah/nodot
cli/command: remove dot-imports and unhandled errors, and fix TestSwarmUpdate
2023-10-24 11:10:15 +02:00
Sebastiaan van Stijn 2294b17e7d
cli/command/network: runCreate: inline types.NetworkCreate
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-23 18:33:26 +02:00
Sebastiaan van Stijn cdba442d00
Merge pull request #4613 from achneerov/feature/937-remove-dead-link
Removed broken link
2023-10-23 16:02:09 +02:00
Sebastiaan van Stijn 594aeb390a
cli/command: remove dot-imports and unhandled errors
Please the linters in preparation of updating golangci-lint;

- remove dot-imports
- add some checks for unhandled errors
- replace some fixed-value variables for consts

    cli/command/image/build/context.go:238:17: G107: Potential HTTP request made with variable url (gosec)
        if resp, err = http.Get(url); err != nil {
                       ^
    cli/command/idresolver/idresolver_test.go:7:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/registry_test.go:7:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/cli/command" // Prevents a circular import with "github.com/docker/cli/internal/test"
        ^
    cli/command/task/print_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/swarm/update_test.go:10:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/swarm/unlock_key_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/swarm/join_token_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/node/list_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/node/promote_test.go:8:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/node/demote_test.go:8:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package functions
        ^
    cli/command/node/ps_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/node/update_test.go:8:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/node/inspect_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package functions
        ^
    cli/command/secret/ls_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/secret/inspect_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/volume/inspect_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/volume/list_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/config/inspect_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/config/ls_test.go:11:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/network/list_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders"
        ^
    cli/command/container/list_test.go:10:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/service/list_test.go:12:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders"
        ^
    cli/command/service/client_test.go:6:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/stack/list_test.go:8:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/stack/services_test.go:9:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^
    cli/command/stack/ps_test.go:10:2: dot-imports: should not use dot imports (revive)
        . "github.com/docker/cli/internal/test/builders" // Import builders to get the builder function as package function
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-23 15:21:47 +02:00
Sebastiaan van Stijn b08e34b9f9
swarm: TestSwarmUpdate: remove non-existing "--quiet" flag
The `docker swarm update` copmmand does not have a `--quiet` flag, but this
test was trying to set it.

    docker swarm update --help

    Usage:  docker swarm update [OPTIONS]

    Update the swarm

    Options:
          --autolock                        Change manager autolocking setting (true|false)
          --cert-expiry duration            Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s)
          --dispatcher-heartbeat duration   Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s)
          --external-ca external-ca         Specifications of one or more certificate signing endpoints
          --max-snapshots uint              Number of additional Raft snapshots to retain
          --snapshot-interval uint          Number of log entries between Raft snapshots (default 10000)
          --task-history-limit int          Task history retention limit (default 5)

The test didn't catch this issue, because errors when setting the flag were
not handled, so also adding error-handling;

    === Failed
    === FAIL: cli/command/swarm TestSwarmUpdate (0.00s)
        update_test.go:177: assertion failed: error is not nil: no such flag -quiet

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-23 15:21:29 +02:00
Sebastiaan van Stijn 9e54fa48ec
Merge pull request #4616 from thaJeztah/bump_gotest_tools
vendor: gotest.tools/v3 v3.5.1
2023-10-23 12:04:44 +02:00
Brian Goff 60b5508c94
Merge pull request #4611 from thaJeztah/stack_start_interval_carry
stacks: Add schema 3.12, and add support for start interval
2023-10-20 11:04:47 -07:00
Brian Goff defa52b8c6
stacks: Add support for start interval
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-20 18:42:59 +02:00
Sebastiaan van Stijn 9df7be5d5e
cli/compose: add schema 3.12 (no changes with 3.11 yet)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-20 18:42:55 +02:00
Sebastiaan van Stijn 3e5f6badcb
Merge pull request #4610 from thaJeztah/compose_golden
cli/compose/loader: use gotest.tools/v3/golden
2023-10-20 18:41:33 +02:00
Sebastiaan van Stijn 7a2ea5c536
vendor: gotest.tools/v3 v3.5.1
full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.5.0..v3.5.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-20 17:39:10 +02:00
Sebastiaan van Stijn f2fced4876
cli/compose/loader: remove platform-specific path handling
Paths in the advanced / compose-file format are not converted
to be platform-specific, so for these tests, it should not be
needed to convert the paths to be Windows-paths.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-20 17:09:03 +02:00
Sebastiaan van Stijn 74990623e5
cli/compose/loader: use gotest.tools/v3/golden
use the golden utility instead of self-crafting expected output,
this allows automaticaly updating the expected output.

This change does break this specific test on Windows due to platform-
specific paths. Other tests already have this issue on Windows, so
skipping the test for now.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-20 17:08:58 +02:00
Sebastiaan van Stijn 4d6cf135a3
Merge pull request #4614 from sam-thibault/cli-issue-502
Add docker ps status descriptions
2023-10-20 12:51:29 +02:00
Sam Thibault 8bf121c3bc
Add docker ps status descriptions
Signed-off-by: Sam Thibault <sam.thibault@docker.com>
2023-10-20 12:43:16 +02:00
achneerov a252a106cd - What I did
Removed broken link in #937
- How I did it
	Removed first section of CONTRIBUTING.md
- How to verify it
	Check CONTRIBUTING.md
- Description for the changelog
	Removed broken link in contributing to Docker documentation.
A picture of a cute animal (not mandatory but encouraged)
Closes #937

Signed-off-by: achneerov <achneerov@gmail.com>
2023-10-19 16:10:27 -04:00
Sebastiaan van Stijn 8743ffda39
Merge pull request #4605 from thaJeztah/update_engine
vendor: github.com/docker/docker cdb3f9fb8dca (v25.0.0-dev)
2023-10-16 12:04:10 +02:00
Akihiro Suda 74bace156c
docs: add `bind-recursive` mount option
Follow-up to PR 4316

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-10-16 10:15:40 +09:00
Sebastiaan van Stijn 46d0ba20f1
vendor: github.com/docker/docker cdb3f9fb8dca (v25.0.0-dev)
full diff: d3afa80b96...cdb3f9fb8d

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 22:09:04 +02:00
Sebastiaan van Stijn 3441151e07
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230823155524-12f0c246fed0
full diff: bc71908479...12f0c246fe

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 21:40:09 +02:00
Sebastiaan van Stijn 412ebb6771
vendor: github.com/containerd/containerd v1.7.7
full diff: https://github.com/containerd/containerd/compare/v1.6.24..v1.7.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 21:39:50 +02:00
Sebastiaan van Stijn 78eaac75cc
vendor: update OTEL dependencies
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 21:38:21 +02:00
Sebastiaan van Stijn 8890a38d42
Merge pull request #4604 from thaJeztah/x_net_17
vendor: golang.org/x/net v0.17.0
2023-10-13 21:08:44 +02:00
Sebastiaan van Stijn a27466fb6f
vendor: golang.org/x/net v0.17.0
full diff: https://github.com/golang/net/compare/v0.10.0...v0.17.0

This fixes the same CVE as go1.21.3 and go1.20.10;

- net/http: rapid stream resets can cause excessive work

  A malicious HTTP/2 client which rapidly creates requests and
  immediately resets them can cause excessive server resource consumption.
  While the total number of requests is bounded to the
  http2.Server.MaxConcurrentStreams setting, resetting an in-progress
  request allows the attacker to create a new request while the existing
  one is still executing.

  HTTP/2 servers now bound the number of simultaneously executing
  handler goroutines to the stream concurrency limit. New requests
  arriving when at the limit (which can only happen after the client
  has reset an existing, in-flight request) will be queued until a
  handler exits. If the request queue grows too large, the server
  will terminate the connection.

  This issue is also fixed in golang.org/x/net/http2 v0.17.0,
  for users manually configuring HTTP/2.

  The default stream concurrency limit is 250 streams (requests)
  per HTTP/2 connection. This value may be adjusted using the
  golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
  setting and the ConfigureServer function.

  This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
  This is also tracked by CVE-2023-44487.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:56:02 +02:00
Sebastiaan van Stijn 612a171557
vendor: golang.org/x/crypto v0.14.0
full diff: https://github.com/golang/crypto/compare/v0.9.0...v0.14.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:55:22 +02:00
Sebastiaan van Stijn 392db31e2a
vendor: golang.org/x/term v0.13.0
- term: consistently return zeroes on GetSize error

full diff: https://github.com/golang/term/compare/v0.8.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:53:19 +02:00
Sebastiaan van Stijn ac307788a6
vendor: golang.org/x/text v0.13.0
full diff: https://github.com/golang/text/compare/v0.9.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:50:23 +02:00
Sebastiaan van Stijn 48655f794c
vendor: golang.org/x/sys v0.13.0
full diff: https://github.com/golang/sys/compare/v0.10.0...v0.13.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:49:37 +02:00
Bjorn Neergaard fc247d6911
Merge pull request #4603 from thaJeztah/update_distribution_2.8.3
vendor: github.com/docker/distribution v2.8.3
2023-10-13 09:22:21 -07:00
Sebastiaan van Stijn 6de5254162
vendor: github.com/docker/distribution v2.8.3
- Fix storageDriver gcs not registered in binaries
- reference: replace uses of deprecated function SplitHostname
- Dont parse errors as JSON unless Content-Type is set to JSON
- update to go1.20.8
- Set Content-Type header in registry client ReadFrom
- deprecate reference package, migrate to github.com/distribution/reference
- digestset: deprecate package in favor of go-digest/digestset
- Do not close HTTP request body in HTTP handler

full diff: https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 17:54:59 +02:00
Sebastiaan van Stijn a46f850435
Merge pull request #4596 from thaJeztah/update_golang_1.21.3
update to go1.21.3
2023-10-12 10:44:19 +02:00
Sebastiaan van Stijn ceab9b5e8e
update to go1.21.3
go1.21.3 (released 2023-10-10) includes a security fix to the net/http package.
See the Go 1.21.3 milestone on our issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.21.3+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.21.2...go1.21.3

From the security mailing:

[security] Go 1.21.3 and Go 1.20.10 are released

Hello gophers,

We have just released Go versions 1.21.3 and 1.20.10, minor point releases.

These minor releases include 1 security fixes following the security policy:

- net/http: rapid stream resets can cause excessive work

  A malicious HTTP/2 client which rapidly creates requests and
  immediately resets them can cause excessive server resource consumption.
  While the total number of requests is bounded to the
  http2.Server.MaxConcurrentStreams setting, resetting an in-progress
  request allows the attacker to create a new request while the existing
  one is still executing.

  HTTP/2 servers now bound the number of simultaneously executing
  handler goroutines to the stream concurrency limit. New requests
  arriving when at the limit (which can only happen after the client
  has reset an existing, in-flight request) will be queued until a
  handler exits. If the request queue grows too large, the server
  will terminate the connection.

  This issue is also fixed in golang.org/x/net/http2 v0.17.0,
  for users manually configuring HTTP/2.

  The default stream concurrency limit is 250 streams (requests)
  per HTTP/2 connection. This value may be adjusted using the
  golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
  setting and the ConfigureServer function.

  This is CVE-2023-39325 and Go issue https://go.dev/issue/63417.
  This is also tracked by CVE-2023-44487.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 20:02:33 +02:00
Sebastiaan van Stijn d249ce2794
update to go1.21.2
go1.21.2 (released 2023-10-05) includes one security fixes to the cmd/go package,
as well as bug fixes to the compiler, the go command, the linker, the runtime,
and the runtime/metrics package. See the Go 1.21.2 milestone on our issue
tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.21.2+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.21.1...go1.21.2

From the security mailing:

[security] Go 1.21.2 and Go 1.20.9 are released

Hello gophers,

We have just released Go versions 1.21.2 and 1.20.9, minor point releases.

These minor releases include 1 security fixes following the security policy:

- cmd/go: line directives allows arbitrary execution during build

  "//line" directives can be used to bypass the restrictions on "//go:cgo_"
  directives, allowing blocked linker and compiler flags to be passed during
  compliation. This can result in unexpected execution of arbitrary code when
  running "go build". The line directive requires the absolute path of the file in
  which the directive lives, which makes exploting this issue significantly more
  complex.

  This is CVE-2023-39323 and Go issue https://go.dev/issue/63211.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 20:02:16 +02:00
Sebastiaan van Stijn 26951f75de
Merge pull request #4592 from thaJeztah/update_md2man
update go-md2man to v2.0.3
2023-10-11 19:08:15 +02:00
Sebastiaan van Stijn 3f1195e4ec
update go-md2man to v2.0.3
full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.1...v2.0.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-11 18:26:14 +02:00