This release makes some minor improvements to SecureJoin:
Some changes were made to how lexical components are handled during
resolution. There is no change in behaviour, and both implementations
are safe, however the newer implementation is much easier to reason
about.
The error returned when a symlink loop has been detected will now
reference the correct path. #10
Bumps the go-modules group with 28 updates in the / directory:
0.18.0
0.18.7
0.11.5
0.12.4
1.0.6
1.1.0
4.2.1
4.3.0
1.3.7
1.3.9
0.2.4
0.2.5
0.5.0
0.6.0
26.1.3+incompatible
26.1.4+incompatible
0.8.0
0.8.2
1.4.3
1.4.4
5.11.0
5.12.0
1.4.1
1.4.2
1.4.0
1.5.0
1.17.4
1.17.9
0.0.0-20230301153543-ba94b245509b
0.1.1
4.1.19
4.1.21
0.4.4
0.4.7
0.2.0
0.4.0
3.23.12
3.24.5
1.3.1
1.4.0
0.5.3
0.5.4
2.15.0
2.17.0
0.3.13
0.3.14
0.5.3
0.5.4
0.49.0
0.52.0
0.17.0
0.18.0
0.25.0
0.26.0
1.33.0
1.34.2
Updates
github.com/paketo-buildpacks/occam
from 0.18.0 to 0.18.7Release notes
Sourced from github.com/paketo-buildpacks/occam's releases.
... (truncated)
Commits
aff3030
Buildpack packaging should always target linux7b8692d
Updates go mod toolchain version to 1.22.4ddf2781
Bump github.com/docker/dockere9fee75
Adds support of buildpackages in buildpack store and updates freezer (#302)dda57be
Updating github-configf0b937b
Use stable go version everywhere.354d744
Bump to go 1.2164bc107
Updating github-configd00fe4b
Bump github.com/docker/docker37502e4
Bump github.com/testcontainers/testcontainers-go from 0.30.0 to 0.31.0Updates
github.com/ForestEckhardt/freezer
from 0.0.12 to 0.1.0Release notes
Sourced from github.com/ForestEckhardt/freezer's releases.
Commits
a57bf55
Updates fetchers to create buildpackagesUpdates
github.com/Microsoft/hcsshim
from 0.11.5 to 0.12.4Release notes
Sourced from github.com/Microsoft/hcsshim's releases.
... (truncated)
Commits
c6a8327
Adding support for loadbalancer policy update in hns. (#2085)44e4ec0
Changes for checking the global version for modify policy version support. (#...62f86c0
OutBoundNATPolicy Schema changes (#2106)c950974
Update go-winio to v0.6.2 & fix lint errorsad1ccf5
fix: move permissions to the correct job (#2080) (#2081)6588c1c
Updating permissions and github release action versions (#2078) (#2079)202f90a
Add spans and drop large size high volume trace logsfe8c673
updatenewBinaryCmd
URL path handling (#2041)85086d7
Upgrade to go1.21 + fix lint errors8039310
[deps] Omni-bus dependency update (#2039)Updates
github.com/andybalholm/brotli
from 1.0.6 to 1.1.0Commits
17e5901
Make my matchfinder work more accessible.cf812c0
matchfinder: add M01b6cf36
matchfinder: remove MultiHash265f3af
matchfinder: penalize score for overlapping matchesa8d524a
matchfinder: replace Score function with DistanceBitCost578645e
matchfinder: add MultiHash24b2bfa
matchfinder.M4: add Score function4a024e3
matchfinder.M4: add match chain3a1c5cd
Fix typo in comment.0d2aef3
matchfinder.M4: factor out extendMatch2Updates
github.com/cenkalti/backoff/v4
from 4.2.1 to 4.3.0Commits
720b789
remove travis badge from readmea83af7f
feat(backoff): Add functional options for ExponentialBackOff Closes #136Updates
github.com/cloudflare/circl
from 1.3.7 to 1.3.9Release notes
Sourced from github.com/cloudflare/circl's releases.
Commits
75b28ed
Preparing CIRCL release v1.3.99e7c49b
Detects invalid encodings of bls12381 elements.5f94471
Test for invalid encodings of BLS12381.456fe41
dilithium: fix typo4bb5601
Serializing ciphertext with 32-bit prefixes.a4252c7
Test functions working with ciphertext.64431bb
Testing long plaintext.fe2b663
Using SHAKE128 as a fixed prgn for golden files.2c600ff
Align to thepurego
build tag, removingnoasm
build taga4b7601
Ensure pairing functions don't overwrite the input.Updates
github.com/cyphar/filepath-securejoin
from 0.2.4 to 0.2.5Release notes
Sourced from github.com/cyphar/filepath-securejoin's releases.
Commits
d861a11
VERSION: release v0.2.587bc53a
join: fix ELOOP error pathe9be397
join: don't allow .. and . in working path during resolution75cdbea
gha: update Go versionsb69b737
VERSION: back to developmentUpdates
github.com/distribution/reference
from 0.5.0 to 0.6.0Release notes
Sourced from github.com/distribution/reference's releases.
Commits
ff14faf
Merge pull request #9 from ozairasim/exclude-domain-from-name-length-validation2a66312
Merge pull request #10 from xrstf/patch-1094e717
fix typo in readmeaaca75e
Exclude domain from name length check8507c7f
Merge pull request #7 from thaJeztah/cleanup_splitDockerDomain89ee7ec
refactor splitDockerDomain to include more documentationa3fb784
Merge pull request #5 from thaJeztah/rm_deprecated4894124
remove deprecated SplitHostnameUpdates
github.com/docker/cli
from 26.1.3+incompatible to 26.1.4+incompatibleCommits
5650f9b
Merge pull request #5116 from thaJeztah/26.1_update_enginee8bc27d
vendor: github.com/docker/docker de5c9cf0b96e (v26.1.4-dev)2acb9c2
vendor: github.com/containerd/containerd v1.7.18230d4d0
vendor: github.com/containerd/containerd v1.7.176d47c06
vendor: tags.cncf.io/container-device-interface v0.7.2a6d757c
vendor: github.com/Microsoft/hcsshim v0.11.5c463d96
vendor: github.com/opencontainers/image-spec v1.1.0a61a0c3
Merge pull request #5118 from thaJeztah/26.1_backport_bump_go1.21.110576b3d
update to go1.21.1160b13f1
Dockerfile: update ALPINE_VERSION to 3.20Updates
github.com/docker/docker-credential-helpers
from 0.8.0 to 0.8.2Release notes
Sourced from github.com/docker/docker-credential-helpers's releases.
Commits
6b9df3e
Merge pull request #323 from thaJeztah/pass_simplify_getdc10c50
Merge pull request #317 from docker/dependabot/github_actions/softprops/actio...896eb37
build(deps): bump softprops/action-gh-release to 2.0.5a14669f
pass: Get: remove redundant stat74840b3
Merge pull request #322 from thaJeztah/pass_dryd3ef442
pass: add utilities for encoding/decoding serverURLf64d6b1
Merge pull request #321 from thaJeztah/fix_pass_errors1bb9aa3
pass: return correct error, and ignore empty stores on list73b9e5d
Merge pull request #320 from thaJeztah/update_gha0c43fed
update to go1.21.10Updates
github.com/gabriel-vasile/mimetype
from 1.4.3 to 1.4.4Release notes
Sourced from github.com/gabriel-vasile/mimetype's releases.
Commits
43192c8
Bump the github-actions group across 1 directory with 3 updates (#534)07821d3
Using io.ReadAll instead of ioutil.ReadAll (#525)9bd6023
github actions & readme: remove codecov badge (#533)ff4d3d0
improve performance for text detection (#532)bc511b8
add defaultLimit and use it when resetting back (#531)341c422
Improve x-subrip detection performance (#524)043efb9
fix benchmark files order (#518)fd7639e
ftyp: exit asap to prevent mem allocs (#517)889166d
Merge pull request #505 from gabriel-vasile/dependabot/github_actions/github-...e938b0c
Merge pull request #502 from gabriel-vasile/dependabot/go_modules/gomod-82d2d...Updates
github.com/go-git/go-git/v5
from 5.11.0 to 5.12.0Release notes
Sourced from github.com/go-git/go-git/v5's releases.
Commits
302ddde
Merge pull request #1060 from go-git/dependabot/go_modules/github.com/gliderl...6bba34d
build: bump github.com/gliderlabs/ssh from 0.3.6 to 0.3.7feaeb36
Merge pull request #937 from matejrisek/feature/rename-short-fields7959a42
Merge pull request #1052 from go-git/dependabot/go_modules/github.com/skeema/...4c17ce7
build: bump github.com/skeema/knownhosts from 1.2.1 to 1.2.23f77e6f
Merge pull request #1048 from pjbgf/fix-reset-validation6af38e0
Merge pull request #1047 from avoidalone/mastere6c3e58
Merge pull request #1044 from pjbgf/ff-merge04f7b23
*: fix some commentsf4f1a87
Merge pull request #971 from nodivbyzero/fix-177-diff-print-file-statsUpdates
github.com/go-logr/logr
from 1.4.1 to 1.4.2Release notes
Sourced from github.com/go-logr/logr's releases.
Looks like these dependencies are updatable in another way, so this is no longer needed.