build(deps): bump the dependencies group with 10 updates #141

dependabot · 2024-03-01T04:42:13Z

Bumps the dependencies group with 10 updates:

Package	From	To
github.com/fsouza/go-dockerclient	`1.10.1`	`1.10.2`
github.com/Scalingo/go-utils/errors/v2	`2.3.0`	`2.4.0`
github.com/containerd/containerd	`1.7.11`	`1.7.13`
github.com/docker/docker	`24.0.7+incompatible`	`25.0.2+incompatible`
github.com/docker/go-connections	`0.4.0`	`0.5.0`
github.com/klauspost/compress	`1.17.4`	`1.17.7`
github.com/opencontainers/image-spec	`1.1.0-rc5`	`1.1.0`
golang.org/x/mod	`0.14.0`	`0.15.0`
golang.org/x/sys	`0.15.0`	`0.16.0`
golang.org/x/tools	`0.16.1`	`0.18.0`

Updates github.com/fsouza/go-dockerclient from 1.10.1 to 1.10.2

Release notes

Sourced from github.com/fsouza/go-dockerclient's releases.

Version compatible with Docker 1.9 and Go 1.4

This has a special tag name to make it clear that it was the latest version compatible with Docker 1.9 and Go 1.4.

Commits

2359f27 testing: fix test
62fc35f [testing/server] return container labels when listing containers
e463126 Go 1.22 is out, adopt Go 1.21 features
a0b4d06 build(deps): bump github.com/docker/docker (#1032)
f52cf77 build(deps): bump github.com/docker/docker (#1029)
9740065 build(deps): bump github.com/docker/docker (#1028)
f1ef9d7 build(deps): bump golang.org/x/term from 0.15.0 to 0.16.0 (#1027)
See full diff in compare view

Updates github.com/Scalingo/go-utils/errors/v2 from 2.3.0 to 2.4.0

Commits

16c9a45 Merge pull request #839 from Scalingo/release/errors/2.4.0
97b9c83 [errors] Bump v2.4.0
812847e Merge pull request #838 from Scalingo/fix/errors/deprecate_errgo
50ee664 fix(errors): do not use errgo in New methods
49be268 docs(errors): deprecate use of errgo in ErrCtx
6a50320 Merge pull request #837 from Scalingo/dependabot/go_modules/nsqproducer/depen...
30ca3ed build(deps): bump the dependencies group in /nsqproducer with 1 update
f6d9ddb Merge pull request #836 from Scalingo/dependabot/go_modules/mongo/dependencie...
dd12d74 build(deps): bump the dependencies group in /mongo with 1 update
dc2acd5 Merge pull request #835 from Scalingo/dependabot/go_modules/concurrency/depen...
Additional commits viewable in compare view

Updates github.com/containerd/containerd from 1.7.11 to 1.7.13

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.13

Welcome to the v1.7.13 release of containerd!

The thirteenth patch release for containerd 1.7 updates the runc binary in the release builds to address CVE-2024-21626

Notable Updates

Update runc binary to v1.1.12 (GHSA-xr7r-f8xq-vfvv)

Update seccomp profile for new syscalls added since Linux 5.16 (#9693)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

Derek McGowan

Akihiro Suda

Evan Lezar

Paweł Gronowski

Phil Estes

Wei Fu

Changes

Prepare v1.7.13 and update runc to v1.1.12 (#9724)

b97e611b9 Prepare release notes for v1.7.13

2e7fa14db Update runc binary to v1.1.12

[release/1.7] seccomp: kernel 6.7 (#9693)

1bed37871 seccomp: kernel 6.7

[release/1.7] Update container-device-interface to v0.6.2 (#9685)

14628d4aa Update container-device-interface to v0.6.2

[release/1.7] content: Add InfoReaderProvider (#9658)

836477930 content: Add InfoReaderProvider

Dependency Changes

tags.cncf.io/container-device-interface v0.6.2 new

tags.cncf.io/container-device-interface/specs-go v0.6.0 new

Previous release can be found at v1.7.12

containerd 1.7.12

Welcome to the v1.7.12 release of containerd!

... (truncated)

Commits

7c3aca7 Merge pull request #9724 from dmcgowan/prepare-v1.7.13
b97e611 Prepare release notes for v1.7.13
2e7fa14 Update runc binary to v1.1.12
cbda56b Merge pull request #9693 from k8s-infra-cherrypick-robot/cherry-pick-9684-to-...
1bed378 seccomp: kernel 6.7
1944259 Merge pull request #9685 from elezar/dependency-update-container-device-inter...
14628d4 Update container-device-interface to v0.6.2
8c780b7 Merge pull request #9658 from vvoland/contentprovider-1.7
8364779 content: Add InfoReaderProvider
71909c1 Merge pull request #9632 from dmcgowan/prepare-v1.7.12
Additional commits viewable in compare view

Updates github.com/docker/docker from 24.0.7+incompatible to 25.0.2+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v25.0.2

25.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 25.0.2 milestone

moby/moby, 25.0.2 milestone

Security

This release contains security fixes for the following CVEs affecting Docker Engine and its components.

CVE Component Fix version Severity

CVE-2024-21626 runc 1.1.12 High, CVSS 8.6

CVE-2024-23651 BuildKit 1.12.5 High, CVSS 8.7

CVE-2024-23652 BuildKit 1.12.5 High, CVSS 8.7

CVE-2024-23653 BuildKit 1.12.5 High, CVSS 7.7

CVE-2024-23650 BuildKit 1.12.5 Medium, CVSS 5.5

CVE-2024-24557 Docker Engine 25.0.2 Medium, CVSS 6.9

The potential impacts of the above vulnerabilities include:

Unauthorized access to the host filesystem

Compromising the integrity of the build cache

In the case of CVE-2024-21626, a scenario that could lead to full container escape

For more information about the security issues addressed in this release, refer to the blog post. For details about each vulnerability, see the relevant security advisory:

CVE-2024-21626

CVE-2024-23651

CVE-2024-23652

CVE-2024-23653

CVE-2024-23650

CVE-2024-24557

Packaging updates

Upgrade containerd to v1.6.28.

Upgrade containerd to v1.7.13 (static binaries only). moby/moby#47280

Upgrade runc to v1.1.12. moby/moby#47269

Upgrade Compose to v2.24.5. docker/docker-ce-packaging#985

Upgrade BuildKit to v0.12.5. moby/moby#47273

v25.0.1

25.0.1

... (truncated)

Commits

fce6e0c Merge pull request from GHSA-xw73-rw38-6vjc
d838e68 Merge pull request #47269 from thaJeztah/25.0_backport_bump_runc_binary_1.1.12
fa0d415 Merge pull request #47280 from thaJeztah/25.0_backport_bump_containerd_binary...
06e22dc Merge pull request #47275 from vvoland/vendor-bk-0.12.5-25
b73ee94 Merge pull request #47274 from thaJeztah/25.0_backport_bump_runc_1.1.12
fd6a419 update containerd binary to v1.7.13
13ce918 vendor: github.com/moby/buildkit v0.12.5
4b63c47 vendor: github.com/opencontainers/runc v1.1.12
4edb71b update runc binary to v1.1.12
667bc3f Merge pull request #47265 from vvoland/ci-fix-makeps1-templatefail-25
Additional commits viewable in compare view

Updates github.com/docker/go-connections from 0.4.0 to 0.5.0

Commits

fa09c95 Merge pull request #108 from thaJeztah/carry_6
7a67a58 Swap CloseRead and CloseWrite
481d3d2 Merge pull request #107 from thaJeztah/drop_legacy_go
9548f9f tlsconfig: remove deprecated io/ioutil
c564c21 drop support for go1.17 and older
7cbebcf gha: update actions
2cf423f tlsconfig: move allTLSVersions var
dca283b tlsconfig: drop support for go1.12 and older
21876c5 tlsconfig: drop support for go1.6 and older
4d174db tlsconfig: drop support for go1.4 and older
Additional commits viewable in compare view

Updates github.com/klauspost/compress from 1.17.4 to 1.17.7

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.17.7

What's Changed

s2: Add AsyncFlush method: Complete the block without flushing by @Jille in klauspost/compress#927

s2: Fix literal+repeat exceeds dst crash by @klauspost in klauspost/compress#930

Full Changelog: klauspost/compress@v1.17.6...v1.17.7

v1.17.6

What's Changed

zstd: Fix incorrect repeat coding in best mode by @klauspost in klauspost/compress#923

s2: Fix DecodeConcurrent deadlock on errors by @klauspost in klauspost/compress#925

build: Remove garble compiler by @klauspost in klauspost/compress#924

Full Changelog: klauspost/compress@v1.17.5...v1.17.6

v1.17.5

What's Changed

flate: Fix reset with dictionary on custom window encodes by @klauspost in klauspost/compress#912

zstd: Limit better/best default window to 8MB by @klauspost in klauspost/compress#913

zstd: Shorter and faster asm for decSymbol.newState by @greatroar in klauspost/compress#896

zstd: Add Frame header encoding and stripping by @klauspost in klauspost/compress#908

zstd: Tweak noasm FSE decoder by @greatroar in klauspost/compress#910

s2: Fix callbacks for skippable blocks and disallow 0xfe (Padding) for custom use by @Jille in klauspost/compress#916

s2: Fix incorrect length encoded by writer.AddSkippableBlock by @Jille in klauspost/compress#917

s2: Fix up AddSkippableBlock more by @klauspost in klauspost/compress#919

s2: Document and test how to peek the stream for skippable blocks by @Jille in klauspost/compress#918

internal/race,s2: add some race instrumentation by @egonelbre in klauspost/compress#903

build(deps): bump the github-actions group with 4 updates by @dependabot in klauspost/compress#900

CI: Hash pin sensitive actions and configure Dependabot to automatically update them by @diogoteles08 in klauspost/compress#899

Update generator and executable go.mod by @klauspost in klauspost/compress#904

Update README.md by @pelenium in klauspost/compress#905

build(deps): bump the github-actions group with 1 update by @dependabot in klauspost/compress#906

New Contributors

@pelenium made their first contribution in klauspost/compress#905

@Jille made their first contribution in klauspost/compress#916

Full Changelog: klauspost/compress@v1.17.4...v1.17.5

Commits

1e2b275 tests: Rename fuzz helpers back. (#931)
68b7039 s2: Fix literal+repeat exceeds dst (#930)
5895eb4 s2: Add AsyncFlush method: Complete the block without flushing (#927)
4c49017 ci: Build with Go 1.22.x - deprecate 1.19 (#926)
8e5ae40 Update README.md
255a132 s2: Fix DecodeConcurrent deadlock on errors (#925)
e8251aa build: Remove garble compiler (#924)
32f34cf build(deps): bump the github-actions group with 1 update (#921)
aac36dc zstd: Fix incorrect repeat coding in best mode (#923)
9b0f130 Update README.md
Additional commits viewable in compare view

Updates github.com/opencontainers/image-spec from 1.1.0-rc5 to 1.1.0

Release notes

Sourced from github.com/opencontainers/image-spec's releases.

v1.1.0

Vote Passed [+7-0] - https://groups.google.com/a/opencontainers.org/g/dev/c/Cnk6H9C4aag Release PR : opencontainers/image-spec#1161 Full Changelog: opencontainers/image-spec@v1.0.2...v1.1.0

Associated Distribution Specification Release - https://github.com/opencontainers/distribution-spec/releases/tag/v1.1.0

v1.1.0-rc6

Vote passed [+6 -0] - https://groups.google.com/a/opencontainers.org/g/dev/c/HOxZlfhr9-o

For changeset and diff please see - opencontainers/image-spec#1157

Commits

e7f7c0c version: release v1.1.0
365fa41 Merge pull request #1160 from sudo-bmitch/pr-subject-dag-association
d0f90e6 Clarify that subject references a separate DAG
9703222 Merge pull request #1157 from sudo-bmitch/pr-v1.1.0-rc6
8b1e951 version: bump back to +dev
6c2b5fa version: release v1.1.0-rc6
56fb783 Merge pull request #1107 from sudo-bmitch/pr-release-notice
a6d741a Merge pull request #1148 from dejanu/update_oci_implementations
53d9855 new section for projects no longer maintained
ceeb2eb Merge pull request #1114 from sudo-bmitch/pr-go-1.21
Additional commits viewable in compare view

Updates golang.org/x/mod from 0.14.0 to 0.15.0

Commits

fa1ba42 sumdb: replace globsMatchPath with module.MatchPrefixPatterns
See full diff in compare view

Updates golang.org/x/sys from 0.15.0 to 0.16.0

Commits

0829ab1 windows: add SetFileValidData
32cdffc unix: don't redefine constants already defined in glibc headers
f0c7190 unix: remove extra trailing newlines in zsyscall_openbsd_*.go
5ff87d7 unix: add Netfilter and NFTables constants
See full diff in compare view

Updates golang.org/x/tools from 0.16.1 to 0.18.0

Commits

c5643e9 gopls/internal/server: fix two bugs related to dynamic configuration
50b4f1b gopls/internal/golang: close open file
f0ef3c6 gopls: update x/telemetry dependency to fix crash
8cf0a8e gopls: record that v0.15 will be the last to support go1.18
730dc3c gopls/internal/settings: add a hidden option to disable zero config
95f04f4 gopls/internal/golang: add resolve support for inline refactorings
9619683 gopls/internal/cache: treat local replaces as workspace modules
a5af84e gopls/internal/cache: check views on any on-disk change to go.mod files
a7407fa gopls: update telemetry
314368d go/analysis/passes/deepequalerrors: audit for types.Alias safety
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 10 updates: | Package | From | To | | --- | --- | --- | | [github.com/fsouza/go-dockerclient](https://github.com/fsouza/go-dockerclient) | `1.10.1` | `1.10.2` | | [github.com/Scalingo/go-utils/errors/v2](https://github.com/Scalingo/go-utils) | `2.3.0` | `2.4.0` | | [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.11` | `1.7.13` | | [github.com/docker/docker](https://github.com/docker/docker) | `24.0.7+incompatible` | `25.0.2+incompatible` | | [github.com/docker/go-connections](https://github.com/docker/go-connections) | `0.4.0` | `0.5.0` | | [github.com/klauspost/compress](https://github.com/klauspost/compress) | `1.17.4` | `1.17.7` | | [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec) | `1.1.0-rc5` | `1.1.0` | | [golang.org/x/mod](https://github.com/golang/mod) | `0.14.0` | `0.15.0` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.15.0` | `0.16.0` | | [golang.org/x/tools](https://github.com/golang/tools) | `0.16.1` | `0.18.0` | Updates `github.com/fsouza/go-dockerclient` from 1.10.1 to 1.10.2 - [Release notes](https://github.com/fsouza/go-dockerclient/releases) - [Changelog](https://github.com/fsouza/go-dockerclient/blob/main/container_changes_test.go) - [Commits](fsouza/go-dockerclient@v1.10.1...v1.10.2) Updates `github.com/Scalingo/go-utils/errors/v2` from 2.3.0 to 2.4.0 - [Release notes](https://github.com/Scalingo/go-utils/releases) - [Changelog](https://github.com/Scalingo/go-utils/blob/master/CHANGELOG_LEGACY.md) - [Commits](Scalingo/go-utils@v2.3.0...errors/v2.4.0) Updates `github.com/containerd/containerd` from 1.7.11 to 1.7.13 - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v1.7.11...v1.7.13) Updates `github.com/docker/docker` from 24.0.7+incompatible to 25.0.2+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v24.0.7...v25.0.2) Updates `github.com/docker/go-connections` from 0.4.0 to 0.5.0 - [Commits](docker/go-connections@v0.4.0...v0.5.0) Updates `github.com/klauspost/compress` from 1.17.4 to 1.17.7 - [Release notes](https://github.com/klauspost/compress/releases) - [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml) - [Commits](klauspost/compress@v1.17.4...v1.17.7) Updates `github.com/opencontainers/image-spec` from 1.1.0-rc5 to 1.1.0 - [Release notes](https://github.com/opencontainers/image-spec/releases) - [Changelog](https://github.com/opencontainers/image-spec/blob/main/RELEASES.md) - [Commits](opencontainers/image-spec@v1.1.0-rc5...v1.1.0) Updates `golang.org/x/mod` from 0.14.0 to 0.15.0 - [Commits](golang/mod@v0.14.0...v0.15.0) Updates `golang.org/x/sys` from 0.15.0 to 0.16.0 - [Commits](golang/sys@v0.15.0...v0.16.0) Updates `golang.org/x/tools` from 0.16.1 to 0.18.0 - [Release notes](https://github.com/golang/tools/releases) - [Commits](golang/tools@v0.16.1...v0.18.0) --- updated-dependencies: - dependency-name: github.com/fsouza/go-dockerclient dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github.com/Scalingo/go-utils/errors/v2 dependency-type: indirect update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github.com/containerd/containerd dependency-type: indirect update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github.com/docker/docker dependency-type: indirect update-type: version-update:semver-major dependency-group: dependencies - dependency-name: github.com/docker/go-connections dependency-type: indirect update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: github.com/klauspost/compress dependency-type: indirect update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: github.com/opencontainers/image-spec dependency-type: indirect update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: golang.org/x/mod dependency-type: indirect update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: golang.org/x/sys dependency-type: indirect update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: golang.org/x/tools dependency-type: indirect update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-03-27T23:58:32Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 1, 2024

dependabot bot requested a review from Soulou March 1, 2024 04:42

github-actions bot enabled auto-merge March 1, 2024 04:42

dependabot bot closed this Mar 27, 2024

auto-merge was automatically disabled March 27, 2024 23:58
Pull request was closed

dependabot bot deleted the dependabot/go_modules/dependencies-eeb8aa1525 branch March 27, 2024 23:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the dependencies group with 10 updates #141

build(deps): bump the dependencies group with 10 updates #141

dependabot bot commented on behalf of github Mar 1, 2024 •

edited

Loading

dependabot bot commented on behalf of github Mar 27, 2024

CVE	Component	Fix version	Severity
CVE-2024-21626	runc	1.1.12	High, CVSS 8.6
CVE-2024-23651	BuildKit	1.12.5	High, CVSS 8.7
CVE-2024-23652	BuildKit	1.12.5	High, CVSS 8.7
CVE-2024-23653	BuildKit	1.12.5	High, CVSS 7.7
CVE-2024-23650	BuildKit	1.12.5	Medium, CVSS 5.5
CVE-2024-24557	Docker Engine	25.0.2	Medium, CVSS 6.9

build(deps): bump the dependencies group with 10 updates #141

build(deps): bump the dependencies group with 10 updates #141

Conversation

dependabot bot commented on behalf of github Mar 1, 2024 • edited Loading

Version compatible with Docker 1.9 and Go 1.4

containerd 1.7.13

Notable Updates

Contributors

Changes

Dependency Changes

containerd 1.7.12

v25.0.2

25.0.2

Security

Packaging updates

v25.0.1

25.0.1

v1.17.7

What's Changed

v1.17.6

What's Changed

v1.17.5

What's Changed

New Contributors

v1.1.0

v1.1.0-rc6

dependabot bot commented on behalf of github Mar 27, 2024

dependabot bot commented on behalf of github Mar 1, 2024 •

edited

Loading