From 8789f016ea2d285889aa47947092b5665b24605c Mon Sep 17 00:00:00 2001 From: App Platform Runtime Working Group CI Bot Date: Tue, 31 Oct 2023 18:20:52 +0000 Subject: [PATCH] Update go.mod dependencies -------- index 46a32d3b..01081c59 100644 @@ -16,21 +16,21 @@ replace ( - code.cloudfoundry.org/archiver v0.0.0-20231017143912-de59b5b4f649 + code.cloudfoundry.org/archiver v0.0.0-20231025144553-f19bf6305121 code.cloudfoundry.org/clock v1.1.0 code.cloudfoundry.org/commandrunner v0.0.0-20230612151827-2b11a2b4e9b8 - code.cloudfoundry.org/debugserver v0.0.0-20231017143832-99af347b5a16 - code.cloudfoundry.org/garden v0.0.0-20231010181202-f61f4780fa7d + code.cloudfoundry.org/debugserver v0.0.0-20231025144512-5380d389e103 + code.cloudfoundry.org/garden v0.0.0-20231024181552-0abe26bb4e46 code.cloudfoundry.org/grootfs v0.30.0 - code.cloudfoundry.org/idmapper v0.0.0-20231010181327-52a77ac7ebed + code.cloudfoundry.org/idmapper v0.0.0-20231024181700-0f6c3ab3fadf code.cloudfoundry.org/lager/v3 v3.0.2 - code.cloudfoundry.org/localip v0.0.0-20231017144440-ef7ea823eb34 + code.cloudfoundry.org/localip v0.0.0-20231025145031-77dc93c89492 github.com/BurntSushi/toml v1.3.2 github.com/cloudfoundry/dropsonde v1.1.0 - github.com/cloudfoundry/gosigar v1.3.33 - github.com/containerd/containerd v1.7.7 + github.com/cloudfoundry/gosigar v1.3.34 + github.com/containerd/containerd v1.7.8 github.com/containerd/typeurl/v2 v2.1.1 - github.com/docker/docker v24.0.6+incompatible + github.com/docker/docker v24.0.7+incompatible github.com/eapache/go-resiliency v1.4.0 github.com/hashicorp/go-multierror v1.1.1 github.com/jessevdk/go-flags v1.5.1-0.20210607101731-3927b71304df github.com/mitchellh/copystructure v1.2.0 github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d github.com/onsi/ginkgo/v2 v2.13.0 - github.com/onsi/gomega v1.28.1 + github.com/onsi/gomega v1.29.0 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0-rc5 github.com/opencontainers/runc v1.1.9 --- go.mod | 32 ++--- go.sum | 61 +++++----- .../AdamKorcz/go-118-fuzz-build/testing/f.go | 24 ++-- .../github.com/containerd/containerd/Makefile | 5 + .../containerd/containerd/Vagrantfile | 2 +- .../cmd/containerd/command/oci-hook.go | 18 +-- .../containerd/containerd/oci/spec.go | 18 +++ .../github.com/containerd/containerd/pull.go | 19 ++- .../containerd/remotes/docker/authorizer.go | 16 +-- .../containerd/remotes/docker/config/hosts.go | 46 ++++--- .../containerd/remotes/docker/pusher.go | 11 +- .../containerd/runtime/v2/bundle.go | 8 +- .../runtime/v2/runc/manager/manager_linux.go | 7 +- .../runtime/v2/runc/task/service.go | 37 +++--- .../containerd/runtime/v2/runc/util.go | 17 +-- .../containerd/containerd/version/version.go | 2 +- .../github.com/containers/ocicrypt/Makefile | 1 + .../keywrap/pkcs11/keywrapper_pkcs11.go | 6 +- .../containers/ocicrypt/spec/spec.go | 10 +- vendor/github.com/go-logr/logr/README.md | 113 +++++++++++++++++- vendor/github.com/go-logr/logr/SECURITY.md | 18 +++ vendor/github.com/go-logr/logr/funcr/funcr.go | 48 ++++---- vendor/github.com/go-logr/logr/logr.go | 35 ++++-- vendor/github.com/google/uuid/CHANGELOG.md | 11 ++ vendor/github.com/google/uuid/CONTRIBUTING.md | 2 +- vendor/github.com/google/uuid/uuid.go | 26 +++- vendor/github.com/onsi/gomega/CHANGELOG.md | 5 + vendor/github.com/onsi/gomega/gomega_dsl.go | 2 +- vendor/github.com/onsi/gomega/matchers.go | 37 +++++- .../gomega/matchers/match_error_matcher.go | 25 +++- vendor/modules.txt | 34 +++--- 31 files changed, 494 insertions(+), 202 deletions(-) create mode 100644 vendor/github.com/go-logr/logr/SECURITY.md diff --git a/go.mod b/go.mod index 46a32d3bf..01081c596 100644 --- a/go.mod +++ b/go.mod @@ -16,21 +16,21 @@ replace ( ) require ( - code.cloudfoundry.org/archiver v0.0.0-20231017143912-de59b5b4f649 + code.cloudfoundry.org/archiver v0.0.0-20231025144553-f19bf6305121 code.cloudfoundry.org/clock v1.1.0 code.cloudfoundry.org/commandrunner v0.0.0-20230612151827-2b11a2b4e9b8 - code.cloudfoundry.org/debugserver v0.0.0-20231017143832-99af347b5a16 - code.cloudfoundry.org/garden v0.0.0-20231010181202-f61f4780fa7d + code.cloudfoundry.org/debugserver v0.0.0-20231025144512-5380d389e103 + code.cloudfoundry.org/garden v0.0.0-20231024181552-0abe26bb4e46 code.cloudfoundry.org/grootfs v0.30.0 - code.cloudfoundry.org/idmapper v0.0.0-20231010181327-52a77ac7ebed + code.cloudfoundry.org/idmapper v0.0.0-20231024181700-0f6c3ab3fadf code.cloudfoundry.org/lager/v3 v3.0.2 - code.cloudfoundry.org/localip v0.0.0-20231017144440-ef7ea823eb34 + code.cloudfoundry.org/localip v0.0.0-20231025145031-77dc93c89492 github.com/BurntSushi/toml v1.3.2 github.com/cloudfoundry/dropsonde v1.1.0 - github.com/cloudfoundry/gosigar v1.3.33 - github.com/containerd/containerd v1.7.7 + github.com/cloudfoundry/gosigar v1.3.34 + github.com/containerd/containerd v1.7.8 github.com/containerd/typeurl/v2 v2.1.1 - github.com/docker/docker v24.0.6+incompatible + github.com/docker/docker v24.0.7+incompatible github.com/eapache/go-resiliency v1.4.0 github.com/hashicorp/go-multierror v1.1.1 github.com/jessevdk/go-flags v1.5.1-0.20210607101731-3927b71304df @@ -38,7 +38,7 @@ require ( github.com/mitchellh/copystructure v1.2.0 github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d github.com/onsi/ginkgo/v2 v2.13.0 - github.com/onsi/gomega v1.28.1 + github.com/onsi/gomega v1.29.0 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0-rc5 github.com/opencontainers/runc v1.1.9 @@ -56,7 +56,7 @@ require ( require ( github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect - github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect + github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231024182747-cab165db8a0b // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/Microsoft/hcsshim v0.11.2 // indirect github.com/beorn7/perks v1.0.1 // indirect @@ -85,7 +85,7 @@ require ( github.com/containerd/zfs v1.1.0 // indirect github.com/containernetworking/cni v1.1.2 // indirect github.com/containernetworking/plugins v1.2.0 // indirect - github.com/containers/ocicrypt v1.1.8 // indirect + github.com/containers/ocicrypt v1.1.9 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect @@ -96,7 +96,7 @@ require ( github.com/emicklei/go-restful/v3 v3.10.1 // indirect github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/go-jose/go-jose/v3 v3.0.0 // indirect - github.com/go-logr/logr v1.2.4 // indirect + github.com/go-logr/logr v1.3.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect @@ -106,7 +106,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b // indirect - github.com/google/uuid v1.3.1 // indirect + github.com/google/uuid v1.4.0 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.2 // indirect @@ -169,9 +169,9 @@ require ( golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.14.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect + google.golang.org/genproto v0.0.0-20231030173426-d783a09b4405 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 // indirect google.golang.org/grpc v1.59.0 // indirect google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index 4b61973c6..11aa587e4 100644 --- a/go.sum +++ b/go.sum @@ -38,7 +38,7 @@ cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRY cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY= -cloud.google.com/go v0.110.8 h1:tyNdfIxjzaWctIiLYOTalaLKZ17SI44SKFW26QbOhME= +cloud.google.com/go v0.110.9 h1:e7ITSqGFFk4rbz/JFIqZh3G4VEHguhAL4BQcFlWtU68= cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= @@ -175,8 +175,8 @@ cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63 cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= -cloud.google.com/go/compute v1.23.1 h1:V97tBoDaZHb6leicZ1G6DLK2BAaZLJ/7+9BB/En3hR0= -cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78= +cloud.google.com/go/compute v1.23.2 h1:nWEMDhgbBkBJjfpVySqU4jgWdc22PLR0o4vEexZHers= +cloud.google.com/go/compute v1.23.2/go.mod h1:JJ0atRC0J/oWYiiVBmsSsrRnh92DhZPG4hFDcR04Rns= cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= @@ -599,26 +599,26 @@ cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoIS cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M= cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA= cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcPALq2CxzdePw= -code.cloudfoundry.org/archiver v0.0.0-20231017143912-de59b5b4f649 h1:KI9zfKujPJJyviu4CzDf1qzyPsovbh4L5xpjIIWebQA= -code.cloudfoundry.org/archiver v0.0.0-20231017143912-de59b5b4f649/go.mod h1:AlMz4JWvTqwZoQ+PE0A+UuJmh6naK70dOqOQul8akLc= +code.cloudfoundry.org/archiver v0.0.0-20231025144553-f19bf6305121 h1:yIefA44N8cTeL5/jpFwye7WNVaHAccAs8/p9utdS7+Y= +code.cloudfoundry.org/archiver v0.0.0-20231025144553-f19bf6305121/go.mod h1:f64UuUD58hF/xkn7st3nVork9nZuj5TB9rvhJpfBPgk= code.cloudfoundry.org/clock v1.1.0 h1:XLzC6W3Ah/Y7ht1rmZ6+QfPdt1iGWEAAtIZXgiaj57c= code.cloudfoundry.org/clock v1.1.0/go.mod h1:yA3fxddT9RINQL2XHS7PS+OXxKCGhfrZmlNUCIM6AKo= code.cloudfoundry.org/commandrunner v0.0.0-20230612151827-2b11a2b4e9b8 h1:RajW6zLaCYAyvZVf99up1qsaWF3EanV7uCOu0Co3Jx0= code.cloudfoundry.org/commandrunner v0.0.0-20230612151827-2b11a2b4e9b8/go.mod h1:B4Pih80MJdiTapEig6xvghCwosbFX4+s1Qm9KJSbxCM= -code.cloudfoundry.org/debugserver v0.0.0-20231017143832-99af347b5a16 h1:KPAxkXIR3M6E/4UWCZePeBuvt9S46/1o2yLPPV6eb9Y= -code.cloudfoundry.org/debugserver v0.0.0-20231017143832-99af347b5a16/go.mod h1:H+F04Zw/bN0SP5tm1C47R/hT74jycAre+8Yk2DS5dR0= +code.cloudfoundry.org/debugserver v0.0.0-20231025144512-5380d389e103 h1:AGr7oMmw9l46tdsx5ySsNgX1lN16e4eelu+Os9vjMSQ= +code.cloudfoundry.org/debugserver v0.0.0-20231025144512-5380d389e103/go.mod h1:85Rhzw+i1hIYxGpx4qQYcLevBpRqtZvz7ibYXBtsZeQ= code.cloudfoundry.org/lager/v3 v3.0.2 h1:H0dcQY+814G1Ea0e5K/AMaMpcr+Pe5Iv+AALJEwrP9U= code.cloudfoundry.org/lager/v3 v3.0.2/go.mod h1:zA6tOIWhr5uZUez+PGpdfBHDWQOfhOrr0cgKDagZPwk= -code.cloudfoundry.org/localip v0.0.0-20231017144440-ef7ea823eb34 h1:M9UsDMSKR+uLi//ZlbaNk78m92E+hkXagzpQ4cH0pUM= -code.cloudfoundry.org/localip v0.0.0-20231017144440-ef7ea823eb34/go.mod h1:wmI6WMAyDQyvqclm2qvKY2qYNPFWE6NA8E3tD+1AUAc= +code.cloudfoundry.org/localip v0.0.0-20231025145031-77dc93c89492 h1:Ti7hFm4iNvliYTtEIalgDt4vtc+EG9qF8Nh73KvCnx0= +code.cloudfoundry.org/localip v0.0.0-20231025145031-77dc93c89492/go.mod h1:KVeVYKquD4MmlyGOzuCOnlBs00rR/nMheCQU5eVzkuE= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= -github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 h1:59MxjQVfjXsBpLy+dbd2/ELV5ofnUkUZBvWSC85sheA= -github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU= +github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231024182747-cab165db8a0b h1:1GM/AjvtGhzcTjylr/eVKszlXw5S1g2mi31p0V2QfCk= +github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231024182747-cab165db8a0b/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU= github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= @@ -756,8 +756,8 @@ github.com/cilium/ebpf v0.9.1/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnx github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudfoundry/dropsonde v1.1.0 h1:nerhj8K0heOsv/U/Ddou5Esw56YlNeHHJH6MP9QlACQ= github.com/cloudfoundry/dropsonde v1.1.0/go.mod h1:OrkxsBrAvM8X0Ve9vaSNKLR+/Jeohu3+J0M4JEaTmnM= -github.com/cloudfoundry/gosigar v1.3.33 h1:lsn3UNy2iSD85AXj7y6CYtgB2Fb3sCIEuyuNXozCAqo= -github.com/cloudfoundry/gosigar v1.3.33/go.mod h1:DnkVoHZnc66oDi0JilJ0bUVVTQFnfXHw7to1Yn5hEmk= +github.com/cloudfoundry/gosigar v1.3.34 h1:s8RtqVSVap8gFyYUfDErS7ZUATkXYHkG2mAWSd5EJIY= +github.com/cloudfoundry/gosigar v1.3.34/go.mod h1:yvOokhHFPm+/CoLUBt2il5QR9lV9+CCuEFWi1Gh7Dyk= github.com/cloudfoundry/sonde-go v0.0.0-20230911203642-fa89d986ae20 h1:mlqnfrDRkWkO6HQ9CT0KkBZy5co/CgTX3xSmkuUNXHs= github.com/cloudfoundry/sonde-go v0.0.0-20230911203642-fa89d986ae20/go.mod h1:GiUWdcLKuM+RX4gSQBSHn3ADveMrRadWxuY6AFK5JNk= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= @@ -827,8 +827,8 @@ github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0 github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s= github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0NpumIq9ODB0kLtoE= github.com/containerd/containerd v1.6.8/go.mod h1:By6p5KqPK0/7/CgO/A6t/Gz+CUYUu2zf1hUaaymVXB0= -github.com/containerd/containerd v1.7.7 h1:QOC2K4A42RQpcrZyptP6z9EJZnlHfHJUfZrAAHe15q4= -github.com/containerd/containerd v1.7.7/go.mod h1:3c4XZv6VeT9qgf9GMTxNTMFxGJrGpI2vz1yk4ye+YY8= +github.com/containerd/containerd v1.7.8 h1:RkwgOW3AVUT3H/dyT0W03Dc8AzlpMG65lX48KftOFSM= +github.com/containerd/containerd v1.7.8/go.mod h1:L/Hn9qylJtUFT7cPeM0Sr3fATj+WjHwRQ0lyrYk3OPY= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= @@ -913,8 +913,8 @@ github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= github.com/containers/ocicrypt v1.1.3/go.mod h1:xpdkbVAuaH3WzbEabUd5yDsl9SwJA5pABH85425Es2g= github.com/containers/ocicrypt v1.1.6/go.mod h1:WgjxPWdTJMqYMjf3M6cuIFFA1/MpyyhIM99YInA+Rvc= -github.com/containers/ocicrypt v1.1.8 h1:saSBF0/8DyPUjzcxMVzL2OBUWCkvRvqIm75pu0ADSZk= -github.com/containers/ocicrypt v1.1.8/go.mod h1:jM362hyBtbwLMWzXQZTlkjKGAQf/BN/LFMtH0FIRt34= +github.com/containers/ocicrypt v1.1.9 h1:2Csfba4jse85Raxk5HIyEk8OwZNjRvfkhEGijOjIdEM= +github.com/containers/ocicrypt v1.1.9/go.mod h1:dTKx1918d8TDkxXvarscpNVY+lyPakPNFN4jwA9GBys= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -962,8 +962,8 @@ github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TT github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v24.0.6+incompatible h1:hceabKCtUgDqPu+qm0NgsaXf28Ljf4/pWFL7xjWWDgE= -github.com/docker/docker v24.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM= +github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= @@ -1054,8 +1054,9 @@ github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTg github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= @@ -1200,8 +1201,8 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= -github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= +github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg= @@ -1489,8 +1490,8 @@ github.com/onsi/gomega v1.27.1/go.mod h1:aHX5xOykVYzWOV4WqQy0sy8BQptgukenXpCXfad github.com/onsi/gomega v1.27.3/go.mod h1:5vG284IBtfDAmDyrK+eGyZmUgUlmi+Wngqo557cZ6Gw= github.com/onsi/gomega v1.27.4/go.mod h1:riYq/GJKh8hhoM01HN6Vmuy93AarCXCBGpvFDK3q3fQ= github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg= -github.com/onsi/gomega v1.28.1 h1:MijcGUbfYuznzK/5R4CPNoUP/9Xvuo20sXfEm6XxoTA= -github.com/onsi/gomega v1.28.1/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= +github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -2522,12 +2523,12 @@ google.golang.org/genproto v0.0.0-20230323212658-478b75c54725/go.mod h1:UUQDJDOl google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= -google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA= -google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI= -google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a h1:myvhA4is3vrit1a6NZCWBIwN0kNEnX21DJOJX/NvIfI= -google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:SUBoKXbI1Efip18FClrQVGjWcyd0QZd8KkvdP34t7ww= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc= +google.golang.org/genproto v0.0.0-20231030173426-d783a09b4405 h1:I6WNifs6pF9tNdSob2W24JtyxIYjzFB9qDlpUC76q+U= +google.golang.org/genproto v0.0.0-20231030173426-d783a09b4405/go.mod h1:3WDQMjmJk36UQhjQ89emUzb1mdaHcPeeAh4SCBKznB4= +google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k= +google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 h1:AB/lmRny7e2pLhFEYIbl5qkDAUt2h0ZRO4wGPhZf+ik= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405/go.mod h1:67X1fPuzjcrkymZzZV1vvkFeTn2Rvc6lYF9MYFGCcwE= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= diff --git a/vendor/github.com/AdamKorcz/go-118-fuzz-build/testing/f.go b/vendor/github.com/AdamKorcz/go-118-fuzz-build/testing/f.go index 3f4d9aeb6..1f77c5fd3 100644 --- a/vendor/github.com/AdamKorcz/go-118-fuzz-build/testing/f.go +++ b/vendor/github.com/AdamKorcz/go-118-fuzz-build/testing/f.go @@ -59,15 +59,15 @@ func (f *F) Fuzz(ff any) { newString.Elem().SetString(s) args = append(args, newString.Elem()) case "int": - randInt, err := fuzzConsumer.GetInt() + randInt, err := fuzzConsumer.GetUint64() if err != nil { return } newInt := reflect.New(v) - newInt.Elem().SetInt(int64(randInt)) + newInt.Elem().SetInt(int64(int(randInt))) args = append(args, newInt.Elem()) case "int8": - randInt, err := fuzzConsumer.GetInt() + randInt, err := fuzzConsumer.GetByte() if err != nil { return } @@ -75,7 +75,7 @@ func (f *F) Fuzz(ff any) { newInt.Elem().SetInt(int64(randInt)) args = append(args, newInt.Elem()) case "int16": - randInt, err := fuzzConsumer.GetInt() + randInt, err := fuzzConsumer.GetUint16() if err != nil { return } @@ -83,7 +83,7 @@ func (f *F) Fuzz(ff any) { newInt.Elem().SetInt(int64(randInt)) args = append(args, newInt.Elem()) case "int32": - randInt, err := fuzzConsumer.GetInt() + randInt, err := fuzzConsumer.GetUint32() if err != nil { return } @@ -91,7 +91,7 @@ func (f *F) Fuzz(ff any) { newInt.Elem().SetInt(int64(randInt)) args = append(args, newInt.Elem()) case "int64": - randInt, err := fuzzConsumer.GetInt() + randInt, err := fuzzConsumer.GetUint64() if err != nil { return } @@ -99,15 +99,15 @@ func (f *F) Fuzz(ff any) { newInt.Elem().SetInt(int64(randInt)) args = append(args, newInt.Elem()) case "uint": - randInt, err := fuzzConsumer.GetInt() + randInt, err := fuzzConsumer.GetUint64() if err != nil { return } newUint := reflect.New(v) - newUint.Elem().SetUint(uint64(randInt)) + newUint.Elem().SetUint(uint64(uint(randInt))) args = append(args, newUint.Elem()) case "uint8": - randInt, err := fuzzConsumer.GetInt() + randInt, err := fuzzConsumer.GetByte() if err != nil { return } @@ -171,17 +171,17 @@ func (f *F) Fuzz(ff any) { newBool.Elem().Set(reflect.ValueOf(randBool)) args = append(args, newBool.Elem()) default: - fmt.Println(v.String()) + panic(fmt.Sprintf("unsupported type: %s", v.String())) } } fn.Call(args) } func (f *F) Helper() {} func (c *F) Log(args ...any) { - fmt.Println(args...) + fmt.Print(args...) } func (c *F) Logf(format string, args ...any) { - fmt.Println(format, args) + fmt.Println(fmt.Sprintf(format, args...)) } func (c *F) Name() string { return "libFuzzer" } func (c *F) Setenv(key, value string) {} diff --git a/vendor/github.com/containerd/containerd/Makefile b/vendor/github.com/containerd/containerd/Makefile index 02a8aa202..905dfeda6 100644 --- a/vendor/github.com/containerd/containerd/Makefile +++ b/vendor/github.com/containerd/containerd/Makefile @@ -234,6 +234,11 @@ bin/cni-bridge-fp: integration/failpoint/cmd/cni-bridge-fp FORCE @echo "$(WHALE) $@" @$(GO) build ${GO_BUILD_FLAGS} -o $@ ./integration/failpoint/cmd/cni-bridge-fp +# build runc-fp as runc wrapper to support failpoint, only used by integration test +bin/runc-fp: integration/failpoint/cmd/runc-fp FORCE + @echo "$(WHALE) $@" + @$(GO) build ${GO_BUILD_FLAGS} -o $@ ./integration/failpoint/cmd/runc-fp + benchmark: ## run benchmarks tests @echo "$(WHALE) $@" @$(GO) test ${TESTFLAGS} -bench . -run Benchmark -test.root diff --git a/vendor/github.com/containerd/containerd/Vagrantfile b/vendor/github.com/containerd/containerd/Vagrantfile index dbe3ac7ec..7b7a3ad07 100644 --- a/vendor/github.com/containerd/containerd/Vagrantfile +++ b/vendor/github.com/containerd/containerd/Vagrantfile @@ -102,7 +102,7 @@ EOF config.vm.provision "install-golang", type: "shell", run: "once" do |sh| sh.upload_path = "/tmp/vagrant-install-golang" sh.env = { - 'GO_VERSION': ENV['GO_VERSION'] || "1.20.8", + 'GO_VERSION': ENV['GO_VERSION'] || "1.20.10", } sh.inline = <<~SHELL #!/usr/bin/env bash diff --git a/vendor/github.com/containerd/containerd/cmd/containerd/command/oci-hook.go b/vendor/github.com/containerd/containerd/cmd/containerd/command/oci-hook.go index 2592b3d5d..361ecacfc 100644 --- a/vendor/github.com/containerd/containerd/cmd/containerd/command/oci-hook.go +++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/oci-hook.go @@ -25,7 +25,8 @@ import ( "syscall" "text/template" - specs "github.com/opencontainers/runtime-spec/specs-go" + "github.com/containerd/containerd/oci" + "github.com/opencontainers/runtime-spec/specs-go" "github.com/urfave/cli" ) @@ -37,7 +38,8 @@ var ociHook = cli.Command{ if err != nil { return err } - spec, err := loadSpec(state.Bundle) + specFile := filepath.Join(state.Bundle, oci.ConfigFilename) + spec, err := loadSpec(specFile) if err != nil { return err } @@ -56,14 +58,16 @@ var ociHook = cli.Command{ }, } +// hookSpec is a shallow version of [oci.Spec] containing only the +// fields we need for the hook. We use a shallow struct to reduce +// the overhead of unmarshaling. type hookSpec struct { - Root struct { - Path string `json:"path"` - } `json:"root"` + // Root configures the container's root filesystem. + Root *specs.Root `json:"root,omitempty"` } -func loadSpec(bundle string) (*hookSpec, error) { - f, err := os.Open(filepath.Join(bundle, "config.json")) +func loadSpec(path string) (*hookSpec, error) { + f, err := os.Open(path) if err != nil { return nil, err } diff --git a/vendor/github.com/containerd/containerd/oci/spec.go b/vendor/github.com/containerd/containerd/oci/spec.go index bee3b44d6..9c3d7d3b3 100644 --- a/vendor/github.com/containerd/containerd/oci/spec.go +++ b/vendor/github.com/containerd/containerd/oci/spec.go @@ -18,6 +18,8 @@ package oci import ( "context" + "encoding/json" + "os" "path/filepath" "runtime" @@ -43,6 +45,22 @@ var ( // to be created without the "issues" with go vendoring and package imports type Spec = specs.Spec +const ConfigFilename = "config.json" + +// ReadSpec deserializes JSON into an OCI runtime Spec from a given path. +func ReadSpec(path string) (*Spec, error) { + f, err := os.Open(path) + if err != nil { + return nil, err + } + defer f.Close() + var s Spec + if err := json.NewDecoder(f).Decode(&s); err != nil { + return nil, err + } + return &s, nil +} + // GenerateSpec will generate a default spec from the provided image // for use as a containerd container func GenerateSpec(ctx context.Context, client Client, c *containers.Container, opts ...SpecOpts) (*Spec, error) { diff --git a/vendor/github.com/containerd/containerd/pull.go b/vendor/github.com/containerd/containerd/pull.go index 5d96c8cc7..c35278aa2 100644 --- a/vendor/github.com/containerd/containerd/pull.go +++ b/vendor/github.com/containerd/containerd/pull.go @@ -34,7 +34,8 @@ import ( ) const ( - pullSpanPrefix = "pull" + pullSpanPrefix = "pull" + convertedDockerSchema1LabelKey = "io.containerd.image/converted-docker-schema1" ) // Pull downloads the provided content into containerd's content store @@ -189,9 +190,10 @@ func (c *Client) fetch(ctx context.Context, rCtx *RemoteContext, ref string, lim var ( handler images.Handler - isConvertible bool - converterFunc func(context.Context, ocispec.Descriptor) (ocispec.Descriptor, error) - limiter *semaphore.Weighted + isConvertible bool + originalSchema1Digest string + converterFunc func(context.Context, ocispec.Descriptor) (ocispec.Descriptor, error) + limiter *semaphore.Weighted ) if desc.MediaType == images.MediaTypeDockerSchema1Manifest && rCtx.ConvertSchema1 { @@ -204,6 +206,8 @@ func (c *Client) fetch(ctx context.Context, rCtx *RemoteContext, ref string, lim converterFunc = func(ctx context.Context, _ ocispec.Descriptor) (ocispec.Descriptor, error) { return schema1Converter.Convert(ctx) } + + originalSchema1Digest = desc.Digest.String() } else { // Get all the children for a descriptor childrenHandler := images.ChildrenHandler(store) @@ -270,6 +274,13 @@ func (c *Client) fetch(ctx context.Context, rCtx *RemoteContext, ref string, lim } } + if originalSchema1Digest != "" { + if rCtx.Labels == nil { + rCtx.Labels = make(map[string]string) + } + rCtx.Labels[convertedDockerSchema1LabelKey] = originalSchema1Digest + } + return images.Image{ Name: name, Target: desc, diff --git a/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go b/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go index 8fc823144..9b3663cd1 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go @@ -186,15 +186,15 @@ func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.R return err } - if username != "" && secret != "" { - common := auth.TokenOptions{ - Username: username, - Secret: secret, - } - - a.handlers[host] = newAuthHandler(a.client, a.header, c.Scheme, common) - return nil + if username == "" || secret == "" { + return fmt.Errorf("%w: no basic auth credentials", ErrInvalidAuthorization) } + + a.handlers[host] = newAuthHandler(a.client, a.header, c.Scheme, auth.TokenOptions{ + Username: username, + Secret: secret, + }) + return nil } } return fmt.Errorf("failed to find supported auth scheme: %w", errdefs.ErrNotImplemented) diff --git a/vendor/github.com/containerd/containerd/remotes/docker/config/hosts.go b/vendor/github.com/containerd/containerd/remotes/docker/config/hosts.go index f604aa95c..6c719ded4 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/config/hosts.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/config/hosts.go @@ -101,12 +101,22 @@ func ConfigureHosts(ctx context.Context, options HostOptions) docker.RegistryHos hosts[len(hosts)-1].host = "registry-1.docker.io" } else if docker.IsLocalhost(host) { hosts[len(hosts)-1].host = host - if options.DefaultScheme == "" || options.DefaultScheme == "http" { - hosts[len(hosts)-1].scheme = "http" + if options.DefaultScheme == "" { + _, port, _ := net.SplitHostPort(host) + if port == "" || port == "443" { + // If port is default or 443, only use https + hosts[len(hosts)-1].scheme = "https" + } else { + // HTTP fallback logic will be used when protocol is ambiguous + hosts[len(hosts)-1].scheme = "http" + } - // Skipping TLS verification for localhost - var skipVerify = true - hosts[len(hosts)-1].skipVerify = &skipVerify + // When port is 80, protocol is not ambiguous + if port != "80" { + // Skipping TLS verification for localhost + var skipVerify = true + hosts[len(hosts)-1].skipVerify = &skipVerify + } } else { hosts[len(hosts)-1].scheme = options.DefaultScheme } @@ -122,13 +132,13 @@ func ConfigureHosts(ctx context.Context, options HostOptions) docker.RegistryHos hosts[len(hosts)-1].capabilities = docker.HostCapabilityPull | docker.HostCapabilityResolve | docker.HostCapabilityPush } - // explicitTLS indicates that TLS was explicitly configured and HTTP endpoints should + // tlsConfigured indicates that TLS was configured and HTTP endpoints should // attempt to use the TLS configuration before falling back to HTTP - var explicitTLS bool + var tlsConfigured bool var defaultTLSConfig *tls.Config if options.DefaultTLS != nil { - explicitTLS = true + tlsConfigured = true defaultTLSConfig = options.DefaultTLS } else { defaultTLSConfig = &tls.Config{} @@ -167,7 +177,7 @@ func ConfigureHosts(ctx context.Context, options HostOptions) docker.RegistryHos rhosts := make([]docker.RegistryHost, len(hosts)) for i, host := range hosts { // Allow setting for each host as well - explicitTLS := explicitTLS + explicitTLS := tlsConfigured if host.caCerts != nil || host.clientPairs != nil || host.skipVerify != nil { explicitTLS = true @@ -235,13 +245,19 @@ func ConfigureHosts(ctx context.Context, options HostOptions) docker.RegistryHos rhosts[i].Authorizer = authorizer } - // When TLS has been explicitly configured for the operation or host, use the - // docker.HTTPFallback roundtripper to catch TLS errors and re-attempt the request as http. - // This allows preference for https when configured but also catches TLS errors early enough - // in the request to avoid sending the request twice or consuming the request body. + // When TLS has been configured for the operation or host and + // the protocol from the port number is ambiguous, use the + // docker.HTTPFallback roundtripper to catch TLS errors and re-attempt the + // request as http. This allows preference for https when configured but + // also catches TLS errors early enough in the request to avoid sending + // the request twice or consuming the request body. if host.scheme == "http" && explicitTLS { - host.scheme = "https" - rhosts[i].Client.Transport = docker.HTTPFallback{RoundTripper: rhosts[i].Client.Transport} + _, port, _ := net.SplitHostPort(host.host) + if port != "" && port != "80" { + log.G(ctx).WithField("host", host.host).Info("host will try HTTPS first since it is configured for HTTP with a TLS configuration, consider changing host to HTTPS or removing unused TLS configuration") + host.scheme = "https" + rhosts[i].Client.Transport = docker.HTTPFallback{RoundTripper: rhosts[i].Client.Transport} + } } rhosts[i].Scheme = host.scheme diff --git a/vendor/github.com/containerd/containerd/remotes/docker/pusher.go b/vendor/github.com/containerd/containerd/remotes/docker/pusher.go index a1ff300d7..678e17e12 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/pusher.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/pusher.go @@ -249,13 +249,16 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str } if lurl.Host != lhost.Host || lhost.Scheme != lurl.Scheme { - lhost.Scheme = lurl.Scheme lhost.Host = lurl.Host - log.G(ctx).WithField("host", lhost.Host).WithField("scheme", lhost.Scheme).Debug("upload changed destination") - // Strip authorizer if change to host or scheme - lhost.Authorizer = nil + // Check if different than what was requested, accounting for fallback in the transport layer + requested := resp.Request.URL + if requested.Host != lhost.Host || requested.Scheme != lhost.Scheme { + // Strip authorizer if change to host or scheme + lhost.Authorizer = nil + log.G(ctx).WithField("host", lhost.Host).WithField("scheme", lhost.Scheme).Debug("upload changed destination, authorizer removed") + } } } q := lurl.Query() diff --git a/vendor/github.com/containerd/containerd/runtime/v2/bundle.go b/vendor/github.com/containerd/containerd/runtime/v2/bundle.go index 0e3c73d70..e7b5800c8 100644 --- a/vendor/github.com/containerd/containerd/runtime/v2/bundle.go +++ b/vendor/github.com/containerd/containerd/runtime/v2/bundle.go @@ -26,12 +26,11 @@ import ( "github.com/containerd/containerd/identifiers" "github.com/containerd/containerd/mount" "github.com/containerd/containerd/namespaces" + "github.com/containerd/containerd/oci" "github.com/containerd/typeurl/v2" "github.com/opencontainers/runtime-spec/specs-go" ) -const configFilename = "config.json" - // LoadBundle loads an existing bundle from disk func LoadBundle(ctx context.Context, root, id string) (*Bundle, error) { ns, err := namespaces.NamespaceRequired(ctx) @@ -107,9 +106,10 @@ func NewBundle(ctx context.Context, root, state, id string, spec typeurl.Any) (b } if spec := spec.GetValue(); spec != nil { // write the spec to the bundle - err = os.WriteFile(filepath.Join(b.Path, configFilename), spec, 0666) + specPath := filepath.Join(b.Path, oci.ConfigFilename) + err = os.WriteFile(specPath, spec, 0666) if err != nil { - return nil, fmt.Errorf("failed to write %s", configFilename) + return nil, fmt.Errorf("failed to write bundle spec: %w", err) } } return b, nil diff --git a/vendor/github.com/containerd/containerd/runtime/v2/runc/manager/manager_linux.go b/vendor/github.com/containerd/containerd/runtime/v2/runc/manager/manager_linux.go index ea4d4aa0f..8d20d89e1 100644 --- a/vendor/github.com/containerd/containerd/runtime/v2/runc/manager/manager_linux.go +++ b/vendor/github.com/containerd/containerd/runtime/v2/runc/manager/manager_linux.go @@ -32,6 +32,7 @@ import ( "github.com/containerd/containerd/log" "github.com/containerd/containerd/mount" "github.com/containerd/containerd/namespaces" + "github.com/containerd/containerd/oci" "github.com/containerd/containerd/pkg/process" "github.com/containerd/containerd/pkg/schedcore" "github.com/containerd/containerd/runtime/v2/runc" @@ -58,7 +59,11 @@ var groupLabels = []string{ "io.kubernetes.cri.sandbox-id", } +// spec is a shallow version of [oci.Spec] containing only the +// fields we need for the hook. We use a shallow struct to reduce +// the overhead of unmarshaling. type spec struct { + // Annotations contains arbitrary metadata for the container. Annotations map[string]string `json:"annotations,omitempty"` } @@ -97,7 +102,7 @@ func newCommand(ctx context.Context, id, containerdAddress, containerdTTRPCAddre } func readSpec() (*spec, error) { - f, err := os.Open("config.json") + f, err := os.Open(oci.ConfigFilename) if err != nil { return nil, err } diff --git a/vendor/github.com/containerd/containerd/runtime/v2/runc/task/service.go b/vendor/github.com/containerd/containerd/runtime/v2/runc/task/service.go index 43dfdf941..1cad32924 100644 --- a/vendor/github.com/containerd/containerd/runtime/v2/runc/task/service.go +++ b/vendor/github.com/containerd/containerd/runtime/v2/runc/task/service.go @@ -136,11 +136,14 @@ type containerProcess struct { // that its exit can be handled efficiently. If the process has already exited, // it handles the exit immediately. handleStarted should be called after the // event announcing the start of the process has been published. +// Note that handleStarted needs to be aware of whether s.mu is already held +// when it is called. If s.mu has been held, we don't need to lock it when +// calling handleProcessExit. // // The returned cleanup closure releases resources used to handle early exits. // It must be called before the caller of preStart returns, otherwise severe // memory leaks will occur. -func (s *service) preStart(c *runc.Container) (handleStarted func(*runc.Container, process.Process), cleanup func()) { +func (s *service) preStart(c *runc.Container) (handleStarted func(*runc.Container, process.Process, bool), cleanup func()) { exits := make(map[int][]runcC.Exit) s.lifecycleMu.Lock() @@ -164,7 +167,7 @@ func (s *service) preStart(c *runc.Container) (handleStarted func(*runc.Containe } } - handleStarted = func(c *runc.Container, p process.Process) { + handleStarted = func(c *runc.Container, p process.Process, muLocked bool) { var pid int if p != nil { pid = p.Pid() @@ -179,7 +182,13 @@ func (s *service) preStart(c *runc.Container) (handleStarted func(*runc.Containe } else if exited { s.lifecycleMu.Unlock() for _, ee := range ees { - s.handleProcessExit(ee, c, p) + if muLocked { + s.handleProcessExit(ee, c, p) + } else { + s.mu.Lock() + s.handleProcessExit(ee, c, p) + s.mu.Unlock() + } } } else { s.running[pid] = append(s.running[pid], containerProcess{ @@ -234,7 +243,7 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ * // could happen would also cause the container.Pid() call above to // nil-deference panic. proc, _ := container.Process("") - handleStarted(container, proc) + handleStarted(container, proc, true) return &taskAPI.CreateTaskResponse{ Pid: uint32(container.Pid()), @@ -261,7 +270,7 @@ func (s *service) Start(ctx context.Context, r *taskAPI.StartRequest) (*taskAPI. defer cleanup() p, err := container.Start(ctx, r) if err != nil { - handleStarted(container, p) + handleStarted(container, p, false) return nil, errdefs.ToGRPC(err) } @@ -301,7 +310,7 @@ func (s *service) Start(ctx context.Context, r *taskAPI.StartRequest) (*taskAPI. Pid: uint32(p.Pid()), }) } - handleStarted(container, p) + handleStarted(container, p, false) return &taskAPI.StartResponse{ Pid: uint32(p.Pid()), }, nil @@ -461,7 +470,7 @@ func (s *service) Pids(ctx context.Context, r *taskAPI.PidsRequest) (*taskAPI.Pi if err != nil { return nil, err } - pids, err := s.getContainerPids(ctx, r.ID) + pids, err := s.getContainerPids(ctx, container) if err != nil { return nil, errdefs.ToGRPC(err) } @@ -630,7 +639,9 @@ func (s *service) processExits() { s.lifecycleMu.Unlock() for _, cp := range cps { + s.mu.Lock() s.handleProcessExit(e, cp.Container, cp.Process) + s.mu.Unlock() } } } @@ -639,10 +650,8 @@ func (s *service) send(evt interface{}) { s.events <- evt } +// s.mu must be locked when calling handleProcessExit func (s *service) handleProcessExit(e runcC.Exit, c *runc.Container, p process.Process) { - s.mu.Lock() - defer s.mu.Unlock() - if ip, ok := p.(*process.Init); ok { // Ensure all children are killed if runc.ShouldKillAllOnExit(s.context, c.Bundle) { @@ -663,16 +672,12 @@ func (s *service) handleProcessExit(e runcC.Exit, c *runc.Container, p process.P }) } -func (s *service) getContainerPids(ctx context.Context, id string) ([]uint32, error) { - container, err := s.getContainer(id) - if err != nil { - return nil, err - } +func (s *service) getContainerPids(ctx context.Context, container *runc.Container) ([]uint32, error) { p, err := container.Process("") if err != nil { return nil, errdefs.ToGRPC(err) } - ps, err := p.(*process.Init).Runtime().Ps(ctx, id) + ps, err := p.(*process.Init).Runtime().Ps(ctx, container.ID) if err != nil { return nil, err } diff --git a/vendor/github.com/containerd/containerd/runtime/v2/runc/util.go b/vendor/github.com/containerd/containerd/runtime/v2/runc/util.go index 0cb31bdfe..6d101a3be 100644 --- a/vendor/github.com/containerd/containerd/runtime/v2/runc/util.go +++ b/vendor/github.com/containerd/containerd/runtime/v2/runc/util.go @@ -20,14 +20,13 @@ package runc import ( "context" - "encoding/json" - "os" "path/filepath" "github.com/containerd/containerd/api/events" "github.com/containerd/containerd/log" + "github.com/containerd/containerd/oci" "github.com/containerd/containerd/runtime" - specs "github.com/opencontainers/runtime-spec/specs-go" + "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" ) @@ -64,18 +63,14 @@ func GetTopic(e interface{}) string { // ShouldKillAllOnExit reads the bundle's OCI spec and returns true if // there is an error reading the spec or if the container has a private PID namespace func ShouldKillAllOnExit(ctx context.Context, bundlePath string) bool { - var bundleSpec specs.Spec - bundleConfigContents, err := os.ReadFile(filepath.Join(bundlePath, "config.json")) + spec, err := oci.ReadSpec(filepath.Join(bundlePath, oci.ConfigFilename)) if err != nil { log.G(ctx).WithError(err).Error("shouldKillAllOnExit: failed to read config.json") return true } - if err := json.Unmarshal(bundleConfigContents, &bundleSpec); err != nil { - log.G(ctx).WithError(err).Error("shouldKillAllOnExit: failed to unmarshal bundle json") - return true - } - if bundleSpec.Linux != nil { - for _, ns := range bundleSpec.Linux.Namespaces { + + if spec.Linux != nil { + for _, ns := range spec.Linux.Namespaces { if ns.Type == specs.PIDNamespace && ns.Path == "" { return false } diff --git a/vendor/github.com/containerd/containerd/version/version.go b/vendor/github.com/containerd/containerd/version/version.go index f4c10baec..0f9044c4c 100644 --- a/vendor/github.com/containerd/containerd/version/version.go +++ b/vendor/github.com/containerd/containerd/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.7.7+unknown" + Version = "1.7.8+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time. diff --git a/vendor/github.com/containers/ocicrypt/Makefile b/vendor/github.com/containers/ocicrypt/Makefile index dc9d98537..97ddeefbb 100644 --- a/vendor/github.com/containers/ocicrypt/Makefile +++ b/vendor/github.com/containers/ocicrypt/Makefile @@ -28,6 +28,7 @@ vendor: go mod tidy test: + go clean -testcache go test ./... -test.v generate-protobuf: diff --git a/vendor/github.com/containers/ocicrypt/keywrap/pkcs11/keywrapper_pkcs11.go b/vendor/github.com/containers/ocicrypt/keywrap/pkcs11/keywrapper_pkcs11.go index 236764d23..b9a83c536 100644 --- a/vendor/github.com/containers/ocicrypt/keywrap/pkcs11/keywrapper_pkcs11.go +++ b/vendor/github.com/containers/ocicrypt/keywrap/pkcs11/keywrapper_pkcs11.go @@ -41,7 +41,11 @@ func NewKeyWrapper() keywrap.KeyWrapper { // WrapKeys wraps the session key for recpients and encrypts the optsData, which // describe the symmetric key used for encrypting the layer func (kw *pkcs11KeyWrapper) WrapKeys(ec *config.EncryptConfig, optsData []byte) ([]byte, error) { - pkcs11Recipients, err := addPubKeys(&ec.DecryptConfig, append(ec.Parameters["pkcs11-pubkeys"], ec.Parameters["pkcs11-yamls"]...)) + // append({}, ...) allocates a fresh backing array, and that's necessary to guarantee concurrent calls to WrapKeys (as in c/image/copy.Image) + // can't race writing to the same backing array. + pubKeys := append([][]byte{}, ec.Parameters["pkcs11-pubkeys"]...) // In Go 1.21, slices.Clone(ec.Parameters["pkcs11-pubkeys"]) + pubKeys = append(pubKeys, ec.Parameters["pkcs11-yamls"]...) + pkcs11Recipients, err := addPubKeys(&ec.DecryptConfig, pubKeys) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/ocicrypt/spec/spec.go b/vendor/github.com/containers/ocicrypt/spec/spec.go index 8665f6f21..c0c171824 100644 --- a/vendor/github.com/containers/ocicrypt/spec/spec.go +++ b/vendor/github.com/containers/ocicrypt/spec/spec.go @@ -9,8 +9,12 @@ const ( MediaTypeLayerZstdEnc = "application/vnd.oci.image.layer.v1.tar+zstd+encrypted" // MediaTypeLayerNonDistributableEnc is MIME type used for non distributable encrypted layers. MediaTypeLayerNonDistributableEnc = "application/vnd.oci.image.layer.nondistributable.v1.tar+encrypted" - // MediaTypeLayerGzipEnc is MIME type used for non distributable encrypted gzip-compressed layers. + // MediaTypeLayerNonDistributableGzipEnc is MIME type used for non distributable encrypted gzip-compressed layers. MediaTypeLayerNonDistributableGzipEnc = "application/vnd.oci.image.layer.nondistributable.v1.tar+gzip+encrypted" - // MediaTypeLayerZstdEnc is MIME type used for non distributable encrypted zstd-compressed layers. - MediaTypeLayerNonDistributableZsdtEnc = "application/vnd.oci.image.layer.nondistributable.v1.tar+zstd+encrypted" + // MediaTypeLayerNonDistributableZstdEnc is MIME type used for non distributable encrypted zstd-compressed layers. + MediaTypeLayerNonDistributableZstdEnc = "application/vnd.oci.image.layer.nondistributable.v1.tar+zstd+encrypted" + // MediaTypeLayerNonDistributableZsdtEnc is MIME type used for non distributable encrypted zstd-compressed layers. + // + // Deprecated: Use [MediaTypeLayerNonDistributableZstdEnc]. + MediaTypeLayerNonDistributableZsdtEnc = MediaTypeLayerNonDistributableZstdEnc ) diff --git a/vendor/github.com/go-logr/logr/README.md b/vendor/github.com/go-logr/logr/README.md index ab5931181..a8c29bfbd 100644 --- a/vendor/github.com/go-logr/logr/README.md +++ b/vendor/github.com/go-logr/logr/README.md @@ -1,6 +1,7 @@ # A minimal logging API for Go [![Go Reference](https://pkg.go.dev/badge/github.com/go-logr/logr.svg)](https://pkg.go.dev/github.com/go-logr/logr) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/go-logr/logr/badge)](https://securityscorecards.dev/viewer/?platform=github.com&org=go-logr&repo=logr) logr offers an(other) opinion on how Go programs and libraries can do logging without becoming coupled to a particular logging implementation. This is not @@ -73,6 +74,29 @@ received: If the Go standard library had defined an interface for logging, this project probably would not be needed. Alas, here we are. +When the Go developers started developing such an interface with +[slog](https://github.com/golang/go/issues/56345), they adopted some of the +logr design but also left out some parts and changed others: + +| Feature | logr | slog | +|---------|------|------| +| High-level API | `Logger` (passed by value) | `Logger` (passed by [pointer](https://github.com/golang/go/issues/59126)) | +| Low-level API | `LogSink` | `Handler` | +| Stack unwinding | done by `LogSink` | done by `Logger` | +| Skipping helper functions | `WithCallDepth`, `WithCallStackHelper` | [not supported by Logger](https://github.com/golang/go/issues/59145) | +| Generating a value for logging on demand | `Marshaler` | `LogValuer` | +| Log levels | >= 0, higher meaning "less important" | positive and negative, with 0 for "info" and higher meaning "more important" | +| Error log entries | always logged, don't have a verbosity level | normal log entries with level >= `LevelError` | +| Passing logger via context | `NewContext`, `FromContext` | no API | +| Adding a name to a logger | `WithName` | no API | +| Modify verbosity of log entries in a call chain | `V` | no API | +| Grouping of key/value pairs | not supported | `WithGroup`, `GroupValue` | + +The high-level slog API is explicitly meant to be one of many different APIs +that can be layered on top of a shared `slog.Handler`. logr is one such +alternative API, with [interoperability](#slog-interoperability) provided by the [`slogr`](slogr) +package. + ### Inspiration Before you consider this package, please read [this blog post by the @@ -118,6 +142,91 @@ There are implementations for the following logging libraries: - **github.com/go-kit/log**: [gokitlogr](https://github.com/tonglil/gokitlogr) (also compatible with github.com/go-kit/kit/log since v0.12.0) - **bytes.Buffer** (writing to a buffer): [bufrlogr](https://github.com/tonglil/buflogr) (useful for ensuring values were logged, like during testing) +## slog interoperability + +Interoperability goes both ways, using the `logr.Logger` API with a `slog.Handler` +and using the `slog.Logger` API with a `logr.LogSink`. [slogr](./slogr) provides `NewLogr` and +`NewSlogHandler` API calls to convert between a `logr.Logger` and a `slog.Handler`. +As usual, `slog.New` can be used to wrap such a `slog.Handler` in the high-level +slog API. `slogr` itself leaves that to the caller. + +## Using a `logr.Sink` as backend for slog + +Ideally, a logr sink implementation should support both logr and slog by +implementing both the normal logr interface(s) and `slogr.SlogSink`. Because +of a conflict in the parameters of the common `Enabled` method, it is [not +possible to implement both slog.Handler and logr.Sink in the same +type](https://github.com/golang/go/issues/59110). + +If both are supported, log calls can go from the high-level APIs to the backend +without the need to convert parameters. `NewLogr` and `NewSlogHandler` can +convert back and forth without adding additional wrappers, with one exception: +when `Logger.V` was used to adjust the verbosity for a `slog.Handler`, then +`NewSlogHandler` has to use a wrapper which adjusts the verbosity for future +log calls. + +Such an implementation should also support values that implement specific +interfaces from both packages for logging (`logr.Marshaler`, `slog.LogValuer`, +`slog.GroupValue`). logr does not convert those. + +Not supporting slog has several drawbacks: +- Recording source code locations works correctly if the handler gets called + through `slog.Logger`, but may be wrong in other cases. That's because a + `logr.Sink` does its own stack unwinding instead of using the program counter + provided by the high-level API. +- slog levels <= 0 can be mapped to logr levels by negating the level without a + loss of information. But all slog levels > 0 (e.g. `slog.LevelWarning` as + used by `slog.Logger.Warn`) must be mapped to 0 before calling the sink + because logr does not support "more important than info" levels. +- The slog group concept is supported by prefixing each key in a key/value + pair with the group names, separated by a dot. For structured output like + JSON it would be better to group the key/value pairs inside an object. +- Special slog values and interfaces don't work as expected. +- The overhead is likely to be higher. + +These drawbacks are severe enough that applications using a mixture of slog and +logr should switch to a different backend. + +## Using a `slog.Handler` as backend for logr + +Using a plain `slog.Handler` without support for logr works better than the +other direction: +- All logr verbosity levels can be mapped 1:1 to their corresponding slog level + by negating them. +- Stack unwinding is done by the `slogr.SlogSink` and the resulting program + counter is passed to the `slog.Handler`. +- Names added via `Logger.WithName` are gathered and recorded in an additional + attribute with `logger` as key and the names separated by slash as value. +- `Logger.Error` is turned into a log record with `slog.LevelError` as level + and an additional attribute with `err` as key, if an error was provided. + +The main drawback is that `logr.Marshaler` will not be supported. Types should +ideally support both `logr.Marshaler` and `slog.Valuer`. If compatibility +with logr implementations without slog support is not important, then +`slog.Valuer` is sufficient. + +## Context support for slog + +Storing a logger in a `context.Context` is not supported by +slog. `logr.NewContext` and `logr.FromContext` can be used with slog like this +to fill this gap: + + func HandlerFromContext(ctx context.Context) slog.Handler { + logger, err := logr.FromContext(ctx) + if err == nil { + return slogr.NewSlogHandler(logger) + } + return slog.Default().Handler() + } + + func ContextWithHandler(ctx context.Context, handler slog.Handler) context.Context { + return logr.NewContext(ctx, slogr.NewLogr(handler)) + } + +The downside is that storing and retrieving a `slog.Handler` needs more +allocations compared to using a `logr.Logger`. Therefore the recommendation is +to use the `logr.Logger` API in code which uses contextual logging. + ## FAQ ### Conceptual @@ -241,7 +350,9 @@ Otherwise, you can start out with `0` as "you always want to see this", Then gradually choose levels in between as you need them, working your way down from 10 (for debug and trace style logs) and up from 1 (for chattier -info-type logs.) +info-type logs). For reference, slog pre-defines -4 for debug logs +(corresponds to 4 in logr), which matches what is +[recommended for Kubernetes](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md#what-method-to-use). #### How do I choose my keys? diff --git a/vendor/github.com/go-logr/logr/SECURITY.md b/vendor/github.com/go-logr/logr/SECURITY.md new file mode 100644 index 000000000..1ca756fc7 --- /dev/null +++ b/vendor/github.com/go-logr/logr/SECURITY.md @@ -0,0 +1,18 @@ +# Security Policy + +If you have discovered a security vulnerability in this project, please report it +privately. **Do not disclose it as a public issue.** This gives us time to work with you +to fix the issue before public exposure, reducing the chance that the exploit will be +used before a patch is released. + +You may submit the report in the following ways: + +- send an email to go-logr-security@googlegroups.com +- send us a [private vulnerability report](https://github.com/go-logr/logr/security/advisories/new) + +Please provide the following information in your report: + +- A description of the vulnerability and its impact +- How to reproduce the issue + +We ask that you give us 90 days to work on a fix before public exposure. diff --git a/vendor/github.com/go-logr/logr/funcr/funcr.go b/vendor/github.com/go-logr/logr/funcr/funcr.go index e52f0cd01..12e5807cc 100644 --- a/vendor/github.com/go-logr/logr/funcr/funcr.go +++ b/vendor/github.com/go-logr/logr/funcr/funcr.go @@ -116,17 +116,17 @@ type Options struct { // Equivalent hooks are offered for key-value pairs saved via // logr.Logger.WithValues or Formatter.AddValues (see RenderValuesHook) and // for user-provided pairs (see RenderArgsHook). - RenderBuiltinsHook func(kvList []interface{}) []interface{} + RenderBuiltinsHook func(kvList []any) []any // RenderValuesHook is the same as RenderBuiltinsHook, except that it is // only called for key-value pairs saved via logr.Logger.WithValues. See // RenderBuiltinsHook for more details. - RenderValuesHook func(kvList []interface{}) []interface{} + RenderValuesHook func(kvList []any) []any // RenderArgsHook is the same as RenderBuiltinsHook, except that it is only // called for key-value pairs passed directly to Info and Error. See // RenderBuiltinsHook for more details. - RenderArgsHook func(kvList []interface{}) []interface{} + RenderArgsHook func(kvList []any) []any // MaxLogDepth tells funcr how many levels of nested fields (e.g. a struct // that contains a struct, etc.) it may log. Every time it finds a struct, @@ -163,7 +163,7 @@ func (l fnlogger) WithName(name string) logr.LogSink { return &l } -func (l fnlogger) WithValues(kvList ...interface{}) logr.LogSink { +func (l fnlogger) WithValues(kvList ...any) logr.LogSink { l.Formatter.AddValues(kvList) return &l } @@ -173,12 +173,12 @@ func (l fnlogger) WithCallDepth(depth int) logr.LogSink { return &l } -func (l fnlogger) Info(level int, msg string, kvList ...interface{}) { +func (l fnlogger) Info(level int, msg string, kvList ...any) { prefix, args := l.FormatInfo(level, msg, kvList) l.write(prefix, args) } -func (l fnlogger) Error(err error, msg string, kvList ...interface{}) { +func (l fnlogger) Error(err error, msg string, kvList ...any) { prefix, args := l.FormatError(err, msg, kvList) l.write(prefix, args) } @@ -229,7 +229,7 @@ func newFormatter(opts Options, outfmt outputFormat) Formatter { type Formatter struct { outputFormat outputFormat prefix string - values []interface{} + values []any valuesStr string depth int opts *Options @@ -246,10 +246,10 @@ const ( ) // PseudoStruct is a list of key-value pairs that gets logged as a struct. -type PseudoStruct []interface{} +type PseudoStruct []any // render produces a log line, ready to use. -func (f Formatter) render(builtins, args []interface{}) string { +func (f Formatter) render(builtins, args []any) string { // Empirically bytes.Buffer is faster than strings.Builder for this. buf := bytes.NewBuffer(make([]byte, 0, 1024)) if f.outputFormat == outputJSON { @@ -292,7 +292,7 @@ func (f Formatter) render(builtins, args []interface{}) string { // This function returns a potentially modified version of kvList, which // ensures that there is a value for every key (adding a value if needed) and // that each key is a string (substituting a key if needed). -func (f Formatter) flatten(buf *bytes.Buffer, kvList []interface{}, continuing bool, escapeKeys bool) []interface{} { +func (f Formatter) flatten(buf *bytes.Buffer, kvList []any, continuing bool, escapeKeys bool) []any { // This logic overlaps with sanitize() but saves one type-cast per key, // which can be measurable. if len(kvList)%2 != 0 { @@ -334,7 +334,7 @@ func (f Formatter) flatten(buf *bytes.Buffer, kvList []interface{}, continuing b return kvList } -func (f Formatter) pretty(value interface{}) string { +func (f Formatter) pretty(value any) string { return f.prettyWithFlags(value, 0, 0) } @@ -343,7 +343,7 @@ const ( ) // TODO: This is not fast. Most of the overhead goes here. -func (f Formatter) prettyWithFlags(value interface{}, flags uint32, depth int) string { +func (f Formatter) prettyWithFlags(value any, flags uint32, depth int) string { if depth > f.opts.MaxLogDepth { return `""` } @@ -614,7 +614,7 @@ func isEmpty(v reflect.Value) bool { return false } -func invokeMarshaler(m logr.Marshaler) (ret interface{}) { +func invokeMarshaler(m logr.Marshaler) (ret any) { defer func() { if r := recover(); r != nil { ret = fmt.Sprintf("", r) @@ -675,12 +675,12 @@ func (f Formatter) caller() Caller { const noValue = "" -func (f Formatter) nonStringKey(v interface{}) string { +func (f Formatter) nonStringKey(v any) string { return fmt.Sprintf("", f.snippet(v)) } // snippet produces a short snippet string of an arbitrary value. -func (f Formatter) snippet(v interface{}) string { +func (f Formatter) snippet(v any) string { const snipLen = 16 snip := f.pretty(v) @@ -693,7 +693,7 @@ func (f Formatter) snippet(v interface{}) string { // sanitize ensures that a list of key-value pairs has a value for every key // (adding a value if needed) and that each key is a string (substituting a key // if needed). -func (f Formatter) sanitize(kvList []interface{}) []interface{} { +func (f Formatter) sanitize(kvList []any) []any { if len(kvList)%2 != 0 { kvList = append(kvList, noValue) } @@ -727,8 +727,8 @@ func (f Formatter) GetDepth() int { // FormatInfo renders an Info log message into strings. The prefix will be // empty when no names were set (via AddNames), or when the output is // configured for JSON. -func (f Formatter) FormatInfo(level int, msg string, kvList []interface{}) (prefix, argsStr string) { - args := make([]interface{}, 0, 64) // using a constant here impacts perf +func (f Formatter) FormatInfo(level int, msg string, kvList []any) (prefix, argsStr string) { + args := make([]any, 0, 64) // using a constant here impacts perf prefix = f.prefix if f.outputFormat == outputJSON { args = append(args, "logger", prefix) @@ -745,10 +745,10 @@ func (f Formatter) FormatInfo(level int, msg string, kvList []interface{}) (pref } // FormatError renders an Error log message into strings. The prefix will be -// empty when no names were set (via AddNames), or when the output is +// empty when no names were set (via AddNames), or when the output is // configured for JSON. -func (f Formatter) FormatError(err error, msg string, kvList []interface{}) (prefix, argsStr string) { - args := make([]interface{}, 0, 64) // using a constant here impacts perf +func (f Formatter) FormatError(err error, msg string, kvList []any) (prefix, argsStr string) { + args := make([]any, 0, 64) // using a constant here impacts perf prefix = f.prefix if f.outputFormat == outputJSON { args = append(args, "logger", prefix) @@ -761,12 +761,12 @@ func (f Formatter) FormatError(err error, msg string, kvList []interface{}) (pre args = append(args, "caller", f.caller()) } args = append(args, "msg", msg) - var loggableErr interface{} + var loggableErr any if err != nil { loggableErr = err.Error() } args = append(args, "error", loggableErr) - return f.prefix, f.render(args, kvList) + return prefix, f.render(args, kvList) } // AddName appends the specified name. funcr uses '/' characters to separate @@ -781,7 +781,7 @@ func (f *Formatter) AddName(name string) { // AddValues adds key-value pairs to the set of saved values to be logged with // each log line. -func (f *Formatter) AddValues(kvList []interface{}) { +func (f *Formatter) AddValues(kvList []any) { // Three slice args forces a copy. n := len(f.values) f.values = append(f.values[:n:n], kvList...) diff --git a/vendor/github.com/go-logr/logr/logr.go b/vendor/github.com/go-logr/logr/logr.go index e027aea3f..2a5075a18 100644 --- a/vendor/github.com/go-logr/logr/logr.go +++ b/vendor/github.com/go-logr/logr/logr.go @@ -127,9 +127,9 @@ limitations under the License. // such a value can call its methods without having to check whether the // instance is ready for use. // -// Calling methods with the null logger (Logger{}) as instance will crash -// because it has no LogSink. Therefore this null logger should never be passed -// around. For cases where passing a logger is optional, a pointer to Logger +// The zero logger (= Logger{}) is identical to Discard() and discards all log +// entries. Code that receives a Logger by value can simply call it, the methods +// will never crash. For cases where passing a logger is optional, a pointer to Logger // should be used. // // # Key Naming Conventions @@ -258,6 +258,12 @@ type Logger struct { // Enabled tests whether this Logger is enabled. For example, commandline // flags might be used to set the logging verbosity and disable some info logs. func (l Logger) Enabled() bool { + // Some implementations of LogSink look at the caller in Enabled (e.g. + // different verbosity levels per package or file), but we only pass one + // CallDepth in (via Init). This means that all calls from Logger to the + // LogSink's Enabled, Info, and Error methods must have the same number of + // frames. In other words, Logger methods can't call other Logger methods + // which call these LogSink methods unless we do it the same in all paths. return l.sink != nil && l.sink.Enabled(l.level) } @@ -267,11 +273,11 @@ func (l Logger) Enabled() bool { // line. The key/value pairs can then be used to add additional variable // information. The key/value pairs must alternate string keys and arbitrary // values. -func (l Logger) Info(msg string, keysAndValues ...interface{}) { +func (l Logger) Info(msg string, keysAndValues ...any) { if l.sink == nil { return } - if l.Enabled() { + if l.sink.Enabled(l.level) { // see comment in Enabled if withHelper, ok := l.sink.(CallStackHelperLogSink); ok { withHelper.GetCallStackHelper()() } @@ -289,7 +295,7 @@ func (l Logger) Info(msg string, keysAndValues ...interface{}) { // while the err argument should be used to attach the actual error that // triggered this log line, if present. The err parameter is optional // and nil may be passed instead of an error instance. -func (l Logger) Error(err error, msg string, keysAndValues ...interface{}) { +func (l Logger) Error(err error, msg string, keysAndValues ...any) { if l.sink == nil { return } @@ -314,9 +320,16 @@ func (l Logger) V(level int) Logger { return l } +// GetV returns the verbosity level of the logger. If the logger's LogSink is +// nil as in the Discard logger, this will always return 0. +func (l Logger) GetV() int { + // 0 if l.sink nil because of the if check in V above. + return l.level +} + // WithValues returns a new Logger instance with additional key/value pairs. // See Info for documentation on how key/value pairs work. -func (l Logger) WithValues(keysAndValues ...interface{}) Logger { +func (l Logger) WithValues(keysAndValues ...any) Logger { if l.sink == nil { return l } @@ -467,15 +480,15 @@ type LogSink interface { // The level argument is provided for optional logging. This method will // only be called when Enabled(level) is true. See Logger.Info for more // details. - Info(level int, msg string, keysAndValues ...interface{}) + Info(level int, msg string, keysAndValues ...any) // Error logs an error, with the given message and key/value pairs as // context. See Logger.Error for more details. - Error(err error, msg string, keysAndValues ...interface{}) + Error(err error, msg string, keysAndValues ...any) // WithValues returns a new LogSink with additional key/value pairs. See // Logger.WithValues for more details. - WithValues(keysAndValues ...interface{}) LogSink + WithValues(keysAndValues ...any) LogSink // WithName returns a new LogSink with the specified name appended. See // Logger.WithName for more details. @@ -546,5 +559,5 @@ type Marshaler interface { // with exported fields // // It may return any value of any type. - MarshalLog() interface{} + MarshalLog() any } diff --git a/vendor/github.com/google/uuid/CHANGELOG.md b/vendor/github.com/google/uuid/CHANGELOG.md index 2bd78667a..7ed347d3a 100644 --- a/vendor/github.com/google/uuid/CHANGELOG.md +++ b/vendor/github.com/google/uuid/CHANGELOG.md @@ -1,5 +1,16 @@ # Changelog +## [1.4.0](https://github.com/google/uuid/compare/v1.3.1...v1.4.0) (2023-10-26) + + +### Features + +* UUIDs slice type with Strings() convenience method ([#133](https://github.com/google/uuid/issues/133)) ([cd5fbbd](https://github.com/google/uuid/commit/cd5fbbdd02f3e3467ac18940e07e062be1f864b4)) + +### Fixes + +* Clarify that Parse's job is to parse but not necessarily validate strings. (Documents current behavior) + ## [1.3.1](https://github.com/google/uuid/compare/v1.3.0...v1.3.1) (2023-08-18) diff --git a/vendor/github.com/google/uuid/CONTRIBUTING.md b/vendor/github.com/google/uuid/CONTRIBUTING.md index 556688872..a502fdc51 100644 --- a/vendor/github.com/google/uuid/CONTRIBUTING.md +++ b/vendor/github.com/google/uuid/CONTRIBUTING.md @@ -11,7 +11,7 @@ please explain why in the pull request description. ### Releasing -Commits that would precipitate a SemVer change, as desrcibed in the Conventional +Commits that would precipitate a SemVer change, as described in the Conventional Commits Specification, will trigger [`release-please`](https://github.com/google-github-actions/release-please-action) to create a release candidate pull request. Once submitted, `release-please` will create a release. diff --git a/vendor/github.com/google/uuid/uuid.go b/vendor/github.com/google/uuid/uuid.go index a56138cc4..dc75f7d99 100644 --- a/vendor/github.com/google/uuid/uuid.go +++ b/vendor/github.com/google/uuid/uuid.go @@ -56,11 +56,15 @@ func IsInvalidLengthError(err error) bool { return ok } -// Parse decodes s into a UUID or returns an error. Both the standard UUID -// forms of xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx and -// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx are decoded as well as the -// Microsoft encoding {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} and the raw hex -// encoding: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +// Parse decodes s into a UUID or returns an error if it cannot be parsed. Both +// the standard UUID forms defined in RFC 4122 +// (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx and +// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) are decoded. In addition, +// Parse accepts non-standard strings such as the raw hex encoding +// xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx and 38 byte "Microsoft style" encodings, +// e.g. {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}. Only the middle 36 bytes are +// examined in the latter case. Parse should not be used to validate strings as +// it parses non-standard encodings as indicated above. func Parse(s string) (UUID, error) { var uuid UUID switch len(s) { @@ -294,3 +298,15 @@ func DisableRandPool() { poolMu.Lock() poolPos = randPoolSize } + +// UUIDs is a slice of UUID types. +type UUIDs []UUID + +// Strings returns a string slice containing the string form of each UUID in uuids. +func (uuids UUIDs) Strings() []string { + var uuidStrs = make([]string, len(uuids)) + for i, uuid := range uuids { + uuidStrs[i] = uuid.String() + } + return uuidStrs +} diff --git a/vendor/github.com/onsi/gomega/CHANGELOG.md b/vendor/github.com/onsi/gomega/CHANGELOG.md index 4f512a435..4fc45f29c 100644 --- a/vendor/github.com/onsi/gomega/CHANGELOG.md +++ b/vendor/github.com/onsi/gomega/CHANGELOG.md @@ -1,3 +1,8 @@ +## 1.29.0 + +### Features +- MatchError can now take an optional func(error) bool + description [2b39142] + ## 1.28.1 ### Maintenance diff --git a/vendor/github.com/onsi/gomega/gomega_dsl.go b/vendor/github.com/onsi/gomega/gomega_dsl.go index 0625053ef..ba082146a 100644 --- a/vendor/github.com/onsi/gomega/gomega_dsl.go +++ b/vendor/github.com/onsi/gomega/gomega_dsl.go @@ -22,7 +22,7 @@ import ( "github.com/onsi/gomega/types" ) -const GOMEGA_VERSION = "1.28.1" +const GOMEGA_VERSION = "1.29.0" const nilGomegaPanic = `You are trying to make an assertion, but haven't registered Gomega's fail handler. If you're using Ginkgo then you probably forgot to put your assertion in an It(). diff --git a/vendor/github.com/onsi/gomega/matchers.go b/vendor/github.com/onsi/gomega/matchers.go index 88f100432..cd3f431d2 100644 --- a/vendor/github.com/onsi/gomega/matchers.go +++ b/vendor/github.com/onsi/gomega/matchers.go @@ -88,19 +88,44 @@ func Succeed() types.GomegaMatcher { } // MatchError succeeds if actual is a non-nil error that matches the passed in -// string, error, or matcher. +// string, error, function, or matcher. // // These are valid use-cases: // -// Expect(err).Should(MatchError("an error")) //asserts that err.Error() == "an error" -// Expect(err).Should(MatchError(SomeError)) //asserts that err == SomeError (via reflect.DeepEqual) -// Expect(err).Should(MatchError(ContainSubstring("sprocket not found"))) // asserts that err.Error() contains substring "sprocket not found" +// When passed a string: +// +// Expect(err).To(MatchError("an error")) +// +// asserts that err.Error() == "an error" +// +// When passed an error: +// +// Expect(err).To(MatchError(SomeError)) +// +// First checks if errors.Is(err, SomeError). +// If that fails then it checks if reflect.DeepEqual(err, SomeError) repeatedly for err and any errors wrapped by err +// +// When passed a matcher: +// +// Expect(err).To(MatchError(ContainSubstring("sprocket not found"))) +// +// the matcher is passed err.Error(). In this case it asserts that err.Error() contains substring "sprocket not found" +// +// When passed a func(err) bool and a description: +// +// Expect(err).To(MatchError(os.IsNotExist, "IsNotExist")) +// +// the function is passed err and matches if the return value is true. The description is required to allow Gomega +// to print a useful error message. // // It is an error for err to be nil or an object that does not implement the // Error interface -func MatchError(expected interface{}) types.GomegaMatcher { +// +// The optional second argument is a description of the error function, if used. This is required when passing a function but is ignored in all other cases. +func MatchError(expected interface{}, functionErrorDescription ...any) types.GomegaMatcher { return &matchers.MatchErrorMatcher{ - Expected: expected, + Expected: expected, + FuncErrDescription: functionErrorDescription, } } diff --git a/vendor/github.com/onsi/gomega/matchers/match_error_matcher.go b/vendor/github.com/onsi/gomega/matchers/match_error_matcher.go index 827475ea5..c539dd389 100644 --- a/vendor/github.com/onsi/gomega/matchers/match_error_matcher.go +++ b/vendor/github.com/onsi/gomega/matchers/match_error_matcher.go @@ -9,10 +9,14 @@ import ( ) type MatchErrorMatcher struct { - Expected interface{} + Expected any + FuncErrDescription []any + isFunc bool } -func (matcher *MatchErrorMatcher) Match(actual interface{}) (success bool, err error) { +func (matcher *MatchErrorMatcher) Match(actual any) (success bool, err error) { + matcher.isFunc = false + if isNil(actual) { return false, fmt.Errorf("Expected an error, got nil") } @@ -42,6 +46,17 @@ func (matcher *MatchErrorMatcher) Match(actual interface{}) (success bool, err e return actualErr.Error() == expected, nil } + v := reflect.ValueOf(expected) + t := v.Type() + errorInterface := reflect.TypeOf((*error)(nil)).Elem() + if t.Kind() == reflect.Func && t.NumIn() == 1 && t.In(0).Implements(errorInterface) && t.NumOut() == 1 && t.Out(0).Kind() == reflect.Bool { + if len(matcher.FuncErrDescription) == 0 { + return false, fmt.Errorf("MatchError requires an additional description when passed a function") + } + matcher.isFunc = true + return v.Call([]reflect.Value{reflect.ValueOf(actualErr)})[0].Bool(), nil + } + var subMatcher omegaMatcher var hasSubMatcher bool if expected != nil { @@ -57,9 +72,15 @@ func (matcher *MatchErrorMatcher) Match(actual interface{}) (success bool, err e } func (matcher *MatchErrorMatcher) FailureMessage(actual interface{}) (message string) { + if matcher.isFunc { + return format.Message(actual, fmt.Sprintf("to match error function %s", matcher.FuncErrDescription[0])) + } return format.Message(actual, "to match error", matcher.Expected) } func (matcher *MatchErrorMatcher) NegatedFailureMessage(actual interface{}) (message string) { + if matcher.isFunc { + return format.Message(actual, fmt.Sprintf("not to match error function %s", matcher.FuncErrDescription[0])) + } return format.Message(actual, "not to match error", matcher.Expected) } diff --git a/vendor/modules.txt b/vendor/modules.txt index aadd6727b..194e1c013 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,4 +1,4 @@ -# code.cloudfoundry.org/archiver v0.0.0-20231017143912-de59b5b4f649 +# code.cloudfoundry.org/archiver v0.0.0-20231025144553-f19bf6305121 ## explicit; go 1.20 code.cloudfoundry.org/archiver/extractor/test_helper # code.cloudfoundry.org/clock v1.1.0 @@ -12,10 +12,10 @@ code.cloudfoundry.org/commandrunner/fake_command_runner code.cloudfoundry.org/commandrunner/fake_command_runner/matchers code.cloudfoundry.org/commandrunner/linux_command_runner code.cloudfoundry.org/commandrunner/windows_command_runner -# code.cloudfoundry.org/debugserver v0.0.0-20231017143832-99af347b5a16 +# code.cloudfoundry.org/debugserver v0.0.0-20231025144512-5380d389e103 ## explicit; go 1.19 code.cloudfoundry.org/debugserver -# code.cloudfoundry.org/garden v0.0.0-20231010181202-f61f4780fa7d => ../garden +# code.cloudfoundry.org/garden v0.0.0-20231024181552-0abe26bb4e46 => ../garden ## explicit; go 1.20 code.cloudfoundry.org/garden code.cloudfoundry.org/garden/client @@ -30,7 +30,7 @@ code.cloudfoundry.org/garden/transport # code.cloudfoundry.org/grootfs v0.30.0 => ../grootfs ## explicit; go 1.20 code.cloudfoundry.org/grootfs/commands/config -# code.cloudfoundry.org/idmapper v0.0.0-20231010181327-52a77ac7ebed => ../idmapper +# code.cloudfoundry.org/idmapper v0.0.0-20231024181700-0f6c3ab3fadf => ../idmapper ## explicit; go 1.18 code.cloudfoundry.org/idmapper # code.cloudfoundry.org/lager/v3 v3.0.2 @@ -40,13 +40,13 @@ code.cloudfoundry.org/lager/v3/chug code.cloudfoundry.org/lager/v3/internal/truncate code.cloudfoundry.org/lager/v3/lagerctx code.cloudfoundry.org/lager/v3/lagertest -# code.cloudfoundry.org/localip v0.0.0-20231017144440-ef7ea823eb34 +# code.cloudfoundry.org/localip v0.0.0-20231025145031-77dc93c89492 ## explicit; go 1.20 code.cloudfoundry.org/localip # github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 ## explicit; go 1.20 github.com/AdaLogics/go-fuzz-headers -# github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 +# github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231024182747-cab165db8a0b ## explicit; go 1.18 github.com/AdamKorcz/go-118-fuzz-build/testing # github.com/BurntSushi/toml v1.3.2 @@ -150,7 +150,7 @@ github.com/cloudfoundry/dropsonde/metric_sender/fake github.com/cloudfoundry/dropsonde/metricbatcher github.com/cloudfoundry/dropsonde/metrics github.com/cloudfoundry/dropsonde/runtime_stats -# github.com/cloudfoundry/gosigar v1.3.33 +# github.com/cloudfoundry/gosigar v1.3.34 ## explicit; go 1.21 github.com/cloudfoundry/gosigar github.com/cloudfoundry/gosigar/sys/windows @@ -182,7 +182,7 @@ github.com/containerd/cgroups/v3/cgroup2/stats # github.com/containerd/console v1.0.3 ## explicit; go 1.13 github.com/containerd/console -# github.com/containerd/containerd v1.7.7 +# github.com/containerd/containerd v1.7.8 ## explicit; go 1.19 github.com/containerd/containerd github.com/containerd/containerd/api/events @@ -498,7 +498,7 @@ github.com/containernetworking/cni/pkg/version # github.com/containernetworking/plugins v1.2.0 ## explicit; go 1.17 github.com/containernetworking/plugins/pkg/ns -# github.com/containers/ocicrypt v1.1.8 +# github.com/containers/ocicrypt v1.1.9 ## explicit; go 1.20 github.com/containers/ocicrypt github.com/containers/ocicrypt/blockcipher @@ -528,7 +528,7 @@ github.com/cyphar/filepath-securejoin # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/docker/docker v24.0.6+incompatible +# github.com/docker/docker v24.0.7+incompatible ## explicit github.com/docker/docker/pkg/reexec # github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c @@ -555,8 +555,8 @@ github.com/fsnotify/fsnotify github.com/go-jose/go-jose/v3 github.com/go-jose/go-jose/v3/cipher github.com/go-jose/go-jose/v3/json -# github.com/go-logr/logr v1.2.4 -## explicit; go 1.16 +# github.com/go-logr/logr v1.3.0 +## explicit; go 1.18 github.com/go-logr/logr github.com/go-logr/logr/funcr # github.com/go-logr/stdr v1.2.2 @@ -600,7 +600,7 @@ github.com/google/gofuzz/bytesource # github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b ## explicit; go 1.19 github.com/google/pprof/profile -# github.com/google/uuid v1.3.1 +# github.com/google/uuid v1.4.0 ## explicit github.com/google/uuid # github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 @@ -723,7 +723,7 @@ github.com/onsi/ginkgo/v2/internal/parallel_support github.com/onsi/ginkgo/v2/internal/testingtproxy github.com/onsi/ginkgo/v2/reporters github.com/onsi/ginkgo/v2/types -# github.com/onsi/gomega v1.28.1 +# github.com/onsi/gomega v1.29.0 ## explicit; go 1.18 github.com/onsi/gomega github.com/onsi/gomega/format @@ -1045,13 +1045,13 @@ google.golang.org/appengine/internal/log google.golang.org/appengine/internal/remote_api google.golang.org/appengine/internal/urlfetch google.golang.org/appengine/urlfetch -# google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b +# google.golang.org/genproto v0.0.0-20231030173426-d783a09b4405 ## explicit; go 1.19 google.golang.org/genproto/protobuf/field_mask -# google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a +# google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b ## explicit; go 1.19 google.golang.org/genproto/googleapis/api/httpbody -# google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b +# google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 ## explicit; go 1.19 google.golang.org/genproto/googleapis/rpc/code google.golang.org/genproto/googleapis/rpc/errdetails