Paweł Gronowski
b70a26deaf
vendor: github.com/docker/docker 330d777c53fb (v26.0.0-rc3-dev)
...
full diff: 70e46f2c7c...330d777c53
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-19 14:31:41 +01:00
Sebastiaan van Stijn
38c3ff67aa
vendor: github.com/docker/docker 70e46f2c7c2d (v26.0.0-rc3-dev)
...
full diff: https://github.com/docker/docker/compare/v26.0.0-rc2...70e46f2c7c2df8d8cc483d9831a907b12efa201b
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 16:53:20 +01:00
Sebastiaan van Stijn
a4a79d75c0
vendor: google.golang.org/protobuf v1.33.0, github.com/golang/protobuf v1.5.4
...
full diffs:
- https://github.com/protocolbuffers/protobuf-go/compare/v1.31.0...v1.33.0
- https://github.com/golang/protobuf/compare/v1.5.3...v1.5.4
From the Go security announcement list;
> Version v1.33.0 of the google.golang.org/protobuf module fixes a bug in
> the google.golang.org/protobuf/encoding/protojson package which could cause
> the Unmarshal function to enter an infinite loop when handling some invalid
> inputs.
>
> This condition could only occur when unmarshaling into a message which contains
> a google.protobuf.Any value, or when the UnmarshalOptions.UnmarshalUnknown
> option is set. Unmarshal now correctly returns an error when handling these
> inputs.
>
> This is CVE-2024-24786.
In a follow-up post;
> A small correction: This vulnerability applies when the UnmarshalOptions.DiscardUnknown
> option is set (as well as when unmarshaling into any message which contains a
> google.protobuf.Any). There is no UnmarshalUnknown option.
>
> In addition, version 1.33.0 of google.golang.org/protobuf inadvertently
> introduced an incompatibility with the older github.com/golang/protobuf
> module. (https://github.com/golang/protobuf/issues/1596 ) Users of the older
> module should update to github.com/golang/protobuf@v1.5.4.
govulncheck results in our code shows that this does not affect the CLI:
govulncheck ./...
Scanning your code and 448 packages across 72 dependent modules for known vulnerabilities...
=== Symbol Results ===
No vulnerabilities found.
Your code is affected by 0 vulnerabilities.
This scan also found 1 vulnerability in packages you import and 0
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 16:41:42 +01:00
Sebastiaan van Stijn
115c8d56e5
vendor: github.com/containerd/containerd v1.7.14
...
no changes in vendored files, but now requires go1.21
full diff: https://github.com/containerd/containerd/compare/v1.7.13...v1.7.14
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-03-16 16:41:38 +01:00
Paweł Gronowski
645b973521
vendor: github.com/docker/docker v26.0.0-rc2
...
full diff: https://github.com/docker/docker/compare/f4c696eef17d...v26.0.0-rc2
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-08 17:10:05 +01:00
Paweł Gronowski
a8379092af
vendor: github.com/docker/docker f4c696eef17d62a42
...
full diff: https://github.com/docker/docker/compare/v26.0.0-rc1+incompatible...f4c696eef17d62a421877d95c4810185750c5641
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-03-07 19:13:04 +01:00
Paweł Gronowski
5e80232398
vendor: github.com/docker/docker v26.0.0-rc1
...
full diff: https://github.com/docker/docker/compare/c70d7905fbd9...v26.0.0-rc1
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
test: update fixtures
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
2024-03-01 18:23:25 +01:00
Sebastiaan van Stijn
acc675014f
vendor: github.com/docker/docker c70d7905fbd9 (v26.0.0-dev)
...
full diff: 86b86412a1...c70d7905fb
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-26 17:54:20 +01:00
Sebastiaan van Stijn
79541b7e21
vendor: google.golang.org/grpc v1.59.0
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-26 17:53:12 +01:00
Sebastiaan van Stijn
096ced0894
vendor: OTEL v0.46.1 / v1.21.0
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-26 17:50:23 +01:00
Sebastiaan van Stijn
f3c77df31e
vendor: github.com/prometheus/client_golang v1.17.0
...
full diffs:
- https://github.com/prometheus/client_golang/compare/v1.14.0...v1.17.0
- https://github.com/prometheus/client_model/compare/v0.3.0...v0.5.0
- https://github.com/prometheus/common/compare/v0.42.0...v0.44.0
- https://github.com/prometheus/procfs/compare/v0.9.0...v0.12.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-26 17:45:07 +01:00
Sebastiaan van Stijn
1b42d04d63
vendor: github.com/go-logr/logr v1.3.0
...
full diff: https://github.com/go-logr/logr/compare/v1.2.4...v1.3.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-26 17:39:47 +01:00
Sebastiaan van Stijn
f5a29ff8eb
vendor: github.com/containerd/containerd v1.7.13
...
no changes in vendored files
full diff: https://github.com/containerd/containerd/compare/v1.7.12...v1.7.13
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-26 17:36:46 +01:00
Sebastiaan van Stijn
df6220d434
vendor: github.com/docker/docker 86b86412a1b7 (v26.0-dev)
...
full diff: 9e075f3808...86b86412a1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-10 12:26:39 +01:00
Sebastiaan van Stijn
324309b086
vendor: github.com/docker/docker 9e075f3808a5 (master, v26.0.0-dev)
...
Vendor docker/docker with API < 1.24 removed. This should not affect client
code.
43ffb1ee9d..9e075f3808
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-07 02:27:53 +01:00
Sebastiaan van Stijn
93ad9fbdf6
vendor: github.com/moby/swarmkit/v2 v2.0.0-20240125134710-dcda100a8261
...
full diff: f082dd7a0c...dcda100a82
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-02-07 02:23:51 +01:00
Paweł Gronowski
68dac842a1
vendor: github.com/docker/docker 43ffb1ee9d5a (v26.0.0-dev)
...
full diff: https://github.com/docker/docker/compare/v25.0.0...43ffb1ee9d5a
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2024-01-24 14:59:08 +01:00
Sebastiaan van Stijn
4b1ed1f442
vendor: github.com/docker/docker v25.0.1
...
relevant changes:
- Fix isGitURL regular expression
- pkg/system: return even richer xattr errors
full diff: https://github.com/moby/moby/compare/v25.0.0...v25.0.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-24 12:17:20 +01:00
Sebastiaan van Stijn
337dd82d8b
vendor: github.com/docker/docker v25.0.0
...
full diff: https://github.com/docker/docker/compare/v25.0.0-rc.3...v25.0.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-19 15:03:52 +01:00
Sebastiaan van Stijn
cdb1c105f6
vendor: github.com/docker/docker v25.0.0-rc.3
...
full diff: https://github.com/moby/moby/compare/v25.0.0-rc.2...v25.0.0-rc.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-17 23:28:28 +01:00
Sebastiaan van Stijn
21c2536051
vendor: golang.org/x/sys v0.16.0
...
full diff: https://github.com/golang/sys/compare/v0.15.0...v0.16.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-15 12:01:27 +01:00
Sebastiaan van Stijn
d868dca00f
vendor: github.com/docker/docker v25.0.0-rc.2
...
- feat: make errdefs.IsXXX helper functions work with wrapped errors
full diff: https://github.com/moby/moby/compare/v25.0.0-rc.1...v25.0.0-rc.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-13 02:08:29 +01:00
Sebastiaan van Stijn
8b6ffbdf77
vendor: github.com/containerd/containerd v1.7.12
...
- full diff: https://github.com/containerd/containerd/compare/v1.7.11...v1.7.12
- release notes: https://github.com/containerd/containerd/releases/tag/v1.7.12
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-12 19:31:12 +01:00
Sebastiaan van Stijn
a5e5563f13
vendor: github.com/docker/docker-credential-helpers v0.8.1
...
full diff: https://github.com/docker/docker-credential-helpers/compare/v0.8.0...v0.8.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-10 22:35:03 +01:00
Sebastiaan van Stijn
9db56ea2f6
vendor: golang.org/x/tools v0.16.0, golang.org/x/mod v0.14.0
...
removes dependency on golang.org/x/sys/execabs
full diff:
- https://github.com/golang/tools/compare/v0.10.0...v0.16.0
- https://github.com/golang/mod/compare/v0.11.0...v0.14.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 11:02:26 +01:00
Sebastiaan van Stijn
efae960e5a
vendor: golang.org/x/net v0.19.0
...
drops various code to support go1.17 and older
full diff: https://golang.org/x/net/compare/v0.17.0...v0.19.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:55:39 +01:00
Sebastiaan van Stijn
996cce9098
vendor: golang.org/x/sync v0.6.0
...
full diff: https://github.com/golang/sync/compare/v0.3.0...v0.6.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:52:47 +01:00
Sebastiaan van Stijn
4b10e55256
vendor: github.com/google/go-cmp v0.6.0
...
- removes purego fallbacks
full diff: https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:25:45 +01:00
Sebastiaan van Stijn
1ebc233b4b
vendor: github.com/creack/pty v1.1.21
...
full diff: https://github.com/creack/pty/compare/v1.18.0...v1.21.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 10:22:09 +01:00
Sebastiaan van Stijn
b4fe77a124
vendor: github.com/docker/go-connections v0.5.0
...
no diff, as the tag is the same commit as we used already;
https://github.com/docker/go-connections/compare/fa09c952e3ea...v0.5.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-05 18:25:04 +01:00
Sebastiaan van Stijn
b43ea528b8
vendor: github.com/docker/docker v25.0.0-rc.1
...
full diff: https://github.com/docker/docker/compare/v25.0.0-beta.3...v25.0.0-rc.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-05 13:23:48 +01:00
Sebastiaan van Stijn
c1016c05cf
vendor: github.com/mitchellh/mapstructure v1.5.0
...
note that this repository will be sunset, and the "endorsed" fork will be
maintened by "go-viper"; see [mapstructure#349][1]
[1]: https://github.com/mitchellh/mapstructure/issues/349
full diff: https://github.com/mitchellh/mapstructure/compare/v1.3.2...v1.5.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-27 17:42:31 +01:00
Sebastiaan van Stijn
eed2d9c765
Merge pull request #4742 from thaJeztah/bump_runewidth
...
vendor: github.com/mattn/go-runewidth v0.0.15
2023-12-27 17:05:40 +01:00
Sebastiaan van Stijn
58524685da
vendor: github.com/mattn/go-runewidth v0.0.15
...
no code-changes, but project updated CI to test against current
Go versions;
https://github.com/mattn/go-runewidth/compare/v0.0.14...v0.0.15
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-27 10:40:19 +01:00
Sebastiaan van Stijn
1e38fc3b9d
vendor: github.com/klauspost/compress v1.17.4
...
full diff: https://github.com/klauspost/compress/compare/v1.17.2...v1.17.4
v1.17.4:
- huff0: Speed up symbol counting
- huff0: Remove byteReader
- gzhttp: Allow overriding decompression on transport
- gzhttp: Clamp compression level
- gzip: Error out if reserved bits are set
v1.17.3:
- fse: Fix max header size
- zstd: Improve better/best compression
- gzhttp: Fix missing content type on Close
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-27 10:34:40 +01:00
Sebastiaan van Stijn
0fa3a365f7
vendor: github.com/docker/docker v25.0.0-beta.3
...
no diff, just the tag (which is the same as the previous commit);
https://github.com/moby/moby/compare/7bc56c53657d...v25.0.0-beta.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-21 16:41:36 +01:00
Albin Kerouanton
336787c50a
vendor: github.com/docker/docker 7bc56c53657d (v25.0.0-dev)
...
full diff: 388216fc45...7bc56c5365
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2023-12-20 22:51:51 +01:00
Sebastiaan van Stijn
4d434dc691
vendor: github.com/docker/docker 388216fc45ab (v25.0.0-dev)
...
full diff: f3cc93630e...388216fc45
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-19 20:11:21 +01:00
Sebastiaan van Stijn
0de84f0190
vendor: golang.org/x/crypto v0.17.0
...
no changes in vendored files
full diff: https://github.com/golang/crypto/compare/v0.16.0...v0.17.0
from the security mailing:
> Hello gophers,
>
> Version v0.17.0 of golang.org/x/crypto fixes a protocol weakness in the
> golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise
> the integrity of the secure channel before it was established, allowing
> them to prevent transmission of a number of messages immediately after
> the secure channel was established without either side being aware.
>
> The impact of this attack is relatively limited, as it does not compromise
> confidentiality of the channel. Notably this attack would allow an attacker
> to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a
> handful of newer security features.
>
> This protocol weakness was also fixed in OpenSSH 9.6.
>
> Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk from Ruhr
> University Bochum for reporting this issue.
>
> This is CVE-2023-48795 and Go issue https://go.dev/issue/64784 .
>
> Cheers,
> Roland on behalf of the Go team
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-19 00:35:09 +01:00
Sebastiaan van Stijn
3cf0bf84a5
vendor: golang.org/x/crypto v0.16.0
...
full diff: https://github.com/golang/crypto/compare/v0.14.0...v0.16.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:47:30 +01:00
Sebastiaan van Stijn
36d4db27d5
vendor: golang.org/x/text v0.14.0
...
full diff: https://github.com/golang/text/compare/v0.13.0...v0.14.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:46:41 +01:00
Sebastiaan van Stijn
3d70100d5d
vendor: golang.org/x/sys v0.15.0
...
full diff: https://github.com/golang/sys/compare/v0.13.0...v0.15.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:45:50 +01:00
Sebastiaan van Stijn
f63065a58b
vendor: github.com/docker/docker f3cc93630ed8 (v25.0.0-dev)
...
full diff: https://github.com/docker/docker/compare/v25.0.0-beta.2...f3cc93630ed8138a6775cbf150c6bfb341cb337b
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-13 12:48:42 +01:00
Sebastiaan van Stijn
fa1914426d
vendor: github.com/docker/docker v25.0.0-beta.2
...
No changes, as it's the same commit: https://github.com/docker/docker/compare/92884c25b394...v25.0.0-beta.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-13 12:48:42 +01:00
Sebastiaan van Stijn
aec7ec7f61
vendor: github.com/docker/docker 92884c25b394 (v25.0.0-dev)
...
full diff: 4046ae5e2f...92884c25b3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:57:38 +01:00
Sebastiaan van Stijn
0a3a16d2b4
vendor: github.com/containerd/containerd v1.7.11
...
full diff: https://github.com/containerd/containerd/compare/v1.7.8...v1.7.11
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:39:14 +01:00
Sebastiaan van Stijn
54c103aff4
vendor: upgrade OpenTelemetry to v1.19.0 / v0.45.0
...
Upgrade to the latest OpenTelemetry libraries; this will unblock a lot of
downstream projects in the ecosystem to upgrade, as some of the parts here
were pre-1.0/unstable.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:39:08 +01:00
Sebastiaan van Stijn
d49970590c
vendor: github.com/felixge/httpsnoop v1.0.4
...
full diff: https://github.com/felixge/httpsnoop/compare/v1.0.3...v1.0.4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:22:47 +01:00
Sebastiaan van Stijn
0cf7bff0be
vendor: github.com/docker/docker 4046ae5e2fd4 (v25.0.0-dev)
...
full diff: 029519a149...4046ae5e2f
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-06 02:06:38 +01:00
Sebastiaan van Stijn
ecf9bd3870
Merge pull request #4686 from thaJeztah/update_engine2
...
vendor: github.com/docker/docker 029519a1498b (v25.0.0-dev)
2023-12-01 16:45:05 +01:00