This version contains the CRI changes for user namespaces support.
Future patches will use the new fields in the CRI.
Updating the module without using the new fields doesn't cause any
behaviour change.
Updates: #7063
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
This commit hides types.Any from the diff package's interface. Clients
(incl. imgcrypt) shouldn't aware about gogo/protobuf.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
This commit upgrades github.com/containerd/typeurl to use typeurl.Any.
The interface hides gogo/protobuf/types.Any from containerd's Go client.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
- Upgrade github.com/containerd/imgcrypt to prepare for typeurl upgrade
(see https://github.com/containerd/imgcrypt/pull/72)
- Upgrade github.com/opencontainers/image-spec since imgcrypto needs at
least 1.0.2.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
By taking advantage of smarter traversal of dependencies, a
`go mod tidy` using Go 1.18 remove some items from go.sum.
Signed-off-by: Tom Godkin <tomgodkin@pm.me>
full diff: 32db794688...3147a52a75
This version contains a fix for CVE-2022-27191 (not sure if it affects us).
From the golang mailing list:
Hello gophers,
Version v0.0.0-20220315160706-3147a52a75dd of golang.org/x/crypto/ssh implements
client authentication support for signature algorithms based on SHA-2 for use with
existing RSA keys.
Previously, a client would fail to authenticate with RSA keys to servers that
reject signature algorithms based on SHA-1. This includes OpenSSH 8.8 by default
and—starting today March 15, 2022 for recently uploaded keys.
We are providing this announcement as the error (“ssh: unable to authenticate”)
might otherwise be difficult to troubleshoot.
Version v0.0.0-20220314234659-1baeb1ce4c0b (included in the version above) also
fixes a potential security issue where an attacker could cause a crash in a
golang.org/x/crypto/ssh server under these conditions:
- The server has been configured by passing a Signer to ServerConfig.AddHostKey.
- The Signer passed to AddHostKey does not also implement AlgorithmSigner.
- The Signer passed to AddHostKey does return a key of type “ssh-rsa” from its PublicKey method.
Servers that only use Signer implementations provided by the ssh package are
unaffected. This is CVE-2022-27191.
Alla prossima,
Filippo for the Go Security team
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/emicklei/go-restful/compare/v2.9.5...v3.7.3
- Switch to using go modules
- Add check for wildcard to fix CORS filter
- Add check on writer to prevent compression of response twice
- Add OPTIONS shortcut WebService receiver
- Add Route metadata to request attributes or allow adding attributes to routes
- Add wroteHeader set
- Enable content encoding on Handle and ServeHTTP
- Feat: support google custom verb
- Feature: override list of method allowed without content-type
- Fix Allow header not set on '405: Method Not Allowed' responses
- Fix Go 1.15: conversion from int to string yields a string of one rune
- Fix WriteError return value
- Fix: use request/response resulting from filter chain
- handle path params with prefixes and suffixes
- HTTP response body was broken, if struct to be converted to JSON has boolean value
- List available representations in 406 body
- Support describing response headers
- Unwrap function in filter chain + remove unused dispatchWithFilters
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/fsnotify/fsnotify/compare/v1.4.9...v1.5.1
Relevant changes:
- Fix unsafe pointer conversion
- Drop support/testing for Go 1.11 and earlier
- Update x/sys to latest
- add //go:build lines
- add go 1.17 to test matrix
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
