Restore DNS names for containers in the default "nat" network on Windows. moby/moby#47490
Fix docker start failing when used with --checkpointmoby/moby#47466
Don't enforce new validation rules for existing swarm networks moby/moby#47482
Restore IP connectivity between the host and containers on an internal bridge network. moby/moby#47481
Fix a regression introduced in v25.0 that prevented the classic builder from ADDing a tar archive with xattrs created on a non-Linux OS moby/moby#47483
containerd image store: Fix image pull not emitting Pulling fs layer status moby/moby#47484
API
To preserve backwards compatibility, make read-only mounts not recursive by default when using older clients (API version < v1.44). moby/moby#47393
GET /images/{id}/json omits the Created field (previously it was 0001-01-01T00:00:00Z) if the Created field is missing from the image config. moby/moby#47451
Populate a missing Created field in GET /images/{id}/json with 0001-01-01T00:00:00Z for API version <= 1.43. moby/moby#47387
Fix a regression that caused API socket connection failures to report an API version negotiation failure instead. moby/moby#47470
Preserve supplied endpoint configuration in a container-create API request, when a container-wide MAC address is specified, but NetworkMode name-or-id is not the same as the name-or-id used in NetworkSettings.Networks. moby/moby#47510
Use spaces instead of parentheses for SQL sanitization.
This still solves the problem of negative numbers creating a line comment, but this avoids breaking edge cases such as
set foo to $1 where the substitution is taking place in a location where an arbitrary expression is not allowed.
5.5.4 (March 4, 2024)
Fix CVE-2024-27304
SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer
overflow in the calculated message size can cause the one large message to be sent as multiple messages under the
attacker's control.
Thanks to Paul Gerste for reporting this issue.
Fix behavior of CollectRows to return empty slice if Rows are empty (Felix)
Fix simple protocol encoding of json.RawMessage
Fix *Pipeline.getResults should close pipeline on error
Fix panic in TryFindUnderlyingTypeScanPlan (David Kurman)
Fix deallocation of invalidated cached statements in a transaction
Handle invalid sslkey file
Fix scan float4 into sql.Scanner
Fix pgtype.Bits not making copy of data from read buffer. This would cause the data to be corrupted by future reads.
chore(deps): bump google.golang.org/grpc from 1.61.1 to 1.62.0 in /modules/qdrant (#2281) @dependabot
chore(deps): bump github.com/ClickHouse/clickhouse-go/v2 from 2.18.0 to 2.20.0 in /modules/clickhouse (#2290) @dependabot
chore(deps): bump github.com/Shopify/toxiproxy/v2 from 2.7.0 to 2.8.0 in /examples/toxiproxy (#2282) @dependabot
chore(deps): bump github.com/neo4j/neo4j-go-driver/v5 from 5.16.0 to 5.18.0 in /modules/neo4j (#2278) @dependabot
chore(deps): bump github.com/minio/minio-go/v7 from 7.0.66 to 7.0.68 in /modules/minio (#2304) @dependabot
chore(deps): bump github.com/tmc/langchaingo from 0.1.4 to 0.1.5 in /modules/ollama (#2318) @dependabot
chore(deps): bump github.com/elastic/go-elasticsearch/v8 from 8.11.1 to 8.12.1 in /modules/elasticsearch (#2303) @dependabot
chore(deps): bump google.golang.org/api from 0.167.0 to 0.168.0 in /modules/gcloud (#2317) @dependabot
chore(deps): bump github.com/aws/aws-sdk-go-v2/credentials from 1.16.14 to 1.17.5 in /modules/localstack, github.com/aws/aws-sdk-go-v2 from 1.24.1 to 1.25.2 in /modules/localstack (#2320) @mdelapenya
chore(deps): bump github.com/twmb/franz-go from 1.15.4 to 1.16.1 in /modules/redpanda, github.com/twmb/franz-go/pkg/kadm from 1.10.0 to 1.11.0 in /modules/redpanda (#2322) @mdelapenya
chore(deps): bump github.com/hashicorp/vault-client-go from 0.3.3 to 0.4.3 in /modules/vault, github.com/tidwall/gjson from 1.17.0 to 1.17.1 in /modules/vault (#2321) @mdelapenya
chore(deps): bump github.com/jackc/pgx/v5 from 5.5.3 to 5.5.4 in /modules/postgres, github.com/jackc/pgx/v5 from 5.5.3 to 5.5.4 in /modules/cockroachdb (#2323) @mdelapenya
chore(deps): bump golang.org/x/mod from 0.12.0 to 0.16.0 (#2316) @mdelapenya
chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 in /modulegen (#2298) @dependabot
chore(deps): bump github.com/docker/docker from 25.0.2+incompatible to 25.0.3+incompatible (#2296) @mdelapenya
chore(deps): bump github.com/couchbase/gocb/v2 from 2.7.1 to 2.7.2 in /modules/couchbase, github.com/tidwall/gjson from 1.17.0 to 1.17.1 in /modules/couchbase (#2297) @mdelapenya
... (truncated)
Commits
08c2385 chore: use new version (v0.29.1) in modules and examples
Add client metric support to go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#4707)
Add peer attributes to spans recorded by NewClientHandler, NewServerHandler in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#4873)
Add support for cloud.account.id, cloud.availability_zone and cloud.region in the AWS ECS detector. (#4860)
Changed
The fallback options in go.opentelemetry.io/contrib/exporters/autoexport now accept factory functions. (#4891)
WithFallbackMetricReader(metric.Reader) MetricOption is replaced with func WithFallbackMetricReader(func(context.Context) (metric.Reader, error)) MetricOption.
WithFallbackSpanExporter(trace.SpanExporter) SpanOption is replaced with WithFallbackSpanExporter(func(context.Context) (trace.SpanExporter, error)) SpanOption.
The http.server.request_content_length metric in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is changed to http.server.request.size.(#4707)
The http.server.response_content_length metric in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is changed to http.server.response.size.(#4707)
Deprecated
The RequestCount, RequestContentLength, ResponseContentLength, ServerLatency constants in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp are deprecated. (#4707)
Add support for Summary metrics to go.opentelemetry.io/contrib/bridges/prometheus. (#5089)
Add support for Exponential (native) Histograms in go.opentelemetry.io/contrib/bridges/prometheus. (#5093)
Implemented setting the cloud.resource_id resource attribute in go.opentelemetry.io/detectors/aws/ecs based on the ECS Metadata v4 endpoint. (#5091)
Removed
The deprecated RequestCount constant in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is removed. (#4894)
The deprecated RequestContentLength constant in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is removed. (#4894)
The deprecated ResponseContentLength constant in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is removed. (#4894)
The deprecated ServerLatency constant in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is removed. (#4894)
Fixed
Retrieving the body bytes count in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp does not cause a data race anymore. (#5080)
[1.23.0/0.48.0/0.17.0/0.3.0] - 2024-02-06
Added
Add client metric support to go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#4707)
Add peer attributes to spans recorded by NewClientHandler, NewServerHandler in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#4873)
Add support for cloud.account.id, cloud.availability_zone and cloud.region in the AWS ECS detector. (#4860)
Changed
The fallback options in go.opentelemetry.io/contrib/exporters/autoexport now accept factory functions. (
Bumps the production-dependencies group with 30 updates:
2.3.6
2.3.7
1.11.1
1.11.2
25.0.3+incompatible
25.0.4+incompatible
1.5.0
1.7.0
0.2.0
1.1.0
3.0.1
3.0.3
5.5.3
5.5.5
1.8.4
1.9.0
0.28.0
0.29.1
0.46.1
0.49.0
1.22.0
1.24.0
1.22.0
1.24.0
1.21.0
1.24.0
1.22.0
1.24.0
1.22.0
1.24.0
1.26.0
1.27.0
0.21.0
0.22.0
0.17.0
0.18.0
0.17.0
0.18.0
0.17.0
0.18.0
1.5.4
1.5.7
1.5.4
1.5.5
1.25.5
1.25.7-0.20240204074919-46816ad31dde
0.29.1
0.29.2
1.5.4
1.5.5
1.58.0
1.62.0
0.61.0
0.62.1
1.0.0
1.0.1-0.20181226105442-5d4384ee4fb2
0.19.0
0.21.0
1.61.1
1.62.0
Updates
github.com/cockroachdb/cockroach-go/v2
from 2.3.6 to 2.3.7Commits
32a6d65
Add option to configure cache sizeUpdates
github.com/coredns/coredns
from 1.11.1 to 1.11.2Commits
8868454
build(deps): bump google.golang.org/grpc from 1.60.1 to 1.61.0 (#6492)502acec
build(deps): bump go.etcd.io/etcd/api/v3 from 3.5.11 to 3.5.12 (#6490)83649bb
build(deps): bump github.com/aws/aws-sdk-go from 1.50.5 to 1.50.10 (#6489)01bded8
CoreDNS 1.11.2 release notes and version bump (#6476)a0c2963
build(deps): bump github.com/miekg/dns from 1.1.57 to 1.1.58 (#6477)8cde336
build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 (#6481)194545b
build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 (#6482)dc72d4e
build(deps): bump google.golang.org/api from 0.155.0 to 0.159.0 (#6479)f47248c
build(deps): bump codecov/codecov-action from 3.1.4 to 3.1.5 (#6480)80c8b94
build(deps): bump github.com/aws/aws-sdk-go from 1.48.16 to 1.50.5 (#6478)Updates
github.com/docker/docker
from 25.0.3+incompatible to 25.0.4+incompatibleRelease notes
Sourced from github.com/docker/docker's releases.
Commits
061aa95
Merge pull request #47513 from vvoland/v25.0-47498d0d85f6
daemon: overlay2: remove world writable permission from the lower file5d66793
Merge pull request #47508 from vvoland/v25.0-47504ef1fa23
Merge pull request #47510 from akerouanton/25.0-47441_mac_addr_config_migration0451b28
Don't create endpoint config for MAC addr config migrationd27fe25
dockerd-rootless-setuptool.sh: check RootlessKit functionality77de535
Dockerfile: update RootlessKit to v2.0.29e526bc
Merge pull request #47503 from vvoland/v25.0-475022d34702
update to go1.21.851e876c
Merge pull request #47493 from akerouanton/25.0-47370_windows_natnw_dns_testUpdates
github.com/gin-contrib/cors
from 1.5.0 to 1.7.0Release notes
Sourced from github.com/gin-contrib/cors's releases.
Commits
4447aeb
refactor: refactor request handling and improve CORS checks9d49f16
chore(cors): Allow a custom validation function which receives the full gin c...7f30a1f
fix: improve error handling and test robustness90a7c66
test(cors): enhance CORS wildcard handling tests (#145)d5002f2
test: refactor tests and update CI configurationseac6c48
feat(schema): allow usage of custom schemas (#139)27b723a
fixe(domain): wildcard parse bug (#106)30792dc
ci: refactor GitHub Actions workflowsf08c1bc
ci: refactor CI workflows and improve tests2451987
chore: update dependencies to latest versionsUpdates
github.com/gin-contrib/zap
from 0.2.0 to 1.1.0Release notes
Sourced from github.com/gin-contrib/zap's releases.
Commits
ca35b5f
docs: improve documentation and add example code5b62309
feat: implement skip path regexps feature in zap package (#72)0abce4a
docs: implement custom skipper function in READMEd5accec
refactor: refactor file paths to use constants372417f
chore: refactor error handling and linter configurations58dd173
feat: consolidate code examples into new filea9803c5
refactor: refactor testing functions in zap_test filed4400a8
feat(func): implement Skipper functionality for logging configuration (#71)6ad826e
build: update minimum Go version to 1.1935a621a
chore: remove duplication log to msg (#69)Updates
github.com/go-jose/go-jose/v3
from 3.0.1 to 3.0.3Release notes
Sourced from github.com/go-jose/go-jose/v3's releases.
Changelog
Sourced from github.com/go-jose/go-jose/v3's changelog.
Commits
add6a28
v3: backport decompression limit fix (#107)11bb4e7
doc: in v3 branch's README, point to v4 as latest (#101)863f73b
v3.0.2: Update changelog (#95)bdbc794
Update golang.org/x/crypto to v0.19 (backport) (#94)25bce79
Updated go-jose v3.0.0 to v3.0.1 in jose-util (#70)aa386df
jwe/CompactSerialize: improve performance. (#67)053c9bf
DecryptMulti: handle decompression error (#19)ca9011b
Bump go version to 1.21.4 to satisfy govulncheck (#68)c8399df
Revert pull request #10 (multiple audiences) (#24)ec819e9
Add a security.md doc for contacting us about potential security vulnerabilit...Updates
github.com/jackc/pgx/v5
from 5.5.3 to 5.5.5Changelog
Sourced from github.com/jackc/pgx/v5's changelog.
Commits
78a0a2b
Fix spelling in changeloga17f064
Update changelog49b6aad
Use spaces instead of parentheses for SQL sanitization0cc4c14
Add test to validate CollectRows for empty Rowsda6f2c9
Update changelogc543134
SQL sanitizer wraps arguments in parentheses20344df
Check for overflow on uint16 sizes in pgproto3adbb38f
Do not allow protocol messages larger than ~1GBc1b0a01
Fix behavior of CollectRows to return empty slice if Rows are empty88dfc22
Fix simple protocol encoding of json.RawMessageUpdates
github.com/stretchr/testify
from 1.8.4 to 1.9.0Release notes
Sourced from github.com/stretchr/testify's releases.
... (truncated)
Commits
bb548d0
Merge pull request #1552 from stretchr/dependabot/go_modules/github.com/stret...814075f
build(deps): bump github.com/stretchr/objx from 0.5.1 to 0.5.2e045612
Merge pull request #1339 from bogdandrutu/uintptr5b6926d
Merge pull request #1385 from hslatman/not-implements9f97d67
Merge pull request #1550 from stretchr/release-notesbcb0d3f
Include the auto-release notes in releasesfb770f8
Merge pull request #1247 from ccoVeille/typos85d8bb6
fix typos in comments, tests and github templatese2741fa
Merge pull request #1548 from arjunmahishi/msgAndArgs6e59f20
http_assertions: assert that the msgAndArgs actually works in testsUpdates
github.com/testcontainers/testcontainers-go
from 0.28.0 to 0.29.1Release notes
Sourced from github.com/testcontainers/testcontainers-go's releases.
... (truncated)
Commits
08c2385
chore: use new version (v0.29.1) in modules and examples4d7a27e
fix: incorrect versione48323c
chore: prepare for next minor development cycle ()c17ba62
chore: use new version (v0.29.0) in modules and examples12f23f8
generic.go: GenericContainer(): clearer error message (#2327)cfd60e9
chore: confirm support for new mongo images (#2326)85361fe
Add k3s WithManifest option (#1920)755bbb8
chore(deps): bump google.golang.org/grpc in /modules/qdrant (#2281)ba92e0e
chore(deps): bump github.com/ClickHouse/clickhouse-go/v2 (#2290)245c8b0
chore(deps): bump github.com/Shopify/toxiproxy/v2 in /examples/toxiproxy (#2282)Updates
go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin
from 0.46.1 to 0.49.0Release notes
Sourced from go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin's releases.
... (truncated)
Changelog
Sourced from go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin's changelog.
@dependabot[bot], this pull request is now in conflict and requires a rebase.
@dependabot[bot], this pull request is now in conflict and requires a rebase.
Looks like these dependencies are updatable in another way, so this is no longer needed.