Use slices from exp/slices to keep golang 1.20 compat [5e71dcd]
v1.34.0
1.34.0
Features
Add RoundTripper method to ghttp.Server [c549e0d]
Fixes
fix incorrect handling of nil slices in HaveExactElements (fixes #771) [878940c]
issue_765 - fixed bug in Hopcroft-Karp algorithm [ebadb67]
Maintenance
bump ginkgo [8af2ece]
Fix typo in docs [123a071]
Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 (#756) [0e69083]
Bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (#755) [2675796]
Bump golang.org/x/net from 0.24.0 to 0.25.0 (#754) [4160c0f]
Bump github-pages from 230 to 231 in /docs (#748) [892c303]
v1.33.1
1.33.1
Fixes
fix confusing eventually docs [3a66379]
Maintenance
Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 [e9bc35a]
v1.33.0
1.33.0
Features
Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.
Maintenance
Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]
Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]
Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]
v1.32.0
1.32.0
Maintenance
Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]
Use slices from exp/slices to keep golang 1.20 compat [5e71dcd]
1.34.0
Features
Add RoundTripper method to ghttp.Server [c549e0d]
Fixes
fix incorrect handling of nil slices in HaveExactElements (fixes #771) [878940c]
issue_765 - fixed bug in Hopcroft-Karp algorithm [ebadb67]
Maintenance
bump ginkgo [8af2ece]
Fix typo in docs [123a071]
Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 (#756) [0e69083]
Bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (#755) [2675796]
Bump golang.org/x/net from 0.24.0 to 0.25.0 (#754) [4160c0f]
Bump github-pages from 230 to 231 in /docs (#748) [892c303]
1.33.1
Fixes
fix confusing eventually docs [3a66379]
Maintenance
Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 [e9bc35a]
1.33.0
Features
Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.
Maintenance
Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]
Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]
Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]
1.32.0
Maintenance
Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]
This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @jbduncan !). Please open an issue if you run into one.
By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll
to do the necessary "partial lookups", Open(at)InRoot now does less work
for both implementations (resulting in a many-fold decrease in the number of
operations for openat2, and a modest improvement for non-openat2) and is
far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT)
behaviour.
We now use readlinkat(fd, "") where possible. For Open(at)InRoot this
effectively just means that we no longer risk getting spurious errors during
rename races. However, for our hardened procfs handler, this in theory should
prevent mount attacks from tricking us when doing magic-link readlinks (even
when using the unsafe host /proc handle). Unfortunately Reopen is still
potentially vulnerable to those kinds of somewhat-esoteric attacks.
Several improvements were made to the errors returned by Open(at)InRoot and
MkdirAll when dealing with invalid paths under the emulated (ie.
non-openat2) implementation. Previously, some paths would return the wrong
error (ENOENT when the last component was a non-directory), and other paths
would be returned as though they were acceptable (trailing-slash components
after a non-directory would be ignored by Open(at)InRoot).
These changes were done to match openat2's behaviour and purely is a
consistency fix (most users are going to be using openat2 anyway).
However, it does introduce a new *os.File-based API which is much safer
to use for most usecases. These are adapted from [libpathrs][1] and are
the bare minimum to be able to operate more safely on an untrusted
rootfs where an attacker has write access (something that SecureJoin
cannot protect against). The new APIs are:
OpenInRoot, which resolves a path inside a rootfs and returns an
*os.File handle to the path. Note that the file handle returned by
OpenInRoot is an O_PATH handle, which cannot be used for reading or
writing (as well as some other operations -- see open(2) for more
details).
Reopen, which takes an O_PATH file handle and safely re-opens it to
"upgrade" it to a regular handle.
By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll
to do the necessary "partial lookups", Open(at)InRoot now does less work
for both implementations (resulting in a many-fold decrease in the number of
operations for openat2, and a modest improvement for non-openat2) and is
far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT)
behaviour.
We now use readlinkat(fd, "") where possible. For Open(at)InRoot this
effectively just means that we no longer risk getting spurious errors during
rename races. However, for our hardened procfs handler, this in theory should
prevent mount attacks from tricking us when doing magic-link readlinks (even
when using the unsafe host /proc handle). Unfortunately Reopen is still
potentially vulnerable to those kinds of somewhat-esoteric attacks.
Several improvements were made to the errors returned by Open(at)InRoot and
MkdirAll when dealing with invalid paths under the emulated (ie.
non-openat2) implementation. Previously, some paths would return the wrong
error (ENOENT when the last component was a non-directory), and other paths
would be returned as though they were acceptable (trailing-slash components
after a non-directory would be ignored by Open(at)InRoot).
These changes were done to match openat2's behaviour and purely is a
consistency fix (most users are going to be using openat2 anyway).
[0.3.0] - 2024-07-11
Added
A new set of *os.File-based APIs have been added. These are adapted from
[libpathrs][] and we strongly suggest using them if possible (as they provide
far more protection against attacks than SecureJoin):
Open(at)InRoot resolves a path inside a rootfs and returns an *os.File
handle to the path. Note that the handle returned is an O_PATH handle,
which cannot be used for reading or writing (as well as some other
operations -- [see open(2) for more details][open.2])
Reopen takes an O_PATH file handle and safely re-opens it to upgrade
it to a regular handle. This can also be used with non-O_PATH handles,
but O_PATH is the most obvious application.
MkdirAll is an implementation of os.MkdirAll that is safe to use to
Bumps the go-modules group with 28 updates in the / directory:
1.3.21.4.01.30.01.34.10.18.00.18.81.0.01.0.11.5.51.5.60.11.50.12.61.0.61.1.01.3.71.4.00.2.40.3.10.8.00.8.25.11.05.12.01.4.01.5.01.17.41.17.90.0.0-20230301153543-ba94b245509b0.1.10.0.150.0.160.5.00.6.00.1.00.3.04.1.194.1.210.4.40.4.70.2.00.4.03.23.123.24.51.3.11.4.00.5.30.5.51.6.01.7.02.15.02.19.10.3.130.3.140.5.30.5.40.7.00.8.0Updates
github.com/BurntSushi/tomlfrom 1.3.2 to 1.4.0Release notes
Sourced from github.com/BurntSushi/toml's releases.
Commits
1e2c053Undeprecate PrimitiveDecode and MetaData.PrimitiveDecode()f8f7e48Update toml-test9a80667Add -json flag to tomlv3203540fuzz: move fuzz_targets from oss-fuzz (#406)77ce858Add Marshal Function (#405)0e879cbFix panic when trying to set subkey for a value that's not a tablec299e75Update toml-test4223137Fix inline tables with dotted keys inside inline arrays (#400)45e7e49Update toml-testc320c2dFix utf8.RuneError testUpdates
github.com/onsi/gomegafrom 1.30.0 to 1.34.1Release notes
Sourced from github.com/onsi/gomega's releases.
... (truncated)
Changelog
Sourced from github.com/onsi/gomega's changelog.
... (truncated)
Commits
fa057b8v1.34.15e71dcdUse slices from exp/slices to keep golang 1.20 compat32e5498v1.34.0cb3fa6arun go mod tidy and wonder why go get doesnt just run it for me in the first ...8af2ecebump ginkgo878940cfix incorrect handling of nil slices in HaveExactElements (fixes #771)f5bec80clean up bipartitegraph testsebadb67issue_765 - fixed bug in Hopcroft-Karp algorithm123a071Fix typo in docsc549e0dAdd RoundTripper method to ghttp.ServerUpdates
github.com/paketo-buildpacks/occamfrom 0.18.0 to 0.18.8Release notes
Sourced from github.com/paketo-buildpacks/occam's releases.
... (truncated)
Commits
1193f3cBump docker to version 26.1.5 to fix CVE-2024-411105cd4edeUpdates go mod version to 1.23.02e5b930Updates go mod version to 1.22.6815b014Bump github.com/paketo-buildpacks/packit/v2 from 2.14.1 to 2.14.274a79fbBump github.com/paketo-buildpacks/packit/v2 from 2.14.0 to 2.14.190134a5Bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2653a6fbBump github.com/onsi/gomega from 1.34.0 to 1.34.1ed0e429Bump github.com/onsi/gomega from 1.33.1 to 1.34.0f467245Updates go mod version to 1.22.5c97acf2Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1Updates
github.com/paketo-buildpacks/packit/v2from 2.12.0 to 2.14.2Release notes
Sourced from github.com/paketo-buildpacks/packit/v2's releases.
... (truncated)
Commits
3bc586edo not run draft release workflow on branches named v2-<something>d558b87Bump github.com/onsi/gomega from 1.33.1 to 1.34.19f2a7b3Bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5b117031Updating github-configb6530bcInclude error handling7222905Fix override of existing values in prepend & appende366827Updating github-configa8ac405Bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.44ff7347Bump github.com/BurntSushi/toml from 1.3.2 to 1.4.013393ecSupport reading service bindings from VCAP_SERVICES env var (#566)Updates
dario.cat/mergofrom 1.0.0 to 1.0.1Release notes
Sourced from dario.cat/mergo's releases.
Commits
59ea6a9Merge pull request #251 from joshkaplinsky/joshkaplinsky/without-dereference-...96f24afMerge pull request #253 from vsemichev/master2f1a615fixes issue #187. adds test to verify the fix.4da170bfixes issue #187. attempt #3a13a117fixes issue #187. attempt #26b830fffixes issue #187f33862aWithoutDereference should respect structscde9f0eMerge pull request #246 from darccio/darccio/v1-frozenf1e2fe5chore: frozen v17f7b4afUpdate FUNDING.ymlUpdates
github.com/DataDog/zstdfrom 1.5.5 to 1.5.6Release notes
Sourced from github.com/DataDog/zstd's releases.
Commits
b52f603Merge pull request #143 from DataDog/viq111/1.5.6cf4778eUpdate Readme for 1.5.6ed87d43Update vendored zstd to 1.5.6dd7b332Merge pull request #136 from colinlyguo/fix-readmebeb4dfdMerge pull request #141 from DataDog/sfluor-patch-1e75a26aUpdate upperBound ratio when guessing the required decompression buffer sizec9a5141fix readme869dae0Merge pull request #132 from DataDog/viq111/bulk-fix-highlycompressed-payloadsbf7b920[bulk] Add extra empty payload decompression test9c0d33f[bulk] Fix namingUpdates
github.com/ForestEckhardt/freezerfrom 0.0.12 to 0.1.0Release notes
Sourced from github.com/ForestEckhardt/freezer's releases.
Commits
a57bf55Updates fetchers to create buildpackagesUpdates
github.com/Microsoft/hcsshimfrom 0.11.5 to 0.12.6Release notes
Sourced from github.com/Microsoft/hcsshim's releases.
... (truncated)
Commits
f922f2aOmnibus dependency updates (#2051)7d25ce2Update module versions85a5a57drop usage of deprecated package/methodsd4b1cc0Bump opa/containerd to latest versions6a5ebd3Upgrade deps to resolve CVEs (#2225)4f46058Omnibus dependency update (#2166)e970943Modifying network flag EnableIov.4f77a09Hcsshim wrapper over HNS API needed for exclusion of management mac addresses...3b5bd8a[release/0.12] vendor: github.com/containerd/containerd v17.1840cdbc8Adding state attribute to the HNSEndpoint struct to support hyperv containers...Updates
github.com/andybalholm/brotlifrom 1.0.6 to 1.1.0Commits
17e5901Make my matchfinder work more accessible.cf812c0matchfinder: add M01b6cf36matchfinder: remove MultiHash265f3afmatchfinder: penalize score for overlapping matchesa8d524amatchfinder: replace Score function with DistanceBitCost578645ematchfinder: add MultiHash24b2bfamatchfinder.M4: add Score function4a024e3matchfinder.M4: add match chain3a1c5cdFix typo in comment.0d2aef3matchfinder.M4: factor out extendMatch2Updates
github.com/cenkalti/backoff/v4from 4.2.1 to 4.3.0Commits
720b789remove travis badge from readmea83af7ffeat(backoff): Add functional options for ExponentialBackOff Closes #136Updates
github.com/cloudflare/circlfrom 1.3.7 to 1.4.0Release notes
Sourced from github.com/cloudflare/circl's releases.
... (truncated)
Commits
c311e46Preparing for release v1.4.062385a8Add ML-KEM decapsulation key check.2b4626dAdd ML-KEM (FIPS 203).d26845feddilithium3: fix typos75b28edPreparing CIRCL release v1.3.99e7c49bDetects invalid encodings of bls12381 elements.5f94471Test for invalid encodings of BLS12381.456fe41dilithium: fix typo4bb5601Serializing ciphertext with 32-bit prefixes.a4252c7Test functions working with ciphertext.Updates
github.com/cyphar/filepath-securejoinfrom 0.2.4 to 0.3.1Release notes
Sourced from github.com/cyphar/filepath-securejoin's releases.
... (truncated)
Changelog
Sourced from github.com/cyphar/filepath-securejoin's changelog.
... (truncated)
Commits
ce7b28aVERSION: release v0.3.1a2c14f8CHANGELOG: add readlinkat(fd, "") shout-out4ea279fmerge #22 into cyphar/filepath-securejoin:mainLooks like these dependencies are updatable in another way, so this is no longer needed.