search

buildpacks / imgutil

Helpful utilities for working with images
Apache License 2.0
24 stars 41 forks source link

Bump the go-dependencies group with 4 updates #229

Closed dependabot[bot] closed 10 months ago

dependabot[bot] commented 10 months ago

Bumps the go-dependencies group with 4 updates: github.com/docker/docker, github.com/google/go-cmp, github.com/google/go-containerregistry and golang.org/x/sync.

Updates github.com/docker/docker from 24.0.2+incompatible to 24.0.7+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v24.0.7

24.0.7

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • Write overlay2 layer metadata atomically. moby/moby#46703
  • Fix "Rootful-in-Rootless" Docker-in-Docker on systemd version 250 and later. moby/moby#46626
  • Fix dockerd-rootless-setuptools.sh when username contains a backslash. moby/moby#46407
  • Fix a bug that would prevent network sandboxes to be fully deleted when stopping containers with no network attachments and when dockerd --bridge=none is used. moby/moby#46702
  • Fix a bug where cancelling an API request could interrupt container restart. moby/moby#46697
  • Fix an issue where containers would fail to start when providing --ip-range with a range larger than the subnet. docker/for-mac#6870
  • Fix data corruption with zstd output. moby/moby#46709
  • Fix the conditions under which the container's MAC address is applied. moby/moby#46478
  • Improve the performance of the stats collector. moby/moby#46448
  • Fix an issue with source policy rules ending up in the wrong order. moby/moby#46441

Packaging updates

Security

v24.0.6

24.0.6

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • containerd storage backend: Fix docker ps failing when a container image is no longer present in the content store. moby/moby#46095
  • containerd storage backend: Fix docker ps -s -a and docker container prune failing when a container image config is no longer present in the content store. moby/moby#46097
  • containerd storage backend: Fix docker inspect failing when a container image config is no longer (or was never) present in the content store. moby/moby#46244
  • containerd storage backend: Fix diff and export with the overlayfs snapshotter by using reference-counted rootfs mounts. moby/moby#46266
  • containerd storage backend: Fix a misleading error message when the image platforms available locally do not match the desired platform. moby/moby#46300
  • containerd storage backend: Fix the FROM scratch Dockerfile instruction with the classic builder. moby/moby#46302
  • containerd storage backend: Fix mismatched image rootfs and manifest layers errors with the classic builder. moby/moby#46310

... (truncated)

Commits
  • 311b9ff Merge pull request #46697 from thaJeztah/24.0_backport_restart_nocancel
  • af60804 Merge pull request from GHSA-jq35-85cj-fj4p
  • 3cf363e Merge pull request #46709 from thaJeztah/24.0_backport_bump_compress
  • 05d7386 daemon: daemon.containerRestart: don't cancel restart on context cancel
  • 649c944 Merge pull request #46703 from thaJeztah/24.0_backport_atomic-layer-data-write
  • 9b20b1a Merge pull request #46702 from thaJeztah/24.0_backport_releaseNetwork_Network...
  • dd37b0b vendor: github.com/klauspost/compress v1.17.2
  • 7058c0d vendor: github.com/klauspost/compress v1.16.5
  • 57bd388 daemon: overlay2: Write layer metadata atomically
  • 05d95fd daemon: release sandbox even when NetworkDisabled
  • Additional commits viewable in compare view


Updates github.com/google/go-cmp from 0.5.9 to 0.6.0

Release notes

Sourced from github.com/google/go-cmp's releases.

v0.6.0

New API:

  • (#340) Add cmpopts.EquateComparable

Documentation changes:

  • (#337) Use of hotlinking of Go identifiers

Build changes:

  • (#325) Remove purego fallbacks

Testing changes:

  • (#322) Run tests for Go 1.20 version
  • (#332) Pin GitHub action versions
  • (#327) set workflow permission to read-only
Commits


Updates github.com/google/go-containerregistry from 0.15.2 to 0.16.1

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.16.1

Release is broken due to goreleaser error, 0.16.1 has the fix

What's Changed

New Contributors

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.15.2...v0.16.1

Container Images

https://gcr.io/go-containerregistry/crane:v0.16.1 https://gcr.io/go-containerregistry/gcrane:v0.16.1

For example:

docker pull gcr.io/go-containerregistry/crane:v0.16.1
docker pull gcr.io/go-containerregistry/gcrane:v0.16.1

v0.16.0

Release is broken due to goreleaser error, 0.16.1 has the fix

Commits
  • a54d642 fix: pin to goreleaser v1.18 to unblock release (#1763)
  • ea19b57 Return OCI Index content-type for referrers response (#1762)
  • b850480 Drop localhost to support crane registry serve in a container (#1746)
  • fe268b7 Don't try cross-origin mounting against dockerhub (#1743)
  • 2472cbb Let the filesystem handle atomicity (#1735)
  • db818dc Use RWLock, limit scope of locking, write digest first (#1734)
  • 44a6e2e Allow concurrent blob Sets, use RWMutex (#1733)
  • 9010ce1 Correct crane registry help text (#1732)
  • 03ad2ac add --blobs-to-disk to 'crane registry serve' (#1731)
  • 4e4b03a Don't load into daemon if the image already exists (#1724)
  • Additional commits viewable in compare view


Updates golang.org/x/sync from 0.3.0 to 0.4.0

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions