Commit graph

409 commits

Author SHA1 Message Date
Akihiro Suda
ba86626642
vendor.mod: github.com/rootless-containers/rootlesskit/v2 v2.0.0
https://github.com/rootless-containers/rootlesskit/releases/tag/v2.0.0

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2024-01-16 10:56:27 +09:00
Sebastiaan van Stijn
3eba4216e0
Merge pull request #47080 from thaJeztah/bump_mountinfo
vendor: github.com/moby/sys/mountinfo v0.7.1
2024-01-15 13:11:50 +01:00
Sebastiaan van Stijn
c4d2968183
vendor: github.com/moby/sys/mountinfo v0.7.1
full diff: https://github.com/moby/sys/compare/mountinfo/v0.6.2...mountinfo/v0.7.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-15 12:09:02 +01:00
Sebastiaan van Stijn
075e1141b8
vendor: golang.org/x/sys v0.16.0
full diff: https://github.com/golang/sys/compare/v0.15.0...v0.16.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-15 12:05:29 +01:00
Sebastiaan van Stijn
a759acd958
vendor: github.com/google/uuid v1.5.0
full diff: https://github.com/google/uuid/compare/v1.3.1...v1.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-15 10:40:15 +01:00
Sebastiaan van Stijn
3bcb01a84f
vendor: github.com/google/go-cmp v0.6.0
full diff: https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-15 10:40:13 +01:00
Sebastiaan van Stijn
92175dd78c
vendor: containerd v1.7.12, and switch to dario.cat/mergo v1.0.0
Switch github.com/imdario/mergo to dario.cat/mergo v1.0.0, because
the module was renamed, and reached v1.0.0

full diff: https://github.com/imdario/mergo/compare/v0.3.13...v1.0.0

vendor: github.com/containerd/containerd v1.7.12

- full diff: https://github.com/containerd/containerd/compare/v1.7.11...v1.7.12
- release notes: https://github.com/containerd/containerd/releases/tag/v1.7.12

Welcome to the v1.7.12 release of containerd!

The twelfth patch release for containerd 1.7 contains various fixes and updates.

Notable Updates

- Fix on dialer function for Windows
- Improve `/etc/group` handling when appending groups
- Update shim pidfile permissions to 0644
- Update runc binary to v1.1.11
- Allow import and export to reference missing content
- Remove runc import
- Update Go version to 1.20.13

Deprecation Warnings

- Emit deprecation warning for `containerd.io/restart.logpath` label usage

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-12 18:09:24 +01:00
Sebastiaan van Stijn
22b08a10ff
Merge pull request #47032 from thaJeztah/otel_align_versions
vendor: otelhttptrace v0.45.0 to align with other OTEL packages
2024-01-08 17:07:16 +01:00
Sebastiaan van Stijn
97d91aff7b
Merge pull request #47027 from thaJeztah/bump_cgroups
vendor: github.com/containerd/cgroups/v3 v3.0.3
2024-01-08 13:09:33 +01:00
Sebastiaan van Stijn
1dd415df1a
vendor: github.com/vbatts/tar-split v0.11.5
full diff: https://github.com/vbatts/tar-split/compare/v0.11.3...v0.11.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-08 11:40:15 +01:00
Sebastiaan van Stijn
372cd16b88
vendor: otelhttptrace v0.45.0 to align with other OTEL packages
This package / module is used by BuildKit's detect package; the buildkit
version we use (v0.12.x) [is using OTEL v0.40.0][1], whereas Moby and Containerd
moved to v0.45.0.

Go module [minimum-version-selection (MVS)][1] will pick the minimum required
version, and because there's no "reverse" dependency from the "main" OTEL modules
to this module, it selects the lowest version (specified in the BuildKit module).

Usually this would be a _good_ thing, but we know that OTEL likes all versions
to be aligned, so let's make it so.

full diff: https://github.com/open-telemetry/opentelemetry-go-contrib/compare/instrumentation/net/http/httptrace/otelhttptrace/v0.40.0...instrumentation/net/http/httptrace/otelhttptrace/v0.45.0

[1]: https://github.com/moby/buildkit/blob/v0.12.4-2-g3b6880d2a/go.mod#L73-L83
[2]: https://go.dev/ref/mod#glos-minimal-version-selection

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-06 11:04:13 +01:00
Sebastiaan van Stijn
22597efa06
vendor: github.com/docker/go-connections v0.5.0
no diff, as the tag is the same commit as we used already;
https://github.com/docker/go-connections/compare/fa09c952e3ea...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-05 18:20:12 +01:00
Sebastiaan van Stijn
2af17cd3f5
vendor: github.com/containerd/cgroups/v3 v3.0.3
release notes:

- NewSystemd handles UnitExists when starting units
- makefile fixes
- cgroups2: export memory max usage and swap max usage
- build(deps): bump github.com/cilium/ebpf from v0.9.1 to v0.11.0
- support psi
- feat: add Threads for cgroupv2
- Linux.Swap is defined as memory+swap combined, while in cgroup v2 swap is a separate value
- fix(): support re-enabling oom killer refs #307 by @kestrelcjx

full diff: https://github.com/containerd/cgroups/compare/v3.0.2...v3.0.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-05 13:18:14 +01:00
Sebastiaan van Stijn
12128189eb
vendor: github.com/cilium/ebpf v0.11.0
full diff: https://github.com/cilium/ebpf/compare/v0.9.1...v0.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-05 13:14:49 +01:00
Sebastiaan van Stijn
fc8fcf85a2
vendor: github.com/opencontainers/runc v1.1.11
This is the eleventh patch release in the 1.1.z release branch of runc.
It primarily fixes a few issues with runc's handling of containers that
are configured to join existing user namespaces, as well as improvements
to cgroupv2 support.

- Fix several issues with userns path handling.
- Support memory.peak and memory.swap.peak in cgroups v2.
  Add swapOnlyUsage in MemoryStats. This field reports swap-only usage.
  For cgroupv1, Usage and Failcnt are set by subtracting memory usage
  from memory+swap usage. For cgroupv2, Usage, Limit, and MaxUsage
  are set.
- build(deps): bump github.com/cyphar/filepath-securejoin.

- release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.11
- full diff: https://github.com/opencontainers/runc/compare/v1.1.10...v1.1.11

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2024-01-02 16:29:43 +01:00
Sebastiaan van Stijn
dc23efd3a2
vendor: github.com/klauspost/compress v1.17.4
full diff: https://github.com/klauspost/compress/compare/v1.17.2...v1.17.4

v1.17.4:

- huff0: Speed up symbol counting
- huff0: Remove byteReader
- gzhttp: Allow overriding decompression on transport
- gzhttp: Clamp compression level
- gzip: Error out if reserved bits are set

v1.17.3:

- fse: Fix max header size
- zstd: Improve better/best compression
- gzhttp: Fix missing content type on Close

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-27 10:23:44 +01:00
Sebastiaan van Stijn
c22fc41ddf
vendor: golang.org/x/crypto v0.17.0
update the package, which contains a fix in the ssh package.

full diff: https://github.com/golang/crypto/compare/v0.16.0...v0.17.0

from the security mailing:

> Hello gophers,
>
> Version v0.17.0 of golang.org/x/crypto fixes a protocol weakness in the
> golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise
> the integrity of the secure channel before it was established, allowing
> them to prevent transmission of a number of messages immediately after
> the secure channel was established without either side being aware.
>
> The impact of this attack is relatively limited, as it does not compromise
> confidentiality of the channel. Notably this attack would allow an attacker
> to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a
> handful of newer security features.
>
> This protocol weakness was also fixed in OpenSSH 9.6.
>
> Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk from Ruhr
> University Bochum for reporting this issue.
>
> This is CVE-2023-48795 and Go issue https://go.dev/issue/64784.
>
> Cheers,
> Roland on behalf of the Go team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-19 00:30:17 +01:00
Sebastiaan van Stijn
e48b58e1be
vendor: golang.org/x/crypto v0.16.0
full diff: https://github.com/golang/crypto/compare/v0.14.0...v0.16.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:39:50 +01:00
Sebastiaan van Stijn
44511f9e43
vendor: golang.org/x/text v0.14.0
full diff: https://github.com/golang/text/compare/v0.13.0...v0.14.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:38:46 +01:00
Sebastiaan van Stijn
2cdd4906ac
vendor: golang.org/x/sys v0.15.0
full diff: https://github.com/golang/sys/compare/v0.13.0...v0.15.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-18 13:37:57 +01:00
Bjorn Neergaard
cd41f655f9
logger: remove logentries driver
The Logentries service will be discontinued next week:

> Dear Logentries user,
>
> We have identified you as the owner of, or collaborator of, a Logentries account.
>
> The Logentries service will be discontinued on November 15th, 2022. This means that your Logentries account access will be removed and all your log data will be permanently deleted on this date.
>
> Next Steps
> If you are interested in an alternative Rapid7 log management solution, InsightOps will be available for purchase through December 16th, 2022. Please note, there is no support to migrate your existing Logentries account to InsightOps.
>
> Thank you for being a valued user of Logentries.
>
> Thank you,
> Rapid7 Customer Success

There is no reason to preserve this code in Moby as a result.

Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 22:51:23 +01:00
Sebastiaan van Stijn
dbdfc71026
vendor: resenje.org/singleflight v0.4.1
- fix race when returning call.shared

full diff: https://github.com/janos/singleflight/compare/v0.4.0...v0.4.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 16:07:13 +01:00
Sebastiaan van Stijn
7d991b6e42
vendor: github.com/moby/buildkit v0.12.5-0.20231208203051-3b6880d2a00f
full diff: https://github.com/moby/buildkit/compare/v0.12.4...3b6880d2a00fd6080019118ef40515be905e58db

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 11:58:48 +01:00
Sebastiaan van Stijn
fcf03cdfa9
vendor: github.com/containerd/containerd v1.7.11
full diff: https://github.com/containerd/containerd/compare/v1.7.10...v1.7.11

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 11:58:47 +01:00
Sebastiaan van Stijn
7028a03ffa
vendor: github.com/containerd/containerd v1.7.10
full diff: https://github.com/containerd/containerd/compare/v1.7.9...v1.7.10

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 11:58:47 +01:00
Sebastiaan van Stijn
49ad10261e
vendor: github.com/containerd/containerd v1.7.9
full diff: https://github.com/containerd/containerd/compare/v1.7.8...v1.7.9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 11:58:47 +01:00
Sebastiaan van Stijn
c14bd4f1ad
vendor: vendor: upgrade OpenTelemetry to v1.19.0 / v0.45.0
Upgrade to the latest OpenTelemetry libraries; this will unblock a lot of
downstream projects in the ecosystem to upgrade, as some of the parts here
were pre-1.0/unstable.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-12 11:58:44 +01:00
Sebastiaan van Stijn
291eaf0a77
vendor: github.com/cyphar/filepath-securejoin v0.2.4
update the dependency to v0.2.4 to prevent scanners from flagging the
vulnerability (GHSA-6xv5-86q9-7xr8 / GO-2023-2048). Note that that vulnerability
only affects Windows, and is currently only used in runc/libcontainer, so should
not impact our use (as that code is Linux-only).

full diff: https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-11 13:59:37 +01:00
Sebastiaan van Stijn
12c70b4386
vendor: github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0
full diff: https://github.com/grpc-ecosystem/grpc-gateway/compare/v2.11.3...v2.16.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-08 18:59:40 +01:00
Sebastiaan van Stijn
a0615f6839
vendor: github.com/felixge/httpsnoop v1.0.4
full diff: https://github.com/felixge/httpsnoop/compare/v1.0.3...v1.0.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-08 18:59:36 +01:00
Paweł Gronowski
c8134fa046
vendor: github.com/moby/buildkit v0.12.4
full diff: https://github.com/moby/buildkit/compare/v0.12.3...v0.12.4

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-12-04 10:56:20 +01:00
Sebastiaan van Stijn
faa843fcef
vendor: github.com/gorilla/mux v1.8.1
full diff: https://github.com/gorilla/mux/compare/v1.8.0...v1.8.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-01 12:48:09 +01:00
Sebastiaan van Stijn
028ed1bb22
vendor: github.com/spf13/cobra v1.8.0
full diff: https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-12-01 11:01:59 +01:00
Sebastiaan van Stijn
2f28582b55
vendor: github.com/Microsoft/hcsshim v0.11.4
full diff: https://github.com/Microsoft/hcsshim/compare/v0.11.1...v0.11.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-19 13:12:22 +01:00
Sebastiaan van Stijn
fb53da508f
vendor: github.com/opencontainers/runc v1.1.10
- full diff: https://github.com/opencontainers/runc/compare/v1.1.9...v1.1.10
- release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.10

This is the tenth (and most likely final) patch release in the 1.1.z
release branch of runc. It mainly fixes a few issues in cgroups, and a
umask-related issue in tmpcopyup.

- Add support for `hugetlb.<pagesize>.rsvd` limiting and accounting.
  Fixes the issue of postgres failing when hugepage limits are set.
- Fixed permissions of a newly created directories to not depend on the value
  of umask in tmpcopyup feature implementation.
- libcontainer: cgroup v1 GetStats now ignores missing `kmem.limit_in_bytes`
  (fixes the compatibility with Linux kernel 6.1+).
- Fix a semi-arbitrary cgroup write bug when given a malicious hugetlb
  configuration. This issue is not a security issue because it requires a
  malicious config.json, which is outside of our threat model.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-13 16:26:29 +01:00
Sebastiaan van Stijn
981a878cf5
vendor: github.com/docker/go-connections fa09c952e3ea (v0.5.0-dev)
0b8c1f4e07...fa09c952e3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-10 23:23:37 +01:00
Sam Whited
8074e7a437
Bump go-connections for TLS 1.3 support
Fixes 40495

Signed-off-by: Sam Whited <sam@samwhited.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-11-08 17:58:50 +01:00
Evan Lezar
49e04102c1 Update container-device-interface to v0.6.2
This includes migrating from the github.com/container-orchestrated-devices
repo to tags.cncf.io.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2023-11-04 01:00:19 +01:00
Sebastiaan van Stijn
38c4ceb00a
vendor: github.com/containerd/containerd v1.7.8
release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8
full diff: https://github.com/containerd/containerd/compare/v1.7.7...v1.7.8

Notable Updates

- Fix ambiguous TLS fallback
- Update Go to 1.20.10
- Add a new image label on converted schema 1 images
- Fix handling for missing basic auth credentials
- Fix potential deadlock in create handler for containerd-shim-runc-v2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-27 00:44:49 +02:00
Sebastiaan van Stijn
34f5793521
vendor: google.golang.org/grpc v1.58.3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-27 00:43:19 +02:00
Sebastiaan van Stijn
bd23c7729e
vendor: golang.org/x/tools v0.10.0
full diff:  https://github.com/golang/tools/compare/v0.8.0...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-27 00:36:59 +02:00
Sebastiaan van Stijn
205e4de3fd
vendor: golang.org/x/mod v0.11.0
no changes in vendored files

full diff: https://github.com/golang/mod/compare/v0.10.0...v0.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-27 00:35:25 +02:00
Sebastiaan van Stijn
df3a321164
migrate to github.com/moby/sys/user
The github.com/opencontainers/runc/libcontainer/user package was moved
to a separate module. While there's still uses of the old module in
our code-base, runc itself is migrating to the new module, and deprecated
the old package (for runc 1.2).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-24 15:45:02 +02:00
Sebastiaan van Stijn
f2c67ea82f
vendor: github.com/klauspost/compress v1.17.2
fixes data corruption with zstd output in "best"

- 1.17.2 diff: https://github.com/klauspost/compress/compare/v1.17.1...v1.17.2
- full diff: https://github.com/klauspost/compress/compare/v1.16.5...v1.17.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-23 16:32:24 +02:00
Bjorn Neergaard
619d98ab49
vendor: github.com/moby/buildkit v0.12.3
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com>
2023-10-20 12:01:52 -06:00
Sebastiaan van Stijn
7bb54c3dc5
vendor: gotest.tools/v3 v3.5.1
full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.5.0..v3.5.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-18 14:37:07 +02:00
Sebastiaan van Stijn
70589b8548
Merge pull request #46665 from thaJeztah/update_image_spec
vendor: github.com/opencontainers/image-spec v1.1.0-rc5 and use OCI consts
2023-10-18 10:23:22 +02:00
Sebastiaan van Stijn
1f965317b6
Merge pull request #46457 from thaJeztah/bump_swarmkit
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230911190601-f082dd7a0cee
2023-10-18 10:20:38 +02:00
Sebastiaan van Stijn
e3feb05175
vendor: github.com/opencontainers/image-spec v1.1.0-rc5
full diff: https://github.com/opencontainers/image-spec/compare/v1.1.0-rc4...v1.1.0-rc5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-17 14:03:41 +02:00
Sebastiaan van Stijn
26730c891a
vendor: google.golang.org/grpc v1.56.3
server: prohibit more than MaxConcurrentStreams handlers from running at once
(CVE-2023-44487).

In addition to this change, applications should ensure they do not leave running
tasks behind related to the RPC before returning from method handlers, or should
enforce appropriate limits on any such work.

- https://github.com/grpc/grpc-go/compare/v1.56.2...v1.56.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-10-16 20:37:51 +02:00