Restore DNS names for containers in the default "nat" network on Windows. moby/moby#47490
Fix docker start failing when used with --checkpointmoby/moby#47466
Don't enforce new validation rules for existing swarm networks moby/moby#47482
Restore IP connectivity between the host and containers on an internal bridge network. moby/moby#47481
Fix a regression introduced in v25.0 that prevented the classic builder from ADDing a tar archive with xattrs created on a non-Linux OS moby/moby#47483
containerd image store: Fix image pull not emitting Pulling fs layer status moby/moby#47484
API
To preserve backwards compatibility, make read-only mounts not recursive by default when using older clients (API version < v1.44). moby/moby#47393
GET /images/{id}/json omits the Created field (previously it was 0001-01-01T00:00:00Z) if the Created field is missing from the image config. moby/moby#47451
Populate a missing Created field in GET /images/{id}/json with 0001-01-01T00:00:00Z for API version <= 1.43. moby/moby#47387
Fix a regression that caused API socket connection failures to report an API version negotiation failure instead. moby/moby#47470
Preserve supplied endpoint configuration in a container-create API request, when a container-wide MAC address is specified, but NetworkMode name-or-id is not the same as the name-or-id used in NetworkSettings.Networks. moby/moby#47510
Use spaces instead of parentheses for SQL sanitization.
This still solves the problem of negative numbers creating a line comment, but this avoids breaking edge cases such as
set foo to $1 where the substitution is taking place in a location where an arbitrary expression is not allowed.
5.5.4 (March 4, 2024)
Fix CVE-2024-27304
SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer
overflow in the calculated message size can cause the one large message to be sent as multiple messages under the
attacker's control.
Thanks to Paul Gerste for reporting this issue.
Fix behavior of CollectRows to return empty slice if Rows are empty (Felix)
Fix simple protocol encoding of json.RawMessage
Fix *Pipeline.getResults should close pipeline on error
Fix panic in TryFindUnderlyingTypeScanPlan (David Kurman)
Fix deallocation of invalidated cached statements in a transaction
Handle invalid sslkey file
Fix scan float4 into sql.Scanner
Fix pgtype.Bits not making copy of data from read buffer. This would cause the data to be corrupted by future reads.
chore(deps): bump google.golang.org/grpc from 1.61.1 to 1.62.0 in /modules/qdrant (#2281) @dependabot
chore(deps): bump github.com/ClickHouse/clickhouse-go/v2 from 2.18.0 to 2.20.0 in /modules/clickhouse (#2290) @dependabot
chore(deps): bump github.com/Shopify/toxiproxy/v2 from 2.7.0 to 2.8.0 in /examples/toxiproxy (#2282) @dependabot
chore(deps): bump github.com/neo4j/neo4j-go-driver/v5 from 5.16.0 to 5.18.0 in /modules/neo4j (#2278) @dependabot
chore(deps): bump github.com/minio/minio-go/v7 from 7.0.66 to 7.0.68 in /modules/minio (#2304) @dependabot
chore(deps): bump github.com/tmc/langchaingo from 0.1.4 to 0.1.5 in /modules/ollama (#2318) @dependabot
chore(deps): bump github.com/elastic/go-elasticsearch/v8 from 8.11.1 to 8.12.1 in /modules/elasticsearch (#2303) @dependabot
chore(deps): bump google.golang.org/api from 0.167.0 to 0.168.0 in /modules/gcloud (#2317) @dependabot
chore(deps): bump github.com/aws/aws-sdk-go-v2/credentials from 1.16.14 to 1.17.5 in /modules/localstack, github.com/aws/aws-sdk-go-v2 from 1.24.1 to 1.25.2 in /modules/localstack (#2320) @mdelapenya
chore(deps): bump github.com/twmb/franz-go from 1.15.4 to 1.16.1 in /modules/redpanda, github.com/twmb/franz-go/pkg/kadm from 1.10.0 to 1.11.0 in /modules/redpanda (#2322) @mdelapenya
chore(deps): bump github.com/hashicorp/vault-client-go from 0.3.3 to 0.4.3 in /modules/vault, github.com/tidwall/gjson from 1.17.0 to 1.17.1 in /modules/vault (#2321) @mdelapenya
chore(deps): bump github.com/jackc/pgx/v5 from 5.5.3 to 5.5.4 in /modules/postgres, github.com/jackc/pgx/v5 from 5.5.3 to 5.5.4 in /modules/cockroachdb (#2323) @mdelapenya
chore(deps): bump golang.org/x/mod from 0.12.0 to 0.16.0 (#2316) @mdelapenya
chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 in /modulegen (#2298) @dependabot
chore(deps): bump github.com/docker/docker from 25.0.2+incompatible to 25.0.3+incompatible (#2296) @mdelapenya
chore(deps): bump github.com/couchbase/gocb/v2 from 2.7.1 to 2.7.2 in /modules/couchbase, github.com/tidwall/gjson from 1.17.0 to 1.17.1 in /modules/couchbase (#2297) @mdelapenya
... (truncated)
Commits
08c2385 chore: use new version (v0.29.1) in modules and examples
Add client metric support to go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#4707)
Add peer attributes to spans recorded by NewClientHandler, NewServerHandler in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#4873)
Add support for cloud.account.id, cloud.availability_zone and cloud.region in the AWS ECS detector. (#4860)
Changed
The fallback options in go.opentelemetry.io/contrib/exporters/autoexport now accept factory functions. (#4891)
WithFallbackMetricReader(metric.Reader) MetricOption is replaced with func WithFallbackMetricReader(func(context.Context) (metric.Reader, error)) MetricOption.
WithFallbackSpanExporter(trace.SpanExporter) SpanOption is replaced with WithFallbackSpanExporter(func(context.Context) (trace.SpanExporter, error)) SpanOption.
The http.server.request_content_length metric in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is changed to http.server.request.size.(#4707)
The http.server.response_content_length metric in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is changed to http.server.response.size.(#4707)
Deprecated
The RequestCount, RequestContentLength, ResponseContentLength, ServerLatency constants in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp are deprecated. (#4707)
Add support for Summary metrics to go.opentelemetry.io/contrib/bridges/prometheus. (#5089)
Add support for Exponential (native) Histograms in go.opentelemetry.io/contrib/bridges/prometheus. (#5093)
Implemented setting the cloud.resource_id resource attribute in go.opentelemetry.io/detectors/aws/ecs based on the ECS Metadata v4 endpoint. (#5091)
Removed
The deprecated RequestCount constant in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is removed. (#4894)
The deprecated RequestContentLength constant in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is removed. (#4894)
The deprecated ResponseContentLength constant in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is removed. (#4894)
The deprecated ServerLatency constant in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is removed. (#4894)
Fixed
Retrieving the body bytes count in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp does not cause a data race anymore. (#5080)
[1.23.0/0.48.0/0.17.0/0.3.0] - 2024-02-06
Added
Add client metric support to go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#4707)
Add peer attributes to spans recorded by NewClientHandler, NewServerHandler in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#4873)
Add support for cloud.account.id, cloud.availability_zone and cloud.region in the AWS ECS detector. (#4860)
Changed
The fallback options in go.opentelemetry.io/contrib/exporters/autoexport now accept factory functions. (
Bumps the production-dependencies group with 30 updates:
2.3.62.3.71.11.11.11.225.0.3+incompatible25.0.4+incompatible1.5.01.7.00.2.01.1.03.0.13.0.35.5.35.5.51.8.41.9.00.28.00.29.10.46.10.49.01.22.01.24.01.22.01.24.01.21.01.24.01.22.01.24.01.22.01.24.01.26.01.27.00.21.00.22.00.17.00.18.00.17.00.18.00.17.00.18.01.5.41.5.71.5.41.5.51.25.51.25.7-0.20240204074919-46816ad31dde0.29.10.29.21.5.41.5.51.58.01.60.10.61.00.62.11.0.01.0.1-0.20181226105442-5d4384ee4fb20.19.00.21.01.61.11.62.0Updates
github.com/cockroachdb/cockroach-go/v2from 2.3.6 to 2.3.7Commits
32a6d65Add option to configure cache sizeUpdates
github.com/coredns/corednsfrom 1.11.1 to 1.11.2Commits
8868454build(deps): bump google.golang.org/grpc from 1.60.1 to 1.61.0 (#6492)502acecbuild(deps): bump go.etcd.io/etcd/api/v3 from 3.5.11 to 3.5.12 (#6490)83649bbbuild(deps): bump github.com/aws/aws-sdk-go from 1.50.5 to 1.50.10 (#6489)01bded8CoreDNS 1.11.2 release notes and version bump (#6476)a0c2963build(deps): bump github.com/miekg/dns from 1.1.57 to 1.1.58 (#6477)8cde336build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 (#6481)194545bbuild(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 (#6482)dc72d4ebuild(deps): bump google.golang.org/api from 0.155.0 to 0.159.0 (#6479)f47248cbuild(deps): bump codecov/codecov-action from 3.1.4 to 3.1.5 (#6480)80c8b94build(deps): bump github.com/aws/aws-sdk-go from 1.48.16 to 1.50.5 (#6478)Updates
github.com/docker/dockerfrom 25.0.3+incompatible to 25.0.4+incompatibleRelease notes
Sourced from github.com/docker/docker's releases.
Commits
061aa95Merge pull request #47513 from vvoland/v25.0-47498d0d85f6daemon: overlay2: remove world writable permission from the lower file5d66793Merge pull request #47508 from vvoland/v25.0-47504ef1fa23Merge pull request #47510 from akerouanton/25.0-47441_mac_addr_config_migration0451b28Don't create endpoint config for MAC addr config migrationd27fe25dockerd-rootless-setuptool.sh: check RootlessKit functionality77de535Dockerfile: update RootlessKit to v2.0.29e526bcMerge pull request #47503 from vvoland/v25.0-475022d34702update to go1.21.851e876cMerge pull request #47493 from akerouanton/25.0-47370_windows_natnw_dns_testUpdates
github.com/gin-contrib/corsfrom 1.5.0 to 1.7.0Release notes
Sourced from github.com/gin-contrib/cors's releases.
Commits
4447aebrefactor: refactor request handling and improve CORS checks9d49f16chore(cors): Allow a custom validation function which receives the full gin c...7f30a1ffix: improve error handling and test robustness90a7c66test(cors): enhance CORS wildcard handling tests (#145)d5002f2test: refactor tests and update CI configurationseac6c48feat(schema): allow usage of custom schemas (#139)27b723afixe(domain): wildcard parse bug (#106)30792dcci: refactor GitHub Actions workflowsf08c1bcci: refactor CI workflows and improve tests2451987chore: update dependencies to latest versionsUpdates
github.com/gin-contrib/zapfrom 0.2.0 to 1.1.0Release notes
Sourced from github.com/gin-contrib/zap's releases.
Commits
ca35b5fdocs: improve documentation and add example code5b62309feat: implement skip path regexps feature in zap package (#72)0abce4adocs: implement custom skipper function in READMEd5accecrefactor: refactor file paths to use constants372417fchore: refactor error handling and linter configurations58dd173feat: consolidate code examples into new filea9803c5refactor: refactor testing functions in zap_test filed4400a8feat(func): implement Skipper functionality for logging configuration (#71)6ad826ebuild: update minimum Go version to 1.1935a621achore: remove duplication log to msg (#69)Updates
github.com/go-jose/go-jose/v3from 3.0.1 to 3.0.3Release notes
Sourced from github.com/go-jose/go-jose/v3's releases.
Changelog
Sourced from github.com/go-jose/go-jose/v3's changelog.
Commits
add6a28v3: backport decompression limit fix (#107)11bb4e7doc: in v3 branch's README, point to v4 as latest (#101)863f73bv3.0.2: Update changelog (#95)bdbc794Update golang.org/x/crypto to v0.19 (backport) (#94)25bce79Updated go-jose v3.0.0 to v3.0.1 in jose-util (#70)aa386dfjwe/CompactSerialize: improve performance. (#67)053c9bfDecryptMulti: handle decompression error (#19)ca9011bBump go version to 1.21.4 to satisfy govulncheck (#68)c8399dfRevert pull request #10 (multiple audiences) (#24)ec819e9Add a security.md doc for contacting us about potential security vulnerabilit...Updates
github.com/jackc/pgx/v5from 5.5.3 to 5.5.5Changelog
Sourced from github.com/jackc/pgx/v5's changelog.
Commits
78a0a2bFix spelling in changeloga17f064Update changelog49b6aadUse spaces instead of parentheses for SQL sanitization0cc4c14Add test to validate CollectRows for empty Rowsda6f2c9Update changelogc543134SQL sanitizer wraps arguments in parentheses20344dfCheck for overflow on uint16 sizes in pgproto3adbb38fDo not allow protocol messages larger than ~1GBc1b0a01Fix behavior of CollectRows to return empty slice if Rows are empty88dfc22Fix simple protocol encoding of json.RawMessageUpdates
github.com/stretchr/testifyfrom 1.8.4 to 1.9.0Release notes
Sourced from github.com/stretchr/testify's releases.
... (truncated)
Commits
bb548d0Merge pull request #1552 from stretchr/dependabot/go_modules/github.com/stret...814075fbuild(deps): bump github.com/stretchr/objx from 0.5.1 to 0.5.2e045612Merge pull request #1339 from bogdandrutu/uintptr5b6926dMerge pull request #1385 from hslatman/not-implements9f97d67Merge pull request #1550 from stretchr/release-notesbcb0d3fInclude the auto-release notes in releasesfb770f8Merge pull request #1247 from ccoVeille/typos85d8bb6fix typos in comments, tests and github templatese2741faMerge pull request #1548 from arjunmahishi/msgAndArgs6e59f20http_assertions: assert that the msgAndArgs actually works in testsUpdates
github.com/testcontainers/testcontainers-gofrom 0.28.0 to 0.29.1Release notes
Sourced from github.com/testcontainers/testcontainers-go's releases.
... (truncated)
Commits
08c2385chore: use new version (v0.29.1) in modules and examples4d7a27efix: incorrect versione48323cchore: prepare for next minor development cycle ()c17ba62chore: use new version (v0.29.0) in modules and examples12f23f8generic.go: GenericContainer(): clearer error message (#2327)cfd60e9chore: confirm support for new mongo images (#2326)85361feAdd k3s WithManifest option (#1920)755bbb8chore(deps): bump google.golang.org/grpc in /modules/qdrant (#2281)ba92e0echore(deps): bump github.com/ClickHouse/clickhouse-go/v2 (#2290)245c8b0chore(deps): bump github.com/Shopify/toxiproxy/v2 in /examples/toxiproxy (#2282)Updates
go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelginfrom 0.46.1 to 0.49.0Release notes
Sourced from go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin's releases.
... (truncated)
Changelog
Sourced from go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin's changelog.
@dependabot[bot], this pull request is now in conflict and requires a rebase.
Superseded by #1978.