Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-1.28] Bump github.com/docker/docker to v24.0.7+incompatible #3694

Merged
merged 1 commit into from
Nov 8, 2023
Merged

[release-1.28] Bump github.com/docker/docker to v24.0.7+incompatible #3694

merged 1 commit into from
Nov 8, 2023

Conversation

twz123
Copy link
Member

@twz123 twz123 commented Nov 7, 2023
edited
Loading

Description

This change hardens against CVE-2020-8694, CVE-2020-8695, and CVE-2020-12912, and the PLATYPUS attack. See GHSA-jq35-85cj-fj4p.

Moreover, this bumps some required dependencies as well:

  • github.com/docker/cli v24.0.6+incompatible
  • oras.land/oras-go v1.2.4

See:

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update

How Has This Been Tested?

  • Manual test
  • Auto test added

Checklist:

  • My code follows the style guidelines of this project
  • My commit messages are signed-off
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules
  • I have checked my code and corrected any misspellings

@twz123
Bump github.com/docker/docker to v24.0.7+incompatible
0697d46 
This change hardens against CVE-2020-8694, CVE-2020-8695, and CVE-2020-
12912, and the PLATYPUS attack. See GHSA-jq35-85cj-fj4p.

Moreover, this bumps some required dependencies as well:

* github.com/docker/cli v24.0.6+incompatible
* oras.land/oras-go v1.2.4

See: 8c958cf ("Bump github.com/docker/docker")
Signed-off-by: Tom Wieczorek <twieczorek@mirantis.com>
@twz123 twz123 added security fix dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Nov 7, 2023
@twz123 twz123 marked this pull request as ready for review November 7, 2023 10:17
@twz123 twz123 requested a review from a team as a code owner November 7, 2023 10:17
@twz123 twz123 requested review from kke and makhov November 7, 2023 10:17
@twz123 twz123 merged commit c3fb822 into k0sproject:release-1.28 Nov 8, 2023
74 checks passed
@twz123 twz123 deleted the bump-docker-24.0.7 branch November 8, 2023 07:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kke kke kke approved these changes

@makhov makhov Awaiting requested review from makhov makhov is a code owner automatically assigned from k0sproject/k0s-maintainers

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code security fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@twz123 @kke