Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 [e9bc35a]
v1.33.0
1.33.0
Features
Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.
Maintenance
Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]
Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]
Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]
v1.32.0
1.32.0
Maintenance
Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]
This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @jbduncan !). Please open an issue if you run into one.
Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 [e9bc35a]
1.33.0
Features
Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.
Maintenance
Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]
Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]
Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]
1.32.0
Maintenance
Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]
This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @jbduncan !). Please open an issue if you run into one.
By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll
to do the necessary "partial lookups", Open(at)InRoot now does less work
for both implementations (resulting in a many-fold decrease in the number of
operations for openat2, and a modest improvement for non-openat2) and is
far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT)
behaviour.
We now use readlinkat(fd, "") where possible. For Open(at)InRoot this
effectively just means that we no longer risk getting spurious errors during
rename races. However, for our hardened procfs handler, this in theory should
prevent mount attacks from tricking us when doing magic-link readlinks (even
when using the unsafe host /proc handle). Unfortunately Reopen is still
potentially vulnerable to those kinds of somewhat-esoteric attacks.
Several improvements were made to the errors returned by Open(at)InRoot and
MkdirAll when dealing with invalid paths under the emulated (ie.
non-openat2) implementation. Previously, some paths would return the wrong
error (ENOENT when the last component was a non-directory), and other paths
would be returned as though they were acceptable (trailing-slash components
after a non-directory would be ignored by Open(at)InRoot).
These changes were done to match openat2's behaviour and purely is a
consistency fix (most users are going to be using openat2 anyway).
However, it does introduce a new *os.File-based API which is much safer
to use for most usecases. These are adapted from [libpathrs][1] and are
the bare minimum to be able to operate more safely on an untrusted
rootfs where an attacker has write access (something that SecureJoin
cannot protect against). The new APIs are:
OpenInRoot, which resolves a path inside a rootfs and returns an
*os.File handle to the path. Note that the file handle returned by
OpenInRoot is an O_PATH handle, which cannot be used for reading or
writing (as well as some other operations -- see open(2) for more
details).
Reopen, which takes an O_PATH file handle and safely re-opens it to
"upgrade" it to a regular handle.
By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll
to do the necessary "partial lookups", Open(at)InRoot now does less work
for both implementations (resulting in a many-fold decrease in the number of
operations for openat2, and a modest improvement for non-openat2) and is
far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT)
behaviour.
We now use readlinkat(fd, "") where possible. For Open(at)InRoot this
effectively just means that we no longer risk getting spurious errors during
rename races. However, for our hardened procfs handler, this in theory should
prevent mount attacks from tricking us when doing magic-link readlinks (even
when using the unsafe host /proc handle). Unfortunately Reopen is still
potentially vulnerable to those kinds of somewhat-esoteric attacks.
Several improvements were made to the errors returned by Open(at)InRoot and
MkdirAll when dealing with invalid paths under the emulated (ie.
non-openat2) implementation. Previously, some paths would return the wrong
error (ENOENT when the last component was a non-directory), and other paths
would be returned as though they were acceptable (trailing-slash components
after a non-directory would be ignored by Open(at)InRoot).
These changes were done to match openat2's behaviour and purely is a
consistency fix (most users are going to be using openat2 anyway).
[0.3.0] - 2024-07-11
Added
A new set of *os.File-based APIs have been added. These are adapted from
[libpathrs][] and we strongly suggest using them if possible (as they provide
far more protection against attacks than SecureJoin):
Open(at)InRoot resolves a path inside a rootfs and returns an *os.File
handle to the path. Note that the handle returned is an O_PATH handle,
which cannot be used for reading or writing (as well as some other
operations -- [see open(2) for more details][open.2])
Reopen takes an O_PATH file handle and safely re-opens it to upgrade
it to a regular handle. This can also be used with non-O_PATH handles,
but O_PATH is the most obvious application.
MkdirAll is an implementation of os.MkdirAll that is safe to use to
Bumps the go-modules group with 31 updates in the / directory:
1.3.2
1.4.0
1.30.0
1.33.1
0.18.0
0.18.7
0.11.5
0.12.5
1.0.6
1.1.0
4.2.1
4.3.0
1.3.7
1.3.9
0.2.4
0.3.1
0.5.0
0.6.0
0.8.0
0.8.2
1.4.3
1.4.4
5.11.0
5.12.0
1.4.1
1.4.2
1.4.0
1.5.0
1.17.4
1.17.9
0.0.0-20230301153543-ba94b245509b
0.1.1
0.0.15
0.0.16
0.5.0
0.6.0
4.1.19
4.1.21
0.4.4
0.4.7
0.2.0
0.4.0
3.23.12
3.24.5
1.3.1
1.4.0
0.5.3
0.5.5
2.15.0
2.18.0
0.3.13
0.3.14
0.5.3
0.5.4
0.49.0
0.53.0
0.17.0
0.19.0
0.25.0
0.27.0
1.33.0
1.34.2
Updates
github.com/BurntSushi/toml
from 1.3.2 to 1.4.0Release notes
Sourced from github.com/BurntSushi/toml's releases.
Commits
1e2c053
Undeprecate PrimitiveDecode and MetaData.PrimitiveDecode()f8f7e48
Update toml-test9a80667
Add -json flag to tomlv3203540
fuzz: move fuzz_targets from oss-fuzz (#406)77ce858
Add Marshal Function (#405)0e879cb
Fix panic when trying to set subkey for a value that's not a tablec299e75
Update toml-test4223137
Fix inline tables with dotted keys inside inline arrays (#400)45e7e49
Update toml-testc320c2d
Fix utf8.RuneError testUpdates
github.com/onsi/gomega
from 1.30.0 to 1.33.1Release notes
Sourced from github.com/onsi/gomega's releases.
... (truncated)
Changelog
Sourced from github.com/onsi/gomega's changelog.
... (truncated)
Commits
8a658bb
v1.33.1e9bc35a
Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.23a66379
fix confusing eventually docsf2e65fc
v1.33.002e8706
docs: Receive(POINTER, MATCHER)ec1f186
feat: receiver matcher accepting (POINTER, MATCHER), includes unit tests9999deb
Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745)cb5ff21
Bump github-pages from 229 to 230 in /docs (#735)bac6596
Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746)4379951
v1.32.0Updates
github.com/paketo-buildpacks/occam
from 0.18.0 to 0.18.7Release notes
Sourced from github.com/paketo-buildpacks/occam's releases.
... (truncated)
Commits
aff3030
Buildpack packaging should always target linux7b8692d
Updates go mod toolchain version to 1.22.4ddf2781
Bump github.com/docker/dockere9fee75
Adds support of buildpackages in buildpack store and updates freezer (#302)dda57be
Updating github-configf0b937b
Use stable go version everywhere.354d744
Bump to go 1.2164bc107
Updating github-configd00fe4b
Bump github.com/docker/docker37502e4
Bump github.com/testcontainers/testcontainers-go from 0.30.0 to 0.31.0Updates
github.com/paketo-buildpacks/packit/v2
from 2.12.0 to 2.14.0Release notes
Sourced from github.com/paketo-buildpacks/packit/v2's releases.
Commits
13393ec
Support reading service bindings from VCAP_SERVICES env var (#566)35d8f76
Bump github.com/onsi/gomega from 1.33.0 to 1.33.1ce376b7
Fixes mirror bug when originalHost is excluded (#569)4c9f338
Allows users to set a dependency mirror (#563)4e9c21d
Bump github.com/onsi/gomega from 1.32.0 to 1.33.0dd77ec5
Bump github.com/ulikunitz/xz from 0.5.11 to 0.5.1295b8056
Bump github.com/onsi/gomega from 1.31.1 to 1.32.0777a503
Bump github.com/stretchr/testify from 1.8.4 to 1.9.0c1b785b
Bump github.com/google/uuid from 1.5.0 to 1.6.0b31dc83
Bump github.com/onsi/gomega from 1.31.0 to 1.31.1Updates
github.com/ForestEckhardt/freezer
from 0.0.12 to 0.1.0Release notes
Sourced from github.com/ForestEckhardt/freezer's releases.
Commits
a57bf55
Updates fetchers to create buildpackagesUpdates
github.com/Microsoft/hcsshim
from 0.11.5 to 0.12.5Release notes
Sourced from github.com/Microsoft/hcsshim's releases.
... (truncated)
Commits
e970943
Modifying network flag EnableIov.4f77a09
Hcsshim wrapper over HNS API needed for exclusion of management mac addresses...3b5bd8a
[release/0.12] vendor: github.com/containerd/containerd v17.1840cdbc8
Adding state attribute to the HNSEndpoint struct to support hyperv containers...c6a8327
Adding support for loadbalancer policy update in hns. (#2085)44e4ec0
Changes for checking the global version for modify policy version support. (#...62f86c0
OutBoundNATPolicy Schema changes (#2106)c950974
Update go-winio to v0.6.2 & fix lint errorsad1ccf5
fix: move permissions to the correct job (#2080) (#2081)6588c1c
Updating permissions and github release action versions (#2078) (#2079)Updates
github.com/andybalholm/brotli
from 1.0.6 to 1.1.0Commits
17e5901
Make my matchfinder work more accessible.cf812c0
matchfinder: add M01b6cf36
matchfinder: remove MultiHash265f3af
matchfinder: penalize score for overlapping matchesa8d524a
matchfinder: replace Score function with DistanceBitCost578645e
matchfinder: add MultiHash24b2bfa
matchfinder.M4: add Score function4a024e3
matchfinder.M4: add match chain3a1c5cd
Fix typo in comment.0d2aef3
matchfinder.M4: factor out extendMatch2Updates
github.com/cenkalti/backoff/v4
from 4.2.1 to 4.3.0Commits
720b789
remove travis badge from readmea83af7f
feat(backoff): Add functional options for ExponentialBackOff Closes #136Updates
github.com/cloudflare/circl
from 1.3.7 to 1.3.9Release notes
Sourced from github.com/cloudflare/circl's releases.
Commits
75b28ed
Preparing CIRCL release v1.3.99e7c49b
Detects invalid encodings of bls12381 elements.5f94471
Test for invalid encodings of BLS12381.456fe41
dilithium: fix typo4bb5601
Serializing ciphertext with 32-bit prefixes.a4252c7
Test functions working with ciphertext.64431bb
Testing long plaintext.fe2b663
Using SHAKE128 as a fixed prgn for golden files.2c600ff
Align to thepurego
build tag, removingnoasm
build taga4b7601
Ensure pairing functions don't overwrite the input.Updates
github.com/cyphar/filepath-securejoin
from 0.2.4 to 0.3.1Release notes
Sourced from github.com/cyphar/filepath-securejoin's releases.
... (truncated)
Changelog
Sourced from github.com/cyphar/filepath-securejoin's changelog.
... (truncated)
Commits
ce7b28a
VERSION: release v0.3.1a2c14f8
CHANGELOG: add readlinkat(fd, "") shout-out4ea279f
merge #22 into cyphar/filepath-securejoin:main16e1bec
CHANGELOG: add initial changelog with current history2404ffb
merge #21 into cyphar/filepath-securejoin:mainf29b7a4
lookup: handle // and trailing slash components correctlyecd61ca
merge #19 into cyphar/filepath-securejoin:main38b1220
procfs: refactor statx mnt_id logic45c4415
procfs: use readlink(fd, "") for magic-linksedab538
merge #17 into cyphar/filepath-securejoin:mainUpdates
github.com/distribution/reference
from 0.5.0 to 0.6.0Release notes
Sourced from github.com/distribution/reference's releases.
Commits
ff14faf
Merge pull request #9 from ozairasim/exclude-domain-from-name-length-validation2a66312
Merge pull request #10 from xrstf/patch-1094e717
fix typo in readmeaaca75e
Exclude domain from name length check8507c7f
Merge pull request #7 from thaJeztah/cleanup_splitDockerDomain89ee7ec
refactor splitDockerDomain to include more documentationa3fb784
Merge pull request #5 from thaJeztah/rm_deprecated4894124
remove deprecated SplitHostnameUpdates
github.com/docker/docker-credential-helpers
from 0.8.0 to 0.8.2Release notes
Sourced from github.com/docker/docker-credential-helpers's releases.