dilim/moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2026-06-24 16:58:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
56,935 Commits 19 Branches 582 Tags
master
Commit Graph

2300 Commits

Author SHA1 Message Date
Sebastiaan van Stijn
924d109770 vendor: github.com/containerd/containerd/v2 v2.2.5 
- full diff: https://github.com/containerd/containerd/compare/v2.2.4...v2.2.5
- release notes: https://github.com/containerd/containerd/releases/tag/v2.2.5

The fifth patch release for containerd 2.2 contains various fixes
and updates including security patches.

-  CVE-2026-50195 / [GHSA-cvxm-645q-p574] CRI: checkpoint import allows local image tag poisoning
-  CVE-2026-53488 / [GHSA-xhf5-7wjv-pqxp] CRI: image-config LABEL flows to host-root command execution from an image pull
-  CVE-2026-53492 / [GHSA-33vj-92qq-66hc] CRI: CDI annotation smuggling during CRI checkpoint restore
-  CVE-2026-53489 / [GHSA-rgh6-rfwx-v388] CRI: Arbitrary host file read via symlink following in CRI checkpoint restore
-  CVE-2026-47262 / [GHSA-jpcc-p29g-p8mq] containerd image-triggered runtime DoS via unbounded group parsing

[GHSA-cvxm-645q-p574]: https://github.com/containerd/containerd/security/advisories/GHSA-cvxm-645q-p574
[GHSA-xhf5-7wjv-pqxp]: https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp
[GHSA-33vj-92qq-66hc]: https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc
[GHSA-rgh6-rfwx-v388]: https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388
[GHSA-jpcc-p29g-p8mq]: https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-19 09:17:24 +02:00
Mend Renovate
dd1688ac98 Update aws-sdk-go-v2 monorepo to v1.76.0 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-06-18 19:36:40 +00:00
Mend Renovate
ae4b97fba3 Update module github.com/opencontainers/cgroups to v0.0.7 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-06-17 23:06:33 +00:00
Mend Renovate
d233d34da7 Update aws-sdk-go-v2 monorepo 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-06-17 19:16:50 +00:00
Paweł Gronowski
5eda928bb8 Merge pull request #52636 from smerkviladze/add-attestation-statements 
image: expose in-toto attestation statements via the API
 2026-06-12 15:49:34 +02:00
Sopho Merkviladze
0b2c3780be api: declare ImageAttestations platform and type as repeatable 
Both query parameters are now collectionFormat: multi arrays in the
swagger so they can accept multiple values later without an API
version bump. The server still operates on a single platform and
rejects requests passing more than one; type is read directly as a
list of repeated values instead of a comma-separated string.

Signed-off-by: Sopho Merkviladze <smerkviladze@mirantis.com>
 2026-06-12 16:20:52 +04:00
CrazyMax
c1ed6b6b2d vendor: update buildkit to v0.31.0-rc2 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-06-12 13:43:37 +02:00
Sopho Merkviladze
a0b6dbc2fc api: add GET /images/{name}/attestations endpoint 
Add a new Engine API endpoint that returns the in-toto attestation
statements attached to an image for a given platform. The endpoint
locates the attestation manifest(s) referencing the requested platform's
image manifest, enumerates the statement layers, and returns each
layer's OCI descriptor (including media type, digest, size, and
annotations) together with its in-toto predicate type.

Query parameters:
  - platform: JSON-encoded OCI platform; defaults to the daemon's host
    platform if omitted.
  - type: comma-separated list of in-toto predicate type URIs; if
    omitted, all statements are returned.
  - statement: boolean, defaults to false. When true, the daemon reads
    each matching statement blob and includes the verbatim in-toto JSON
    in the response. When false (or omitted), statement blobs are not
    read and the Statement field is absent from each entry.

The manifest-chain walk (locating the platform image manifest and its
associated attestation manifest) is delegated to policy-helpers'
image.ResolveSignatureChain so that moby and BuildKit agree on how to
interpret the attestation storage format. The statement-layer iteration
and blob reading is inlined: when statement bodies are requested it
fails fast on the first unreadable blob and reads matching blobs
eagerly into memory; otherwise statement-layer blobs are never read
from the content store.

The endpoint is implemented for the containerd image store. The legacy
graphdriver store returns errdefs.NotImplemented (HTTP 501).

Signed-off-by: Sopho Merkviladze <smerkviladze@mirantis.com>
 2026-06-12 13:40:58 +04:00
Mend Renovate
d6d4f958bc Update aws-sdk-go-v2 monorepo to v1.75.2 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-06-11 18:37:52 +00:00
Paweł Gronowski
8e54f4f249 Add replace rules 
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
 2026-06-11 20:14:29 +02:00
Tonis Tiigi
9f98b738cd vendor: update buildkit to v0.31.0-dev 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2026-06-10 16:43:18 -07:00
Sebastiaan van Stijn
5a509d4def Merge pull request #52809 from renovate-bot/renovate/aws-sdk-go-v2-monorepo 
Update aws-sdk-go-v2 monorepo to v1.75.1
 2026-06-10 15:09:27 +02:00
Paweł Gronowski
2046453a51 Merge pull request #52799 from thaJeztah/rm_legacy_protoc_gen_go 
remove uses of legacy github.com/golang/protobuf/protoc-gen-go
 2026-06-10 13:17:05 +02:00
Mend Renovate
d29c835760 Update aws-sdk-go-v2 monorepo to v1.75.1 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-06-10 11:00:38 +00:00
Paweł Gronowski
877cddfeba Merge pull request #52800 from thaJeztah/bump_aws 
vendor: github.com/aws/aws-sdk-go-v2 v1.42.0
 2026-06-10 12:49:17 +02:00
Mend Renovate
d00e9e6bca Update github.com/docker/go-events digest to dbf6103 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-06-09 17:24:52 +00:00
Sebastiaan van Stijn
3ab9e812e1 Merge pull request #52796 from renovate-bot/renovate/github.com-moby-swarmkit-v2-digest 
Update github.com/moby/swarmkit/v2 digest to f80b112
 2026-06-09 19:09:31 +02:00
Sebastiaan van Stijn
5e33fe53ee vendor: github.com/aws/aws-sdk-go-v2 v1.42.0 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-09 18:49:28 +02:00
Sebastiaan van Stijn
b521d79084 Merge pull request #52791 from renovate-bot/renovate/github.com-aws-smithy-go-1.x 
Update module github.com/aws/smithy-go to v1.27.2
 2026-06-09 18:40:12 +02:00
Sebastiaan van Stijn
c6c8f97224 remove uses of legacy github.com/golang/protobuf/protoc-gen-go 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-09 15:41:01 +02:00
Mend Renovate
3c940ba036 Update github.com/moby/swarmkit/v2 digest to f80b112 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-06-09 13:12:41 +00:00
Sebastiaan van Stijn
252f6070f9 vendor: go.opentelemetry.io/otel v1.44.0, go.opentelemetry.io/contrib v0.69.0 
Manually bumped go.opentelemetry.io/otel/sdk/log to v0.20.0 to remove the
go.opentelemetry.io/otel/semconv/v1.40.0 dependency.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-09 13:16:48 +02:00
Mend Renovate
187b805105 Update module github.com/aws/smithy-go to v1.27.2 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-06-08 20:00:46 +00:00
Lohit Kolluri
36963fb1a1 vendor: github.com/moby/swarmkit/v2 v2.1.3-0.20260608090550-b0ffe7f2049a 
Update swarmkit to latest master to include the upstream fix for
constraint enforcer counting completed replicated-job tasks against
node capacity.

Signed-off-by: Lohit Kolluri <lohitkolluri@gmail.com>
 2026-06-08 23:12:34 +05:30
Sebastiaan van Stijn
fe5bc81e57 Merge pull request #52768 from renovate-bot/renovate/github.com-opencontainers-selinux-1.x 
Update module github.com/opencontainers/selinux to v1.15.1
 2026-06-08 12:55:00 +02:00
Paweł Gronowski
0945b565cf Merge pull request #52767 from thaJeztah/bump_sequential 
vendor: github.com/moby/sys/sequential v0.7.0
 2026-06-08 10:30:28 +02:00
Paweł Gronowski
464dd0e5fa Merge pull request #52382 from renovate-bot/renovate/github.com-containerd-platforms-1.x 
Update module github.com/containerd/platforms to v1.0.0-rc.4
 2026-06-05 16:48:22 +02:00
Mend Renovate
a5c1030e18 Update module github.com/opencontainers/selinux to v1.15.1 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-06-05 14:27:16 +00:00
Sebastiaan van Stijn
7f21a7bafe vendor: github.com/moby/sys/sequential v0.7.0 
- update minimum go version to 1.24
- use os.OpenFile with O_FILE_FLAG_SEQUENTIAL_SCAN on Go 1.26+

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-06-05 16:23:55 +02:00
Paweł Gronowski
dc8fcd6869 Merge pull request #52702 from renovate-bot/renovate/aws-sdk-go-v2-monorepo 
Update aws-sdk-go-v2 monorepo
 2026-06-05 14:56:01 +02:00
Mend Renovate
229fe84a19 Update module github.com/containerd/platforms to v1.0.0-rc.4 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-06-05 11:56:25 +00:00
Sebastiaan van Stijn
8be4fb8ef9 Merge pull request #52713 from renovate-bot/renovate/github.com-containerd-typeurl-v2-2.x 
Update module github.com/containerd/typeurl/v2 to v2.3.0
 2026-06-05 13:51:31 +02:00
Mend Renovate
87d173cd73 fix(deps): update aws-sdk-go-v2 monorepo 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-06-04 13:12:41 +00:00
Paweł Gronowski
bd54fafba9 vendor: github.com/moby/sys/mount v0.3.5-dev (fc52b7222d0b) 
full diff: https://github.com/moby/sys/mount/compare/v0.3.4...fc52b7222d0b

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
 2026-05-29 19:10:59 +02:00
Mend Renovate
e8315a29c4 fix(deps): update module github.com/containerd/typeurl/v2 to v2.3.0 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-05-28 17:49:11 +00:00
Sebastiaan van Stijn
20b17b9727 Merge pull request #52680 from renovate-bot/renovate/github.com-opencontainers-selinux-1.x 
fix(deps): update module github.com/opencontainers/selinux to v1.15.0
 2026-05-22 02:24:33 +02:00
Mend Renovate
2e61f4b067 fix(deps): update module github.com/opencontainers/selinux to v1.15.0 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-05-21 22:39:36 +00:00
Mend Renovate
ec2abbc300 fix(deps): update module github.com/containerd/containerd/v2 to v2.2.4 [security] 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-05-21 22:39:12 +00:00
Mend Renovate
ea952feee6 fix(deps): update module github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs to v1.74.0 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-05-18 13:32:20 +00:00
CrazyMax
60a04c7e9b vendor: update buildkit to v0.30.0 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-05-13 15:04:15 +02:00
Sebastiaan van Stijn
4c53ae5c2e Merge pull request #52603 from renovate-bot/renovate/github.com-opencontainers-selinux-1.x 
fix(deps): update module github.com/opencontainers/selinux to v1.14.1
 2026-05-12 16:02:57 +02:00
Mend Renovate
7f3b187795 fix(deps): update module github.com/opencontainers/selinux to v1.14.1 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-05-12 10:49:28 +00:00
Tonis Tiigi
5420d83a53 vendor: update buildkit to v0.30.0-rc2 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2026-05-11 15:21:24 -07:00
Paweł Gronowski
dac64f21ab Merge pull request #52559 from tonistiigi/update-buildkit-v0.30.0-rc1 
vendor: update buildkit to v0.30.0-rc1
 2026-05-11 19:57:51 +02:00
CrazyMax
00eb59541c vendor: update buildkit to 1da7e716224c 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2026-05-11 17:56:57 +02:00
Paweł Gronowski
fa88fea89d Merge pull request #52569 from renovate-bot/renovate/github.com-moby-policy-helpers-digest 
Update github.com/moby/policy-helpers digest to a39d601
 2026-05-11 14:08:41 +02:00
Mend Renovate
05c1fd6373 Update module github.com/opencontainers/selinux to v1.14.0 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-05-08 00:10:51 +02:00
Mend Renovate
17a4b09bb9 Update github.com/moby/policy-helpers digest to a39d601 
Signed-off-by: Mend Renovate <bot@renovateapp.com>
 2026-05-07 15:49:27 +00:00
Tonis Tiigi
f6319f0cc2 vendor: update buildkit to v0.30.0-rc1 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-05-07 10:38:00 +02:00
Sebastiaan van Stijn
bb2c5dc629 Merge pull request #52561 from renovate-bot/renovate/github.com-in-toto-in-toto-golang-0.x 
Update module github.com/in-toto/in-toto-golang to v0.11.0
 2026-05-07 10:37:50 +02:00