Remzona54/compose
1
0
Fork 0
mirror of https://github.com/docker/compose.git synced 2026-05-13 13:58:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
5728 commits 30 branches 298 tags 55 MiB
Commit graph

869 commits

Author SHA1 Message Date
dependabot[bot]
4f69a8c997 build(deps): bump google.golang.org/grpc from 1.80.0 to 1.81.0 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.80.0 to 1.81.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.80.0...v1.81.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.81.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-07 14:42:07 +02:00
dependabot[bot]
9581337d2d build(deps): bump github.com/docker/cli 
Bumps [github.com/docker/cli](https://github.com/docker/cli) from 29.4.2+incompatible to 29.4.3+incompatible.
- [Commits](https://github.com/docker/cli/compare/v29.4.2...v29.4.3)

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-version: 29.4.3+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-07 14:01:30 +02:00
dependabot[bot]
e1267ec108 build(deps): bump github.com/moby/moby/client from 0.4.0 to 0.4.1 
Bumps [github.com/moby/moby/client](https://github.com/moby/moby) from 0.4.0 to 0.4.1.
- [Release notes](https://github.com/moby/moby/releases)
- [Changelog](https://github.com/moby/moby/blob/v0.4.1/CHANGELOG.md)
- [Commits](https://github.com/moby/moby/compare/v0.4.0...v0.4.1)

---
updated-dependencies:
- dependency-name: github.com/moby/moby/client
  dependency-version: 0.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-07 10:41:01 +02:00
dependabot[bot]
0fcbaff454 build(deps): bump github.com/docker/cli 
Bumps [github.com/docker/cli](https://github.com/docker/cli) from 29.4.0+incompatible to 29.4.2+incompatible.
- [Commits](https://github.com/docker/cli/compare/v29.4.0...v29.4.2)

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-version: 29.4.2+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-07 10:13:55 +02:00
dependabot[bot]
baaaaa3ff5 build(deps): bump github.com/mattn/go-shellwords from 1.0.12 to 1.0.13 
Bumps [github.com/mattn/go-shellwords](https://github.com/mattn/go-shellwords) from 1.0.12 to 1.0.13.
- [Commits](https://github.com/mattn/go-shellwords/compare/v1.0.12...v1.0.13)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-shellwords
  dependency-version: 1.0.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-16 09:25:55 +02:00
dependabot[bot]
6ed7625d43 build(deps): bump github.com/containerd/containerd/v2 
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) from 2.2.2 to 2.2.3.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v2.2.2...v2.2.3)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-15 11:35:57 +02:00
Guillaume Lours
ba417e4392 use new moby/moby modules instead of docker/docker dependency 
Signed-off-by: Guillaume Lours <glours@users.noreply.github.com>
 2026-04-08 08:50:50 +02:00
Guillaume Lours
9085f7bda1 bump compose-go to version v2.10.2 
Signed-off-by: Guillaume Lours <glours@users.noreply.github.com>
 2026-04-08 08:50:04 +02:00
Sebastiaan van Stijn
89e3517f29 build(deps): bump github.com/docker/cli v29.4.0 
full diff: https://github.com/docker/cli/compare/v29.3.1...v29.4.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-04-07 12:21:18 +02:00
Sebastiaan van Stijn
d1296c346d build(deps): github.com/moby/moby/client v0.4.0, moby/api v1.54.1 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-04-03 16:53:26 +02:00
dependabot[bot]
c1aefc74c8 build(deps): bump github.com/containerd/platforms 
Bumps [github.com/containerd/platforms](https://github.com/containerd/platforms) from 1.0.0-rc.3 to 1.0.0-rc.4.
- [Release notes](https://github.com/containerd/platforms/releases)
- [Commits](https://github.com/containerd/platforms/compare/v1.0.0-rc.3...v1.0.0-rc.4)

---
updated-dependencies:
- dependency-name: github.com/containerd/platforms
  dependency-version: 1.0.0-rc.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-02 21:32:33 +02:00
dependabot[bot]
148ad64eea build(deps): bump google.golang.org/grpc from 1.79.3 to 1.80.0 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.79.3 to 1.80.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.79.3...v1.80.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-02 21:17:16 +02:00
Sebastiaan van Stijn
3ecc082946 build(deps): bump github.com/docker/buildx v0.33.0, buildkit v0.29.0 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-04-01 08:48:39 +02:00
Sebastiaan van Stijn
92a7ac1fa2 fix mixed assertion libraries in tests 
Before this, assertion libraries were mixed, sometimes
even in the same file.

    git grep -l '"gotest.tools/v3/' | wc -l
    75
    git grep -l '"github.com/stretchr/testify' | wc -l
    24

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-03-31 17:32:51 +02:00
dependabot[bot]
3d2d03cd39 build(deps): bump github.com/hashicorp/go-version from 1.8.0 to 1.9.0 
Bumps [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/hashicorp/go-version/releases)
- [Changelog](https://github.com/hashicorp/go-version/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/go-version/compare/v1.8.0...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-version
  dependency-version: 1.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-31 11:14:29 +02:00
dependabot[bot]
fa9762b15d build(deps): bump github.com/docker/cli 
Bumps [github.com/docker/cli](https://github.com/docker/cli) from 29.2.1+incompatible to 29.3.1+incompatible.
- [Commits](https://github.com/docker/cli/compare/v29.2.1...v29.3.1)

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-version: 29.3.1+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-30 10:35:59 +02:00
Sebastiaan van Stijn
5bbdd239df pkg/compose: fix TestRunHook_ConsoleSize on macOS 
containerd/console is broken on macOS, and panics; use creack/pty
instead for this test.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-03-30 09:43:35 +02:00
Guillaume Lours
ef86a6ef0f build(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.42.0 
Fixes CVE-2026-24051 (PATH hijacking in otel SDK).
Bumps all otel packages to v1.42.0 for consistency.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Guillaume Lours <glours@users.noreply.github.com>
 2026-03-25 10:21:00 +01:00
dependabot[bot]
0c39d8a20f build(deps): bump github.com/moby/patternmatcher from 0.6.0 to 0.6.1 
Bumps [github.com/moby/patternmatcher](https://github.com/moby/patternmatcher) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/moby/patternmatcher/releases)
- [Commits](https://github.com/moby/patternmatcher/compare/v0.6.0...v0.6.1)

---
updated-dependencies:
- dependency-name: github.com/moby/patternmatcher
  dependency-version: 0.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-25 10:15:05 +01:00
dependabot[bot]
72bf113b0c build(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.78.0 to 1.79.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.78.0...v1.79.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.79.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-23 11:47:25 +01:00
dependabot[bot]
27d9d50630 build(deps): bump github.com/containerd/platforms 
Bumps [github.com/containerd/platforms](https://github.com/containerd/platforms) from 1.0.0-rc.2 to 1.0.0-rc.3.
- [Release notes](https://github.com/containerd/platforms/releases)
- [Commits](https://github.com/containerd/platforms/compare/v1.0.0-rc.2...v1.0.0-rc.3)

---
updated-dependencies:
- dependency-name: github.com/containerd/platforms
  dependency-version: 1.0.0-rc.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-23 10:15:37 +01:00
dependabot[bot]
e8c2143498 build(deps): bump github.com/moby/moby/client from 0.2.2 to 0.3.0 
Bumps [github.com/moby/moby/client](https://github.com/moby/moby) from 0.2.2 to 0.3.0.
- [Release notes](https://github.com/moby/moby/releases)
- [Changelog](https://github.com/moby/moby/blob/v0.3.0/CHANGELOG.md)
- [Commits](https://github.com/moby/moby/compare/v0.2.2...v0.3.0)

---
updated-dependencies:
- dependency-name: github.com/moby/moby/client
  dependency-version: 0.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-12 14:06:28 +01:00
dependabot[bot]
0ffb171173 build(deps): bump golang.org/x/sync from 0.19.0 to 0.20.0 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.19.0 to 0.20.0.
- [Commits](https://github.com/golang/sync/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-version: 0.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-12 14:06:03 +01:00
dependabot[bot]
eb6afa8d3d build(deps): bump github.com/containerd/containerd/v2 
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v2.2.1...v2.2.2)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-11 10:14:46 +01:00
dependabot[bot]
79d4fe3c14 build(deps): bump golang.org/x/sys from 0.41.0 to 0.42.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.41.0 to 0.42.0.
- [Commits](https://github.com/golang/sys/compare/v0.41.0...v0.42.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.42.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-09 10:15:41 +01:00
dependabot[bot]
ffa8576d92 build(deps): bump github.com/moby/moby/api from 1.53.0 to 1.54.0 
Bumps [github.com/moby/moby/api](https://github.com/moby/moby) from 1.53.0 to 1.54.0.
- [Release notes](https://github.com/moby/moby/releases)
- [Commits](https://github.com/moby/moby/compare/api/v1.53.0...api/v1.54.0)

---
updated-dependencies:
- dependency-name: github.com/moby/moby/api
  dependency-version: 1.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-06 10:14:55 +01:00
Sebastiaan van Stijn
8193d86d2f pkg/bridge: remove uses of go-connections 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-02-11 12:32:37 +01:00
Sebastiaan van Stijn
bfb5511d0d go.mod: bump github.com/moby/moby/api v1.53.0, moby/client v0.2.2 
Also update TestDefaultNetworkSettings:
Test that the network with the highest priority is returned as
"primary" network, and other networks as extra networks.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-02-11 12:32:37 +01:00
dependabot[bot]
7abaa06617 build(deps): bump go.yaml.in/yaml/v4 from 4.0.0-rc.3 to 4.0.0-rc.4 
Bumps [go.yaml.in/yaml/v4](https://github.com/yaml/go-yaml) from 4.0.0-rc.3 to 4.0.0-rc.4.
- [Commits](https://github.com/yaml/go-yaml/compare/v4.0.0-rc.3...v4.0.0-rc.4)

---
updated-dependencies:
- dependency-name: go.yaml.in/yaml/v4
  dependency-version: 4.0.0-rc.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-09 10:43:48 +01:00
dependabot[bot]
3b0e8f538e build(deps): bump golang.org/x/sys from 0.40.0 to 0.41.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.40.0 to 0.41.0.
- [Commits](https://github.com/golang/sys/compare/v0.40.0...v0.41.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-09 10:31:58 +01:00
hiroto.toyoda
06e1287483 fix: update github.com/moby/term to indirect dependency 
Signed-off-by: hiroto.toyoda <hiroto.toyoda@dena.com>
 2026-01-19 17:46:55 +01:00
Nicolas De Loof
27bf40357a Bump compose to v2.10.1 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2026-01-19 16:46:17 +01:00
Sebastiaan van Stijn
0a07df0e5b build(deps): bump github.com/sirupsen/logrus v1.9.4 
full diff: https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-01-15 19:45:49 +01:00
dependabot[bot]
f17d0dfc61 build(deps): bump github.com/go-viper/mapstructure/v2 
Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/go-viper/mapstructure/releases)
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-viper/mapstructure/compare/v2.4.0...v2.5.0)

---
updated-dependencies:
- dependency-name: github.com/go-viper/mapstructure/v2
  dependency-version: 2.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-13 10:21:23 +01:00
dependabot[bot]
ef14cfcfea build(deps): bump google.golang.org/grpc from 1.77.0 to 1.78.0 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.77.0 to 1.78.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.77.0...v1.78.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.78.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-12 17:50:14 +01:00
dependabot[bot]
a2a5c86f53 build(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.39.0 to 0.40.0.
- [Commits](https://github.com/golang/sys/compare/v0.39.0...v0.40.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-09 10:22:48 +01:00
Sebastiaan van Stijn
98e82127b3 build(deps): bump github.com/containerd/containerd/v2 to v2.2.1 
The pull request that was needed has been released now as part of v2.2.1;
full diff: https://github.com/containerd/containerd/compare/efd86f2b0bc2...v2.2.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-01-08 11:33:06 +01:00
Sebastiaan van Stijn
03e19e4a84 go.mod: remove exclude rules 
Commit 640c7deae0 added these exclude
rules as a temporary workaround until these transitive dependency
versions would be gone;

> downgrade go-difflib and go-spew to tagged releases
>
> These dependencies were updated to "master" in some modules we depend on,
> but have no code-changes since their last release. Unfortunately, this also
> causes a ripple effect, forcing all users of the containerd module to also
> update these dependencies to an unrelease / un-tagged version.
>
> Both these dependencies will unlikely do a new release in the near future,
> so exclude these versions so that we can downgrade to the current release.

Kubernetes, and other dependencies have reverted those bumps, so these
exclude rules are no longer needed.

This reverts commit 640c7deae0.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-01-08 07:07:57 +01:00
Sebastiaan van Stijn
b2c17ff118 build(deps): bump github.com/klauspost/compress to v1.18.2 
Fixes a regression in v1.18.1 that resulted in invalid flate/zip/gzip encoding.
The v1.18.1 tag has been retracted.

full diff: https://github.com/klauspost/compress/compare/v1.18.1...v1.18.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-01-07 14:03:12 +01:00
dependabot[bot]
232197d364 build(deps): bump github.com/moby/buildkit from 0.26.2 to 0.26.3 
Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.26.2 to 0.26.3.
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](https://github.com/moby/buildkit/compare/v0.26.2...v0.26.3)

---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
  dependency-version: 0.26.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-17 10:16:54 +01:00
dependabot[bot]
81ba889bee build(deps): bump tags.cncf.io/container-device-interface 
Bumps [tags.cncf.io/container-device-interface](https://github.com/cncf-tags/container-device-interface) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/cncf-tags/container-device-interface/releases)
- [Changelog](https://github.com/cncf-tags/container-device-interface/blob/main/RELEASE.md)
- [Commits](https://github.com/cncf-tags/container-device-interface/compare/v1.0.1...v1.1.0)

---
updated-dependencies:
- dependency-name: tags.cncf.io/container-device-interface
  dependency-version: 1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-16 09:34:43 +01:00
Nicolas De Loof
1297f97aef prefer aec library over raw ANSI sequences 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2025-12-15 16:36:57 +01:00
dependabot[bot]
4f419e5098 build(deps): bump golang.org/x/sync from 0.18.0 to 0.19.0 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.18.0 to 0.19.0.
- [Commits](https://github.com/golang/sync/compare/v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-version: 0.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-11 17:13:15 +01:00
dependabot[bot]
ac211e6e51 build(deps): bump github.com/docker/cli-docs-tool from 0.10.0 to 0.11.0 
Bumps [github.com/docker/cli-docs-tool](https://github.com/docker/cli-docs-tool) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/docker/cli-docs-tool/releases)
- [Commits](https://github.com/docker/cli-docs-tool/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: github.com/docker/cli-docs-tool
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-10 10:14:31 +01:00
Austin Vazquez
778a627b8e Set Go min version to absolute minimum version required 
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
 2025-12-09 20:33:00 +01:00
dependabot[bot]
3e206fdcc6 build(deps): bump golang.org/x/sys from 0.38.0 to 0.39.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.38.0 to 0.39.0.
- [Commits](https://github.com/golang/sys/compare/v0.38.0...v0.39.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-09 16:18:09 +01:00
Austin Vazquez
08de90c267 bump golang 1.24.11 
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
 2025-12-03 19:30:45 +01:00
Nicolas De Loof
72f4d655ef Bump compose go to v2.10.0 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2025-12-01 17:19:40 +01:00
Sebastiaan van Stijn
6ee7146354 build(deps): bump golang.org/x/crypto v0.45.0 
full diff: https://github.com/golang/crypto/compare/v0.44.0...v0.45.0

Hello gophers,

We have tagged version v0.45.0 of golang.org/x/crypto in order to address two
security issues.

This version fixes a vulnerability in the golang.org/x/crypto/ssh package and a
vulnerability in the golang.org/x/crypto/ssh/agent package which could cause
programs to consume unbounded memory or panic respectively.

SSH servers parsing GSSAPI authentication requests don't validate the number of
mechanisms specified in the request, allowing an attacker to cause unbounded
memory consumption.

Thanks to Jakub Ciolek for reporting this issue.

This is CVE-2025-58181 and Go issue https://go.dev/issue/76363.

SSH Agent servers do not validate the size of messages when processing new
identity requests, which may cause the program to panic if the message is
malformed due to an out of bounds read.

Thanks to Jakub Ciolek for reporting this issue.

This is CVE-2025-47914 and Go issue https://go.dev/issue/76364.

Cheers, Go Security team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-28 15:44:55 +01:00
dependabot[bot]
f28503426c build(deps): bump github.com/hashicorp/go-version from 1.7.0 to 1.8.0 
Bumps [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/hashicorp/go-version/releases)
- [Changelog](https://github.com/hashicorp/go-version/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/go-version/compare/v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-version
  dependency-version: 1.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-28 10:13:47 +01:00