docker/buildx
1
0
Fork 0
mirror of https://gitea.com/Lydanne/buildx.git synced 2025-11-04 10:03:42 +08:00
Code Issues Packages Projects Releases 1 Wiki Activity
2,410 Commits 19 Branches 95 Tags
eff1850d53d8ce5fcaa3b2ce1966880ff61bb3d3
Commit Graph

20 Commits

Author SHA1 Message Date
Sebastiaan van Stijn
7f1eaa2a8a vendor: golang.org/x/net v0.23.0 
full diff: https://github.com/golang/net/compare/v0.22.0...v0.23.0

Includes a fix for CVE-2023-45288, which is also addressed in go1.22.2
and go1.21.9;

> http2: close connections when receiving too many headers
>
> Maintaining HPACK state requires that we parse and process
> all HEADERS and CONTINUATION frames on a connection.
> When a request's headers exceed MaxHeaderBytes, we don't
> allocate memory to store the excess headers but we do
> parse them. This permits an attacker to cause an HTTP/2
> endpoint to read arbitrary amounts of data, all associated
> with a request which is going to be rejected.
>
> Set a limit on the amount of excess header frames we
> will process before closing a connection.
>
> Thanks to Bartek Nowotarski for reporting this issue.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2024-04-10 17:22:06 +02:00
Sebastiaan van Stijn
fbddc9ebea vendor: golang.org/x/net v0.22.0, golang.org/x/crypto v0.21.0 
full diffs changes relevant to vendored code:

- https://github.com/golang/net/compare/v0.20.0...v0.22.0
    - http2: remove suspicious uint32->v conversion in frame code
    - http2: send an error of FLOW_CONTROL_ERROR when exceed the maximum octets
- https://github.com/golang/crypto/compare/v0.18.0...v0.21.0
    - x/crypto/internal/poly1305: improve sum_ppc64le.s

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2024-04-10 17:14:09 +02:00
CrazyMax
303e509bbf vendor: bump k8s dependencies to v0.29.2 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
 2024-02-24 16:41:41 +01:00
Justin Chadwell
adc839aa40 vendor: update buildkit to master@d5c1d785b042 
Signed-off-by: Justin Chadwell <me@jedevc.com>
 2023-10-23 14:48:50 +01:00
Sebastiaan van Stijn
a6f3f290b4 vendor: golang.org/x/net v0.10.0 
- http2: properly discard data received after request/response body is closed
- http2: don't reuse connections that are experiencing errors
- internal/socks: permit authenticating with an empty password

full diff: https://github.com/golang/net/compare/v0.8.0...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-07-25 09:05:20 +02:00
dependabot[bot]
7332140fdf build(deps): Bump golang.org/x/net from 0.5.0 to 0.7.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.5.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases)
- [Commits](https://github.com/golang/net/compare/v0.5.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-22 19:50:31 +00:00
Sebastiaan van Stijn
8ac380bfb3 vendor: golang.org/x/net v0.5.0 
full diff: https://github.com/golang/net/compare/v0.4.0...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-02-08 15:21:05 +01:00
Justin Chadwell
163712a23b vendor: update buildkit to 93b40706a007 
Signed-off-by: Justin Chadwell <me@jedevc.com>
 2022-12-13 11:03:53 +00:00
Justin Chadwell
36e663edda vendor: update buildkit to master@ae9d0f5 
Signed-off-by: Justin Chadwell <me@jedevc.com>
 2022-11-23 11:35:38 +00:00
Akihiro Suda
4dda2ad58b go.mod: golang.org/x/crypto v0.1.0 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2022-11-16 07:43:29 +09:00
CrazyMax
307c94e5c7 vendor: update buildkit to 2f99651 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
 2022-02-09 21:53:40 +01:00
Tonis Tiigi
9c3be32bc9 vendor: update buildkit to 539be170 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2021-12-16 11:42:02 -08:00
CrazyMax
eec1693f30 vendor: update buildkit 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
 2021-09-27 21:54:35 +02:00
Tonis Tiigi
334c93fbbe vendor: update buildkit to opentelemetry support 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2021-07-12 13:42:45 -07:00
Tonis Tiigi
d40a6082fa vendor: update buildkit to 8effd45b 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2021-03-22 15:54:07 -07:00
Tonis Tiigi
c41b006be1 vendor: update buildkit to 2943a0838 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2020-09-19 22:49:12 -07:00
Silvin Lubecki
bbc902b4d6 Bump buildkit to master and fix versions incompatible with go mod 1.13 
Bump github.com/gogo/googleapis to v1.3.2
Bump github.com/docker/cli to master

Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>
 2020-03-04 18:37:42 +01:00
ulyssessouza
3ff9abca3a Bump moby/buildkit 
Signed-off-by: ulyssessouza <ulyssessouza@gmail.com>
 2019-12-11 14:13:56 +01:00
Tonis Tiigi
b68b005f68 vendor: update buildkit to f238f1e 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-05-14 17:59:01 -07:00
Tonis Tiigi
fd8fbf21e6 vendor: initial vendor 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
 2019-03-22 16:27:37 -07:00