This release includes a few fixes for MkdirAll when dealing with S_ISUID
and S_ISGID, to solve a regression runc hit when switching to MkdirAll.
Passing the S_ISUID or S_ISGID modes to MkdirAllInRoot will now return
an explicit error saying that those bits are ignored by mkdirat(2). In
the past a different error was returned, but since the silent ignoring
behaviour is codified in the man pages a more explicit error seems
apt. While silently ignoring these bits would be the most compatible
option, it could lead to users thinking their code sets these bits
when it doesn't. Programs that need to deal with compatibility can
mask the bits themselves. (#23, #25)
If a directory has S_ISGID set, then all child directories will have
S_ISGID set when created and a different gid will be used for any
inode created under the directory. Previously, the "expected owner and
mode" validation in securejoin.MkdirAll did not correctly handle this.
We now correctly handle this case. (#24, #25)
Passing the S_ISUID or S_ISGID modes to MkdirAllInRoot will now return
an explicit error saying that those bits are ignored by mkdirat(2). In the
past a different error was returned, but since the silent ignoring behaviour
is codified in the man pages a more explicit error seems apt. While silently
ignoring these bits would be the most compatible option, it could lead to
users thinking their code sets these bits when it doesn't. Programs that need
to deal with compatibility can mask the bits themselves. (#23, #25)
Fixed
If a directory has S_ISGID set, then all child directories will have
S_ISGID set when created and a different gid will be used for any inode
created under the directory. Previously, the "expected owner and mode"
validation in securejoin.MkdirAll did not correctly handle this. We now
correctly handle this case. (#24, #25)
Add NewProducer to go.opentelemetry.io/contrib/instrumentation/runtime, which allows collecting the go.schedule.duration histogram metric from the Go runtime. (#5991)
Add gRPC protocol support for OTLP log exporter in go.opentelemetry.io/contrib/exporters/autoexport. (#6083)
Superfluous call to WriteHeader when flushing after setting a status code in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#6074)
Superfluous call to WriteHeader when writing the response body after setting a status code in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#6055)
Bumps the go-modules group with 17 updates in the / directory:
1.34.1
1.34.2
0.2.0
0.3.0
0.18.7
0.18.8
2.14.2
2.15.0
3.2.1
3.3.0
3.2.3
3.3.0
0.12.5
0.12.6
1.3.9
1.4.0
0.1.0
0.2.0
0.3.1
0.3.2
27.1.2+incompatible
27.3.1+incompatible
1.17.9
1.17.10
2.18.0
2.19.1
0.53.0
0.55.0
0.26.0
0.27.0
0.20.0
0.21.0
0.28.0
0.29.0
Updates
github.com/onsi/gomega
from 1.34.1 to 1.34.2Release notes
Sourced from github.com/onsi/gomega's releases.
Changelog
Sourced from github.com/onsi/gomega's changelog.
Commits
7cabed6
v1.34.2c59c6dc
bump ginkgo as well8158b99
bump to go 1.22 - remove x/exp dependencyUpdates
github.com/paketo-buildpacks/libnodejs
from 0.2.0 to 0.3.0Release notes
Sourced from github.com/paketo-buildpacks/libnodejs's releases.
Commits
1868fa9
feat: add support for cjs files (#34)f099c5f
Marshal dependencies from package.toml (#33)5099ee8
build(deps): bump github.com/paketo-buildpacks/packit/v2daff2f2
feat: add support for mjs files when finding apps (#31)c6e737a
build(deps): bump github.com/paketo-buildpacks/packit/v2e1ab573
build(deps): bump github.com/onsi/gomega from 1.33.1 to 1.34.1349be0c
build(deps): bump github.com/paketo-buildpacks/packit/v290f967f
build(deps): bump github.com/onsi/gomega from 1.33.0 to 1.33.12e42024
build(deps): bump github.com/paketo-buildpacks/packit/v23352dd5
build(deps): bump github.com/onsi/gomega from 1.32.0 to 1.33.0Updates
github.com/paketo-buildpacks/occam
from 0.18.7 to 0.18.8Release notes
Sourced from github.com/paketo-buildpacks/occam's releases.
Commits
1193f3c
Bump docker to version 26.1.5 to fix CVE-2024-411105cd4ede
Updates go mod version to 1.23.02e5b930
Updates go mod version to 1.22.6815b014
Bump github.com/paketo-buildpacks/packit/v2 from 2.14.1 to 2.14.274a79fb
Bump github.com/paketo-buildpacks/packit/v2 from 2.14.0 to 2.14.190134a5
Bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2653a6fb
Bump github.com/onsi/gomega from 1.34.0 to 1.34.1ed0e429
Bump github.com/onsi/gomega from 1.33.1 to 1.34.0f467245
Updates go mod version to 1.22.5c97acf2
Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1Updates
github.com/paketo-buildpacks/packit/v2
from 2.14.2 to 2.15.0Release notes
Sourced from github.com/paketo-buildpacks/packit/v2's releases.
Commits
1ab5b00
SyftCLIScanner: support SBOM generation with syft CLI884a7b7
Update to fix linterc3a3e6a
Updating github-configUpdates
github.com/Masterminds/semver/v3
from 3.2.1 to 3.3.0Release notes
Sourced from github.com/Masterminds/semver/v3's releases.
Changelog
Sourced from github.com/Masterminds/semver/v3's changelog.
Commits
e6e3d4d
Merge pull request #249 from mattfarina/update-changelog-3.3.0e80c4ea
Updating changelog for 3.3.080427ad
Merge pull request #248 from mattfarina/bump-min-versionb610837
bumping min version in go.mod based on what's testeda4cccd8
Merge pull request #246 from mattfarina/bump-go-1.237c178cf
Updating the testing version of Go used29f94c1
Merge pull request #241 from grosser/grosser/validate2cf1b16
Merge pull request #245 from mattfarina/remove-vertb55476a
Removing reference to vertd07450b
simplify StrictNewVersionUpdates
github.com/Masterminds/sprig/v3
from 3.2.3 to 3.3.0Release notes
Sourced from github.com/Masterminds/sprig/v3's releases.
Changelog
Sourced from github.com/Masterminds/sprig/v3's changelog.
Commits
e708470
Merge pull request #408 from mattfarina/update-changelog-3.38fc4354
Updating the changelog for the 3.3.0 releasecb81a32
Merge pull request #407 from mattfarina/remove-dup-math-functions2637693
Removing duplicate documentation06b9a87
Merge pull request #290 from zzhu41/patch-1e663ec6
Merge pull request #369 from chey/patch-1bb2f73f
Merge pull request #375 from carlpett/patch-1f07659e
Merge pull request #400 from itzik-elayev/master98b35c1
Add closing bracket7a88928
Merge pull request #406 from mattfarina/update-mergoUpdates
github.com/Microsoft/hcsshim
from 0.12.5 to 0.12.6Release notes
Sourced from github.com/Microsoft/hcsshim's releases.
Commits
f922f2a
Omnibus dependency updates (#2051)7d25ce2
Update module versions85a5a57
drop usage of deprecated package/methodsd4b1cc0
Bump opa/containerd to latest versions6a5ebd3
Upgrade deps to resolve CVEs (#2225)4f46058
Omnibus dependency update (#2166)Updates
github.com/cloudflare/circl
from 1.3.9 to 1.4.0Release notes
Sourced from github.com/cloudflare/circl's releases.
Commits
c311e46
Preparing for release v1.4.062385a8
Add ML-KEM decapsulation key check.2b4626d
Add ML-KEM (FIPS 203).d26845f
eddilithium3: fix typosUpdates
github.com/containerd/errdefs
from 0.1.0 to 0.2.0Release notes
Sourced from github.com/containerd/errdefs's releases.
Commits
02b65bc
Merge pull request #18 from dmcgowan/add-missing-interfaces41d12e1
Complete interface definitions for errors70440b8
Merge pull request #7 from dmcgowan/grpc-error-detailsb9dce4d
Add support for grpc error detailsffb0349
Update Resolve function to support Is interface124d0dc
Merge pull request #10 from dmcgowan/custom-error-messagesdc9b20e
Add support for custom error messages6c7f402
Merge pull request #9 from dmcgowan/resolve-error9f87502
Add a resolve error function to return first error6fb6cf0
Merge pull request #8 from dmcgowan/add-stack-supportUpdates
github.com/cyphar/filepath-securejoin
from 0.3.1 to 0.3.2Release notes
Sourced from github.com/cyphar/filepath-securejoin's releases.
Changelog
Sourced from github.com/cyphar/filepath-securejoin's changelog.
Commits
e408943
VERSION: release v0.3.21c875f5
CHANGELOG: fix headersfdaafcc
merge #25 into cyphar/filepath-securejoin:main1acda83
mkdirall: correctly handle sgid directory parent8484faf
tests: mkdirall: refactor check and mkdirall helpers350d697
mkdirall: explicitly return an error for suid/sgid bits43b1026
tests: procfs: skip procfs tests if overmounting is blocked82e5725
VERSION: back to developmentUpdates
github.com/docker/cli
from 27.1.2+incompatible to 27.3.1+incompatibleCommits
ce12230
Merge pull request #5462 from thaJeztah/27.x_backport_bump_compose263ba95
Merge pull request #5461 from laurazard/27.x-backport-update-VERSIONbe9b9f3
UpdateVERSION
file tov27.3.1-dev
a4149b0
Dockerfile: update compose to v2.29.74aac415
Merge pull request #5458 from thaJeztah/27.x_bump_engine38546958
vendor: github.com/docker/docker v27.3.0f052003
Merge pull request #5457 from laurazard/backport-dropped-defer460f1be
telemetry: fix early meterprovider shutdowne85edf8
Merge pull request #5452 from laurazard/27.3.0-match-moby-versionca62759
vendor: github.com/docker/docker v27.3.0-rc2Updates
github.com/klauspost/compress
from 1.17.9 to 1.17.10Release notes
Sourced from github.com/klauspost/compress's releases.
Commits
2a46d6b
Update README.md4dafca9
ci: Upgrade Go & other (#1008)26519f8
zstd: Improve memory usage on small streaming encodes (#1007)51aa0ec
[gzhttp] Add supported decompress request body (#1002)13c1244
build(deps): bump github/codeql-action in the github-actions group (#997)62905e4
read data written with partial flush (#996)3868468
Fix typos (#986)8b81499
build(deps): bump the github-actions group with 2 updates (#985)d76f801
s2: Add EncodeBuffer buffer recycling callback (#982)cfab8bd
docs: Fix URL typo when installing builddict (#980)Updates
github.com/sylabs/sif/v2
from 2.18.0 to 2.19.1Release notes
Sourced from github.com/sylabs/sif/v2's releases.
Commits
1ed3ce5
Merge pull request #384 from tri-adam/overflow-fix6f00aba
fix: check descriptor capacity during SIF creationc1fcc37
fix: correct the range check for descriptor IDsfd8a090
Merge pull request #383 from tri-adam/golangci-lint-v1.60d2a9ddc
fix: address lint with golangci-lint v1.60f4453b3
ci: remove deprecated exportloopref linterdd77d01
chore: bump golangci-lint to v1.60518b3a3
build(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.8.8 (#381)afa5a4e
Merge pull request #382 from tri-adam/go-1.239a07943
chore: bump module to Go 1.22Updates
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
from 0.53.0 to 0.55.0Release notes
Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's releases.
Looks like these dependencies are updatable in another way, so this is no longer needed.