Sebastiaan van Stijn
f65d4a4796
vendor: github.com/docker/go-connections fa09c952e3ea (v0.5.0-dev)
...
0b8c1f4e07...fa09c952e3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-10 22:46:47 +01:00
Sebastiaan van Stijn
f9622b659f
vendor: update go-connections for TLS 1.3 support
...
full diff: https://github.com/docker/go-connections/compare/v0.4.0...0b8c1f4e07a0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-10 15:56:11 +01:00
Sebastiaan van Stijn
d46de7087c
vendor: github.com/docker/docker c14694a424ab (v25.0.0-dev)
...
full diff: ed1a61dcb7...c14694a424
Co-authored-by: Albin Kerouanton <albinker@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-07 23:41:34 +01:00
Sebastiaan van Stijn
0239b8fd95
vendor: github.com/spf13/cobra v1.8.0
...
release notes: https://github.com/spf13/cobra/releases/tag/v1.8.0
full diff: https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-06 16:54:43 +01:00
Evan Lezar
54eee599ba
Update container-device-interface to v0.6.2
...
This includes migrating from the github.com/container-orchestrated-devices
repo to tags.cncf.io.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
2023-11-04 01:18:41 +01:00
Sebastiaan van Stijn
e088660985
vendor: github.com/docker/docker ed1a61dcb789 (v25.0.0-dev)
...
full diff: fc4d035e7a...ed1a61dcb7
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-03 15:14:07 +01:00
Sebastiaan van Stijn
13d34b21ec
vendor: github.com/containerd/containerd v1.7.8
...
no changes in vendored files
full diff: https://github.com/containerd/containerd/compare/v1.7.7...v1.7.8
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:07:54 +01:00
Sebastiaan van Stijn
aa24d611bd
vendor: google.golang.org/grpc v1.58.3
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:07:00 +01:00
Sebastiaan van Stijn
7841493823
vendor: golang.org/x/tools v0.10.0
...
full diff: https://github.com/golang/tools/compare/v0.8.0...v0.10.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:06:07 +01:00
Sebastiaan van Stijn
1a0ae8c6b8
vendor: golang.org/x/mod v0.11.0
...
no changes in vendored files
full diff: https://github.com/golang/mod/compare/v0.10.0...v0.11.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-01 16:01:56 +01:00
Sebastiaan van Stijn
663a89b7ad
vendor: github.com/docker/docker fc4d035e7a4e (v25.0.0-dev)
...
full diff: cdb3f9fb8d...fc4d035e7a
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:44 +02:00
Sebastiaan van Stijn
6891974ee9
vendor: github.com/opencontainers/image-spec v1.1.0-rc5
...
full diff: https://github.com/opencontainers/image-spec/compare/v1.1.0-rc4...v1.1.0-rc5
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:43 +02:00
Sebastiaan van Stijn
827c404ca0
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230911190601-f082dd7a0cee
...
no changes in vendored files
full diff: 12f0c246fe...f082dd7a0c
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:43 +02:00
Sebastiaan van Stijn
137c495f7b
vendor: github.com/go-logr/logr v1.2.4
...
full diff: https://github.com/go-logr/logr/compare/v1.2.3...v1.2.4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-26 09:30:40 +02:00
Brian Goff
dd11de7dbb
Merge pull request #4627 from thaJeztah/bump_compress
...
vendor: github.com/klauspost/compress v1.17.2
2023-10-25 17:41:02 -07:00
Sebastiaan van Stijn
6372c6aae6
vendor: github.com/klauspost/compress v1.17.2
...
fixes data corruption with zstd output in "best"
- 1.17.2 diff: https://github.com/klauspost/compress/compare/v1.17.1...v1.17.2
- full diff: https://github.com/klauspost/compress/compare/v1.16.5...v1.17.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:14:23 +02:00
Sebastiaan van Stijn
8073525c00
vendor: google.golang.org/grpc v1.56.3
...
server: prohibit more than MaxConcurrentStreams handlers from running at once
(CVE-2023-44487).
In addition to this change, applications should ensure they do not leave running
tasks behind related to the RPC before returning from method handlers, or should
enforce appropriate limits on any such work.
- https://github.com/grpc/grpc-go/compare/v1.56.2...v1.56.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-25 23:11:12 +02:00
Sebastiaan van Stijn
7a2ea5c536
vendor: gotest.tools/v3 v3.5.1
...
full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.5.0..v3.5.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-20 17:39:10 +02:00
Sebastiaan van Stijn
46d0ba20f1
vendor: github.com/docker/docker cdb3f9fb8dca (v25.0.0-dev)
...
full diff: d3afa80b96...cdb3f9fb8d
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 22:09:04 +02:00
Sebastiaan van Stijn
3441151e07
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230823155524-12f0c246fed0
...
full diff: bc71908479...12f0c246fe
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 21:40:09 +02:00
Sebastiaan van Stijn
412ebb6771
vendor: github.com/containerd/containerd v1.7.7
...
full diff: https://github.com/containerd/containerd/compare/v1.6.24..v1.7.7
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 21:39:50 +02:00
Sebastiaan van Stijn
78eaac75cc
vendor: update OTEL dependencies
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 21:38:21 +02:00
Sebastiaan van Stijn
a27466fb6f
vendor: golang.org/x/net v0.17.0
...
full diff: https://github.com/golang/net/compare/v0.10.0...v0.17.0
This fixes the same CVE as go1.21.3 and go1.20.10;
- net/http: rapid stream resets can cause excessive work
A malicious HTTP/2 client which rapidly creates requests and
immediately resets them can cause excessive server resource consumption.
While the total number of requests is bounded to the
http2.Server.MaxConcurrentStreams setting, resetting an in-progress
request allows the attacker to create a new request while the existing
one is still executing.
HTTP/2 servers now bound the number of simultaneously executing
handler goroutines to the stream concurrency limit. New requests
arriving when at the limit (which can only happen after the client
has reset an existing, in-flight request) will be queued until a
handler exits. If the request queue grows too large, the server
will terminate the connection.
This issue is also fixed in golang.org/x/net/http2 v0.17.0,
for users manually configuring HTTP/2.
The default stream concurrency limit is 250 streams (requests)
per HTTP/2 connection. This value may be adjusted using the
golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams
setting and the ConfigureServer function.
This is CVE-2023-39325 and Go issue https://go.dev/issue/63417 .
This is also tracked by CVE-2023-44487.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:56:02 +02:00
Sebastiaan van Stijn
612a171557
vendor: golang.org/x/crypto v0.14.0
...
full diff: https://github.com/golang/crypto/compare/v0.9.0...v0.14.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:55:22 +02:00
Sebastiaan van Stijn
392db31e2a
vendor: golang.org/x/term v0.13.0
...
- term: consistently return zeroes on GetSize error
full diff: https://github.com/golang/term/compare/v0.8.0...v0.13.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:53:19 +02:00
Sebastiaan van Stijn
ac307788a6
vendor: golang.org/x/text v0.13.0
...
full diff: https://github.com/golang/text/compare/v0.9.0...v0.13.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:50:23 +02:00
Sebastiaan van Stijn
48655f794c
vendor: golang.org/x/sys v0.13.0
...
full diff: https://github.com/golang/sys/compare/v0.10.0...v0.13.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 20:49:37 +02:00
Sebastiaan van Stijn
6de5254162
vendor: github.com/docker/distribution v2.8.3
...
- Fix storageDriver gcs not registered in binaries
- reference: replace uses of deprecated function SplitHostname
- Dont parse errors as JSON unless Content-Type is set to JSON
- update to go1.20.8
- Set Content-Type header in registry client ReadFrom
- deprecate reference package, migrate to github.com/distribution/reference
- digestset: deprecate package in favor of go-digest/digestset
- Do not close HTTP request body in HTTP handler
full diff: https://github.com/distribution/distribution/compare/v2.8.2...v2.8.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-13 17:54:59 +02:00
Sebastiaan van Stijn
4c75107a62
vendor: github.com/distribution/reference v0.5.0
...
full diff: https://github.com/distribution/reference/compare/e42074f83a9c...v0.5.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-28 00:18:52 +02:00
Sebastiaan van Stijn
febb37a38e
remove buildkit as dependency
...
This copies the github.com/moby/buildkit/util/appcontext
package as an internal package. The appcontext package from
BuildKit was the only remaining dependency on BuildKit, and
while we may need some of its functionality, the implementation
is not correct for how it's used in docker/cli (so would need
a rewrite).
Moving a copy of the code into the docker/cli (but as internal
package to prevent others from depending on it) is a first step
in that process, and removes the circular dependency between
BuildKit and the CLi.
We are only using these:
tree vendor/github.com/moby/buildkit
vendor/github.com/moby/buildkit
├── AUTHORS
├── LICENSE
└── util
└── appcontext
├── appcontext.go
├── appcontext_unix.go
├── appcontext_windows.go
└── register.go
3 directories, 6 files
Before this:
go mod graph | grep ' github.com/docker/cli'
github.com/moby/buildkit@v0.11.6 github.com/docker/cli@v23.0.0-rc.1+incompatible
After this:
go mod graph | grep ' github.com/docker/cli'
# (nothing)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-28 00:04:51 +02:00
Sebastiaan van Stijn
3e2187b4cb
vendor: github.com/docker/docker d3afa80b96bf (v25.0.0-dev)
...
full diff: 06499c52e2...d3afa80b96
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-21 15:30:51 +02:00
Sebastiaan van Stijn
f90890fb48
vendor: github.com/Microsoft/hcsshim v0.11.1
...
full diff: https://github.com/microsoft/hcsshim/compare/v0.9.10...v0.11.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-21 15:29:50 +02:00
Sebastiaan van Stijn
23f50a0665
vendor: github.com/containerd/containerd v1.6.24
...
unfortunately, brings back hcsshim as dependency
full diff: https://github.com/containerd/containerd/compare/v1.6.22...v1.6.24
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:42:32 +02:00
Sebastiaan van Stijn
497b13c661
vendor: github.com/klauspost/compress v1.16.5
...
full diff: https://github.com/klauspost/compress/compare/v1.16.3...v1.16.5
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:38:35 +02:00
Sebastiaan van Stijn
e0ad0127b1
vendor: google.golang.org/grpc v1.56.2
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:37:37 +02:00
Sebastiaan van Stijn
c2308ad6fb
vendor: google.golang.org/protobuf v1.31.0
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:36:23 +02:00
Sebastiaan van Stijn
56396ba357
vendor: golang.org/x/tools v0.8.0
...
full diff:
- https://github.com/golang/mod/compare/v0.9.0...v0.10.0
- https://github.com/golang/tools/compare/v0.7.0...v0.8.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:36:16 +02:00
Sebastiaan van Stijn
c9d56b8504
vendor: golang.org/x/crypto v0.9.0
...
full diff: https://github.com/golang/crypto/compare/v0.3.0...v0.9.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:36:07 +02:00
Sebastiaan van Stijn
ffea6940e7
vendor: golang.org/x/sys v0.10.0
...
full diff: https://github.com/golang/sys/compare/v0.8.0...v0.10.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:29:33 +02:00
Sebastiaan van Stijn
1554b49329
vendor: golang.org/x/sync v0.3.0
...
full diff: https://github.com/golang/sync/compare/v0.1.0...v0.3.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:28:31 +02:00
Sebastiaan van Stijn
78012b00a5
vendor: container-device-interface v0.6.1
...
no changes to vendored files
full diff: https://github.com/container-orchestrated-devices/container-device-interface/compare/v0.6.0...v0.6.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-19 16:24:08 +02:00
Sebastiaan van Stijn
40dc66b26f
vendor: github.com/docker/docker 06499c52e2b1 (v25.0.0-dev)
...
full diff: 032797ea4b...06499c52e2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-08 01:55:58 +02:00
Sebastiaan van Stijn
f13b786724
vendor: github.com/docker/docker 032797ea4bcb (v25.0.0-dev)
...
full diff: 7abd7fa739...032797ea4b
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-05 17:53:23 +02:00
Sebastiaan van Stijn
fb2ba5d63b
migrate reference github.com/distribution/reference
...
The "reference" package was moved to a separate module, which was extracted
from b9b19409cf
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-05 17:53:20 +02:00
Sebastiaan van Stijn
04af128211
vendor: github.com/docker/docker 7abd7fa73965 (v25.0.0-dev)
...
full diff: a65c948e7e...7abd7fa739
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-05 13:43:35 +02:00
Sebastiaan van Stijn
d40fc1a0fa
vendor: github.com/docker/docker a65c948e7edf (v25.0.0-dev)
...
full diff: 4b19b2f4ba...a65c948e7e
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-28 21:11:17 +02:00
Sebastiaan van Stijn
55ff9e6093
vendor: github.com/moby/patternmatcher v0.6.0
...
- integrate frontend/dockerfile/dockerignore from buildkit
full diff: https://github.com/moby/patternmatcher/compare/v0.5.0...v0.6.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-23 12:09:12 +02:00
Sebastiaan van Stijn
3d0b14c3e3
vendor: github.com/docker/docker 4b19b2f4babd (25.0-dev)
...
full diff: dab9ffb252...4b19b2f4ba
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-08 09:41:47 +02:00
Sebastiaan van Stijn
f38870e68a
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230713153928-bc71908479e5
...
full diff: 6f78b8199b...bc71908479
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-07 20:26:45 +02:00
Sebastiaan van Stijn
a53b03520f
vendor: github.com/opencontainers/image-spec v1.1.0-rc4
...
full diff: https://github.com/opencontainers/image-spec/compare/v1.1.0-rc3...v1.1.0-rc4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-08-07 20:26:29 +02:00