Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]
This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @jbduncan !). Please open an issue if you run into one.
Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]
This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @jbduncan !). Please open an issue if you run into one.
Unfortunately, there are also breaking changes in this release:
The type of Metadata.Tools has changed from *[]Tool to *ToolsChoice, to facilitate the deprecation of Tool in the spec
ToolsChoice holds both legacy *[]Tool, as well as the new *[]Component and *[]Service fields
The Tool type, as well as the ToolsChoice.Tools field are marked as deprecated
During encoding and decoding, it is asserted that only one of both options can be present, in accordance with the "One of" constraint of the spec
When encoding to lower spec versions than v1.5 (using EncodeVersion), Components and Services are automatically converted to legacy Tools
It is strongly recommended to use Components and Services. However, when consuming BOMs, applications should still expect legacy Tools to be present, and handle them accordingly.
Changelog
Fixes
64eb0c84b3d909db47c5154c17d075f68b0c85ae: fix: remove format linters that require extra tooling (@nscuro)
Building and Packaging
696aa66151e800a672c9ec860f30d8716ae6a025: build(deps): bump actions/checkout from 3.5.3 to 4.1.0 (@dependabot[bot])
b50b319d1580d5b624cfc866bc108b589b328157: build(deps): bump actions/checkout from 4.1.0 to 4.1.1 (@dependabot[bot])
5cad1b0a7dad106950790fad960be5f7e62b2110: build(deps): bump actions/setup-go from 4.1.0 to 5.0.0 (@dependabot[bot])
b0910619560e5b0b0fae51dc97c4a343983873fb: build(deps): bump gitpod/workspace-go from d3603c7 to 94ae638 (@dependabot[bot])
9e310b6d641245c89aa01f07a21b50c38f04b087: build(deps): bump gitpod/workspace-go from f37c673 to d3603c7 (@dependabot[bot])
89494fd98291ca8115e02cab78e2e47360352f00: build(deps): bump goreleaser/goreleaser-action from 4.4.0 to 5.0.0 (@dependabot[bot])
Others
61dd91e0bbe730454bef42bc0c1b0a3f97411c02: feat(spec1-5): add support for machine learning (@nscuro)
f831960f0887c1f60681924e4d4382cd4bb52ff0: feat(spec1-5): update valid-vulnerability test snapshots (@nscuro)
ffc9a4eb9204f5a31b7fb1d6cd907e6cc3e93578: ci: enable more linters (@mmorel-35)
This release contains a security fix for [CVE-2024-29018], a potential data exfiltration from 'internal' networks via authoritative DNS servers.
New
Add Subpath field to the VolumeOptions making it possible to mount a subpath of a volume. moby/moby#45687
Add volume-subpath support to the mount flag (--mount type=volume,...,volume-subpath=<subpath>). docker/cli#4331
Accept = separators and [ipv6] in compose files for docker stack deploy. docker/cli#4860
rootless: Add support for enabling host loopback by setting the DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK environment variable to false (defaults to true). This lets containers connect to the host by using IP address 10.0.2.2. moby/moby#47352
containerd image store: docker image ls no longer creates duplicates entries for multi-platform images. moby/moby#45967
[CVE-2024-29018]: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589
Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved. moby/moby#47233
... (truncated)
Commits
60b9add Merge pull request #47705 from robmry/backport-26.0/47662_ipvlan_l3_dns
8ad7f86 Run ipvlan tests even if 'modprobe ipvlan' fails
dc27552 Stop macvlan with no parent from using ext-dns
Bumps the go-modules group with 41 updates:
1.30.0
1.32.0
0.18.0
0.18.5
0.7.2
0.8.0
0.11.4
0.12.2
0.0.0-20230412183729-8602f1afc574
0.0.1
1.0.6
1.1.0
4.2.1
4.3.0
1.7.10
1.7.12
0.5.0
0.6.0
24.0.7+incompatible
26.0.1+incompatible
0.8.0
0.8.1
0.4.0
0.5.0
5.11.0
5.12.0
1.5.3
1.5.4
0.17.0
0.19.1
1.4.0
1.6.0
1.17.4
1.17.8
0.0.0-20230301153543-ba94b245509b
0.1.0
1.1.0-rc5
1.1.0
4.1.19
4.1.21
0.4.4
0.4.7
0.2.0
0.3.0
1.3.1
1.3.2-0.20230802210424-5b0b94c5c0d3
3.23.11
3.23.12
1.3.1
1.4.0
1.2.1
1.2.2
2.15.0
2.16.0
0.26.0
0.30.0
0.5.11
0.5.12
0.0.0-20230301185719-21920a456ad5
0.0.0-20230925121702-07e42b3cdba0
1.2.3
1.2.4
0.17.0
0.21.0
0.0.0-20230510235704-dd950f8aeaea
0.0.0-20231006140011-7918f672742d
0.14.0
0.16.0
0.19.0
0.22.0
0.5.0
0.6.0
0.16.0
0.18.0
0.16.0
0.16.1
0.0.0-20231120223509-83a465c0220f
0.0.0-20240123012728-ef4313101c80
1.59.0
1.62.0
1.31.0
1.33.0
Updates
github.com/onsi/gomega
from 1.30.0 to 1.32.0Release notes
Sourced from github.com/onsi/gomega's releases.
Changelog
Sourced from github.com/onsi/gomega's changelog.
Commits
4379951
v1.32.0a350b95
Maintain source backwards compatibilitya6c8875
Fix failing test436a197
Migrate github.com/golang/protobuf to google.golang.org/protobuf32ef35e
chore: test with Go 1.22 (#733)a0d0387
Bump golang.org/x/net from 0.19.0 to 0.20.0 (#717)b71e477
Bump github-pages and jekyll-feed in /docs (#732)f460154
docs: fix typo and broken anchor link to gstructa2862e4
docs: fix HaveEach matcher signature762b171
v1.31.1Updates
github.com/paketo-buildpacks/occam
from 0.18.0 to 0.18.5Release notes
Sourced from github.com/paketo-buildpacks/occam's releases.
Commits
f23ed80
use go 1.20 (#288)4e0efea
remove toolchain from go.modea10e39
update fakes059d6bc
Bump github.com/google/go-containerregistry from 0.14.0 to 0.19.11f22679
Bump github.com/docker/docker37cf400
Bump github.com/onsi/gomega from 1.30.0 to 1.32.0122482e
Bump github.com/testcontainers/testcontainers-go from 0.26.0 to 0.30.0 (#285)393f58f
Bump google.golang.org/protobuf from 1.31.0 to 1.33.0f37d228
Bump github.com/opencontainers/runc from 1.1.5 to 1.1.121d68391
tests: adding tests for NewContainerFromInspectOutput functionUpdates
github.com/CycloneDX/cyclonedx-go
from 0.7.2 to 0.8.0Release notes
Sourced from github.com/CycloneDX/cyclonedx-go's releases.
Commits
b9654ae
Merge pull request #90 from CycloneDX/spec-v1.564eb0c8
fix: remove format linters that require extra toolingc7a84ac
feat(spec1-5): handle deprecation of toolsf856daa
feat(spec1-5): add support for formulation2fbde0e
feat(spec1-5): add support for identity, occurrences, and callstack evidence61dd91e
feat(spec1-5): add support for machine learningf831960
feat(spec1-5): updatevalid-vulnerability
test snapshotsfe3a904
feat(spec1-5): add support for ssvc scoring method7d2713f
feat(spec1-5): add support for vulnerability proof of concept2ae5445
feat(spec1-5): add support for additional compositions and composition identityUpdates
github.com/Microsoft/hcsshim
from 0.11.4 to 0.12.2Release notes
Sourced from github.com/Microsoft/hcsshim's releases.
... (truncated)
Commits
ad1ccf5
fix: move permissions to the correct job (#2080) (#2081)6588c1c
Updating permissions and github release action versions (#2078) (#2079)202f90a
Add spans and drop large size high volume trace logsfe8c673
updatenewBinaryCmd
URL path handling (#2041)85086d7
Upgrade to go1.21 + fix lint errors8039310
[deps] Omni-bus dependency update (#2039)7458e58
Update Cmd IO handling (#1937)5f9910a
Fix CodeQL pipeline failure (#2032)c56a09c
Merge pull request #1998 from yyatmsft/removeInternalTests2c767380
Don't create container scratch per base layer (#2002)Updates
github.com/anchore/stereoscope
from 0.0.0-20230412183729-8602f1afc574 to 0.0.1Release notes
Sourced from github.com/anchore/stereoscope's releases.
Commits
Updates
github.com/andybalholm/brotli
from 1.0.6 to 1.1.0Commits
17e5901
Make my matchfinder work more accessible.cf812c0
matchfinder: add M01b6cf36
matchfinder: remove MultiHash265f3af
matchfinder: penalize score for overlapping matchesa8d524a
matchfinder: replace Score function with DistanceBitCost578645e
matchfinder: add MultiHash24b2bfa
matchfinder.M4: add Score function4a024e3
matchfinder.M4: add match chain3a1c5cd
Fix typo in comment.0d2aef3
matchfinder.M4: factor out extendMatch2Updates
github.com/cenkalti/backoff/v4
from 4.2.1 to 4.3.0Commits
720b789
remove travis badge from readmea83af7f
feat(backoff): Add functional options for ExponentialBackOff Closes #136Updates
github.com/containerd/containerd
from 1.7.10 to 1.7.12Release notes
Sourced from github.com/containerd/containerd's releases.
... (truncated)
Commits
71909c1
Merge pull request #9632 from dmcgowan/prepare-v1.7.12775d544
Prepare release notes for v1.7.124ebe8e2
Merge pull request #9624 from thaJeztah/1.7_update_golang_1.20.13a5dc5b8
update to go1.20.13, test go1.21.650e7359
Merge pull request #9548 from Dzejrou/1.7_fix_ignoring_umask5a675f2
Merge pull request #9602 from thaJeztah/1.7_backport_no_execabsccca466
Merge pull request #9605 from thaJeztah/1.7_backport_switch_moby_user9251072
remove github.com/opencontainers/runc dependency4e67213
vendor: github.com/cncf-tags/container-device-interface v0.6.1e0ee0be
go.mod: github.com/opencontainers/runtime-spec v1.1.0Updates
github.com/distribution/reference
from 0.5.0 to 0.6.0Release notes
Sourced from github.com/distribution/reference's releases.
Commits
ff14faf
Merge pull request #9 from ozairasim/exclude-domain-from-name-length-validation2a66312
Merge pull request #10 from xrstf/patch-1094e717
fix typo in readmeaaca75e
Exclude domain from name length check8507c7f
Merge pull request #7 from thaJeztah/cleanup_splitDockerDomain89ee7ec
refactor splitDockerDomain to include more documentationa3fb784
Merge pull request #5 from thaJeztah/rm_deprecated4894124
remove deprecated SplitHostnameUpdates
github.com/docker/docker
from 24.0.7+incompatible to 26.0.1+incompatibleRelease notes
Sourced from github.com/docker/docker's releases.
... (truncated)
Commits
60b9add
Merge pull request #47705 from robmry/backport-26.0/47662_ipvlan_l3_dns8ad7f86
Run ipvlan tests even if 'modprobe ipvlan' failsdc27552
Stop macvlan with no parent from using ext-dns7b570f0
Enable DNS proxying for ipvlan-l38cdcc4f
Move dummy DNS server to integration/internal/networked752f6
Merge pull request #47701 from vvoland/v26.0-476919db1b6f
Merge pull request #47702 from vvoland/v26.0-476476261281
Merge pull request #47700 from vvoland/v26.0-4767390355e5
Merge pull request #47696 from vvoland/v26.0-4765872615b1
github/ci: Check if backport is opened against the expected branchUpdates
github.com/docker/docker-credential-helpers
from 0.8.0 to 0.8.1Release notes
Sourced from github.com/docker/docker-credential-helpers's releases.
Commits
292722b
Merge pull request #308 from thaJeztah/update_golang_1.21.6979dcc4
Merge pull request #309 from thaJeztah/update_golangcif411a65
Dockerfile: update golangci-lint to v1.55.29629bd7
update to go1.21.6f642c26
Merge pull request #306 from thaJeztah/err_checks8fc3306
Merge pull request #307 from thaJeztah/bump_wincred6a3e64c
move trimming whitespace to error-check helpers218f178
vendor: github.com/danieljoos/wincred v1.2.1Updates
github.com/docker/go-connections
from 0.4.0 to 0.5.0Commits
fa09c95
Merge pull request #108 from thaJeztah/carry_67a67a58
Swap CloseRead and CloseWrite481d3d2
Merge pull request #107 from thaJeztah/drop_legacy_go9548f9f
tlsconfig: remove deprecated io/ioutilc564c21
drop support for go1.17 and older7cbebcf
gha: update actions2cf423f
tlsconfig: move allTLSVersions vardca283b
tlsconfig: drop support for go1.12 and older21876c5
tlsconfig: drop support for go1.6 and older4d174db
tlsconfig: drop support for go1.4 and olderUpdates
github.com/go-git/go-git/v5
from 5.11.0 to 5.12.0Release notes
Sourced from github.com/go-git/go-git/v5's releases.