Sync from main repo to sixsq_main #2
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…nd buildx to v0.15.0 Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
Signed-off-by: guoguangwu <guoguangwug@gmail.com>
…e-off containers Signed-off-by: Suleiman Dibirov <idsulik@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diffs: = containerd: containerd/containerd@v1.7.19...v1.7.20 - google.golang.org/genproto/googleapis/rpc googleapis/go-genproto@49dd2c1...995d672 - google.golang.org/genproto: googleapis/go-genproto@49dd2c1...989df2b - google.golang.org/genproto/googleapis/api: googleapis/go-genproto@49dd2c1...83a465c Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: moby/moby@v27.0.3...v27.1.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diffs: - docker/cli@v27.0.3...v27.1.0 - grpc/grpc-go@v1.59.0...v1.60.1 - open-telemetry/opentelemetry-go@exporters/otlp/otlpmetric/otlpmetricgrpc/v0.42.0...exporters/otlp/otlpmetric/otlpmetricgrpc/v0.44.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Signed-off-by: Cody Rigney <cody.rigney@docker.com>
go1.21.12 (released 2024-07-02) includes security fixes to the net/http package, as well as bug fixes to the compiler, the go command, the runtime, and the crypto/x509, net/http, net/netip, and os packages. See the Go 1.21.12 milestone on our issue tracker for details: - https://github.com/golang/go/issues?q=milestone%3AGo1.21.12+label%3ACherryPickApproved - full diff: golang/go@go1.21.11...go1.21.12 From the security mailing: > Hello gophers, > > We have just released Go versions 1.22.5 and 1.21.12, minor point releases. > > These minor releases include 1 security fixes following the security policy: > > * net/http: denial of service due to improper 100-continue handling > > The net/http HTTP/1.1 client mishandled the case where a server responds > to a request with an “Expect: 100-continue” header with a non-informational > (200 or higher) status. This mishandling could leave a client connection > in an invalid state, where the next request sent on the connection will fail. > > An attacker sending a request to a net/http/httputil.ReverseProxy proxy can > exploit this mishandling to cause a denial of service by sending > “Expect: 100-continue” requests which elicit a non-informational response > from the backend. Each such request leaves the proxy with an invalid connection, > and causes one subsequent request using that connection to fail. > > Thanks to Geoff Franks for reporting this issue. > > This is CVE-2024-24791 and Go issue https://go.dev/issue/67555. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: golang/sys@v0.21.0...v0.22.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- fix: missing read-write flag in reopenFDOnError fixes a regression that could result in a `ERROR: bad file descriptor`. gofrs/flock@b659e1e introduced a regression where `f.flag` would not be in read-write mode [1] but read-only [2] which breaks people using NFS protocol. [1]: gofrs/flock@b659e1e#diff-87c2c4fe0fb43f4b38b4bee45c1b54cfb694c61e311f93b369caa44f6c1323ffR192 [2]: gofrs/flock@b659e1e#diff-22145325dded38eb5288ed3321a113d8260ccc70747ee04d4551bfd2fba975fdR69 full diff: gofrs/flock@v0.12.0...v0.12.1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
Signed-off-by: Joana Hrotko <joana.hrotko@docker.com>
Signed-off-by: Jan Brasna <1784648+janbrasna@users.noreply.github.com>
Signed-off-by: Mayank Kapur <kapurm17@gmail.com>
Signed-off-by: Joana Hrotko <joana.hrotko@docker.com>
Signed-off-by: Joana Hrotko <joana.hrotko@docker.com>
Signed-off-by: Joana Hrotko <joana.hrotko@docker.com>
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
Signed-off-by: Suleiman Dibirov <idsulik@gmail.com>
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Signed-off-by: Remco Kranenburg <remco.kranenburg@crunchr.com>
Signed-off-by: jonathan-dev <jonathan.drude@gmail.com>
When Compose is watching a project/reattaching streams on container start, it will make new API `ContainerAttach()` calls every time a container it's watching is started. However, it only closes the stream when the context used to start the attach is canceled. This means that if a user has a project with multiple containers where containers keep restarting, Compose will attach to the new containers but never close the previous streams, causing fds to pile up and goroutines on the engine to get stuck. Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Felix Fontein <felix@fontein.de>
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Signed-off-by: Max Proske <max@mproske.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Signed-off-by: Max Proske <max@mproske.com>
- update github.com/Azure/go-ansiterm to v0.0.0-20250102033503-faa5f7b0171c to fix OSC string terminator parsing. - add security policy - update github actions and test against go1.22, go1.23 full diff: moby/term@v0.5.0...v0.5.2 update github.com/Azure/go-ansiterm faa5f7b0171c - fix OSC string terminator parsing diff: Azure/go-ansiterm@d185dfc...faa5f7b Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
currently v28.0.0-rc.1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
capturing loop variables is no longer needed in go1.22 and higher; https://go.dev/blog/loopvar-preview This path enables the copyloopvar linter, which finds places where capturing is no longer needed, and removes locations where they could be removed. Also made some minor changes, and renamed some vars in places where we could use a shorter name that's less likely to conflict with imports. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.28.0 to 0.30.0. - [Commits](golang/sys@v0.28.0...v0.30.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy) from 1.14.0 to 1.14.1. - [Release notes](https://github.com/otiai10/copy/releases) - [Commits](otiai10/copy@v1.14.0...v1.14.1) --- updated-dependencies: - dependency-name: github.com/otiai10/copy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/jonboulle/clockwork](https://github.com/jonboulle/clockwork) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/jonboulle/clockwork/releases) - [Commits](jonboulle/clockwork@v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: github.com/jonboulle/clockwork dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
pkg/e2e/ps_test.go:50:5: contains: use assert.Contains (testifylint)
assert.True(t, strings.Contains(line, "127.0.0.1:8001->8000/tcp"))
^
pkg/e2e/ps_test.go:54:5: contains: use assert.Contains (testifylint)
assert.True(t, strings.Contains(line, "80/tcp, 443/tcp, 8080/tcp"))
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
make sure it's compatible with go1.23 full diff: golangci/golangci-lint@v1.60.2...v1.63.4 Changelog: https://golangci-lint.run/product/changelog/#v1634 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Max Proske <max@mproske.com>
Bumps [github.com/spf13/pflag](https://github.com/spf13/pflag) from 1.0.5 to 1.0.6. - [Release notes](https://github.com/spf13/pflag/releases) - [Commits](spf13/pflag@v1.0.5...v1.0.6) --- updated-dependencies: - dependency-name: github.com/spf13/pflag dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.10.0 to 0.11.0. - [Commits](golang/sync@v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [gotest.tools/v3](https://github.com/gotestyourself/gotest.tools) from 3.5.1 to 3.5.2. - [Release notes](https://github.com/gotestyourself/gotest.tools/releases) - [Commits](gotestyourself/gotest.tools@v3.5.1...v3.5.2) --- updated-dependencies: - dependency-name: gotest.tools/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.1 to 1.9.1. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.8.1...v1.9.1) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.68.1 to 1.70.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.68.1...v1.70.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.