Bump golang.org/x/net from 0.10.0 to 0.23.0 in /client

[dependabot[bot]]

Bumps golang.org/x/net from 0.10.0 to 0.23.0.

Commits

• c48da13 http2: fix TestServerContinuationFlood flakes
• 762b58d http2: fix tipos in comment
• ba87210 http2: close connections when receiving too many headers
• ebc8168 all: fix some typos
• 3678185 http2: make TestCanonicalHeaderCacheGrowth faster
• 448c44f http2: remove clientTester
• c7877ac http2: convert the remaining clientTester tests to testClientConn
• d8870b0 http2: use synthetic time in TestIdleConnTimeout
• d73acff http2: only set up deadline when Server.IdleTimeout is positive
• 89f602b http2: validate client/outgoing trailers
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/docker/volumes-backup-extension/network/alerts).

[github-actions[bot]]

:mag: Vulnerabilities of docker/volumes-backup-extension:pr-135

:package: Image Reference docker/volumes-backup-extension:pr-135

digest	sha256:b116e034e299b0b8f4ed0b7fd7947014df0a21812e64689b477d5af8e8619dd0
vulnerabilities
size	45 MB
packages	54

:package: Base Image busybox:1.35

also known as	1.35-uclibc 1.35.0 1.35.0-uclibc unstable unstable-uclibc
digest	sha256:505e5e20edbb5f2ac0abe3622358daf2f4a4c818eea0498445b7248e39db6728
vulnerabilities

golang.org/x/net 0.10.0 (golang) pkg:golang/golang.org/x/net@0.10.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00212 EPSS Percentile 0.59135 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

[github-actions[bot]]

Docker image tag(s) pushed:

docker/volumes-backup-extension:pr-135

Labels added to images:

org.opencontainers.image.created=2024-05-22T15:52:27.940Z
org.opencontainers.image.description=Back up, clone, restore, and share Docker volumes effortlessly.
org.opencontainers.image.licenses=Apache-2.0
org.opencontainers.image.revision=
org.opencontainers.image.source=https://github.com/docker/volumes-backup-extension
org.opencontainers.image.title=volumes-backup-extension
org.opencontainers.image.url=https://github.com/docker/volumes-backup-extension
org.opencontainers.image.version=pr-135

[github-actions[bot]]

Overview

Image reference	docker/volumes-backup-extension:latest	docker/volumes-backup-extension:pr-135
- digest	7e0c74d545f4	b116e034e299
- provenance	https://github.com/docker/volumes-backup-extension.git#d97b9ba5a93b7318337d84a2dcee74642fdb2203/commit/d97b9ba5a93b7318337d84a2dcee74642fdb2203
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	40 MB	45 MB (+5.0 MB)
- packages	51	54 (+3)
Base Image	busybox:1.35 also known as: • 1.35-uclibc • 1.35.0 • 1.35.0-uclibc	busybox:1.35 also known as: • 1.35-uclibc • 1.35.0 • 1.35.0-uclibc
- vulnerabilities

Environment Variables (2 changes)

> * `±` 2 changed > * _1 unchanged_ ```diff -BUGSNAG_APP_VERSION= +BUGSNAG_APP_VERSION=latest -BUGSNAG_RELEASE_STAGE=production +BUGSNAG_RELEASE_STAGE=local PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ```

Labels (2 changes)

> * `-` 2 removed > * _11 unchanged_ ```diff com.docker.desktop.extension.api.version=>= 0.2.3 com.docker.desktop.extension.icon=https://raw.githubusercontent.com/docker/volumes-backup-extension/main/icon.svg com.docker.extension.additional-urls=[ {"title":"Support", "url":"https://github.com/docker/volumes-backup-extension/issues"} ] com.docker.extension.categories=volumes com.docker.extension.changelog=

• Fix MUI missing license.

com.docker.extension.detailed-description=

The functionality in this extension is now available as a Beta feature in the Volumes tab in Docker Desktop versions 4.29.0 and later. This extension will be deprecated once the features are out of Beta. Learn more

With Volumes Backup & Share you can easily create copies of your volumes and also share them with others through SSH or pushing them to a registry.

✨ What can you do with this extension?

• Export a volume:
• To a compressed file in your local filesystem
• To an existing local image
• To a new local image
• To a new image in Docker Hub (or another registry)
• Import data into a new container or into an existing container:
• From a compressed file in your local filesystem
• From an existing image
• From an existing image in Docker Hub (or another registry)
• Transfer a volume via SSH to another host that runs Docker Desktop or Docker engine.
• Clone, empty or delete a volume

Acknowledgements

• Vackup project by Bret Fisher
• Building Vackup - LiveStream on YouTube
com.docker.extension.publisher-url=https://www.docker.com/ com.docker.extension.screenshots=[ {"alt": "Home page - list of volumes", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/1-table.png"}, {"alt": "Import data into a new volume", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/2-import-new.png"}, {"alt": "Export volume dialog", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/3-export.png"}, {"alt": "Transfer volume to another host", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/4-transfer.png"}, {"alt": "Clone volume dialog", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/5-clone.png"}, {"alt": "Delete volume dialog", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/6-delete.png"} ] org.opencontainers.image.description=Backup, clone, restore, and share Docker volumes effortlessly. Also available as a Beta feature in the Volumes tab in Docker Desktop version 4.29.0 and later. This extension will be soon deprecated. -org.opencontainers.image.revision=d97b9ba5a93b7318337d84a2dcee74642fdb2203 -org.opencontainers.image.source=https://github.com/docker/volumes-backup-extension org.opencontainers.image.title=Volumes Backup & Share org.opencontainers.image.vendor=Docker Inc. ```

Policies (1 improved, 1 worsened, 1 missing data)

| Policy Name | `docker/volumes-backup-extension:latest` | `docker/volumes-backup-extension:pr-135` | Change | Standing | |-------------|---------------|--------------------|--------|---| |Copyleft licenses | :white_check_mark: | :white_check_mark: | | No Change | |Default non-root user | :warning: | :warning: | | No Change | |Fixable critical and high vulnerabilities | :warning: 1 | :warning: 1 | | No Change | |High-profile vulnerabilities | :warning: 1 | :white_check_mark: | -1 | Improved | |Outdated base images | :white_check_mark: | :question: No data | | | |Supply chain attestations | :white_check_mark: | :warning: 2 | +2 | Worsened |

Packages and Vulnerabilities (2 package changes and 0 vulnerability changes)

> * :infinity: 2 packages changed > * 48 packages unchanged

Changes for packages of type golang (2 changes)

	Package	Version docker/volumes-backup-extension:latest	Version docker/volumes-backup-extension:pr-135
:infinity:	golang.org/x/net	0.10.0	0.23.0
		Removed vulnerabilities (1):
:infinity:	stdlib	1.21.9	go1.21.10

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.