search

qdm12 / deunhealth

Binary program to restart unhealthy Docker containers
MIT License
124 stars 8 forks source link

Build(deps): bump github.com/moby/moby from 20.10.8+incompatible to 20.10.9+incompatible #7

Closed dependabot[bot] closed 3 years ago

dependabot[bot] commented 3 years ago

Bumps github.com/moby/moby from 20.10.8+incompatible to 20.10.9+incompatible.

Release notes

Sourced from github.com/moby/moby's releases.

v20.10.9

This release is a security release with security fixes in the CLI, runtime, as well as updated versions of the containerd.io package and the Go runtime.

Client

  • CVE-2021-41092 Ensure default auth config has address field set, to prevent credentials being sent to the default registry.

Runtime

  • CVE-2021-41089 Create parent directories inside a chroot during docker cp to prevent a specially crafted container from changing permissions of existing files in the host’s filesystem.
  • CVE-2021-41091 Lock down file permissions to prevent unprivileged users from discovering and executing programs in /var/lib/docker.

Packaging

  • Update Golang runtime to Go 1.16.8, which contains fixes for CVE-2021-36221 and CVE-2021-39293
  • Update static binaries and containerd.io rpm and deb packages to containerd v1.4.11 and runc v1.0.2 to address CVE-2021-41103.
  • Update the bundled buildx version to v0.6.3 for rpm and deb packages.
Commits
  • 79ea9d3 Merge pull request #5 from moby/20.10_bump_go_1.16.8
  • fa78afe Update Go to 1.16.8
  • bce32e5 Merge pull request #4 from moby/20.10-ghsa-v994-f8vw-g7j4-chroot-mkdir
  • f0ab919 Merge pull request #2 from moby/20.10-GHSA-3fwx-pjgw-3558_0701-perms
  • 80f1169 chrootarchive: don't create parent dirs outside of chroot
  • 93ac040 Lock down docker root dir perms.
  • d24c6dc Merge pull request #42721 from thaJeztah/20.10_backport_bump_go_1.16.7
  • decb56a Update Go to 1.16.7
  • See full diff in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 3 years ago

Looks like github.com/moby/moby is up-to-date now, so this is no longer needed.