2018-10-28 21:54:15 -03:00
module github.com/goreleaser/goreleaser
2023-08-15 11:15:04 -03:00
go 1.21
2019-09-09 15:17:30 +02:00
2018-10-28 21:54:15 -03:00
require (
2023-09-20 11:32:07 -03:00
code.gitea.io/sdk/gitea v0.16.0
2023-07-31 16:32:36 +00:00
dario.cat/mergo v1.0.0
2023-04-23 13:52:42 -03:00
github.com/Masterminds/semver/v3 v3.2.1
2023-07-31 14:14:23 +00:00
github.com/atc0005/go-teams-notify/v2 v2.8.0
2023-11-18 13:39:49 -03:00
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8
2022-08-17 10:58:18 -03:00
github.com/caarlos0/ctrlc v1.2.0
2023-06-28 16:29:19 +00:00
github.com/caarlos0/env/v9 v9.0.0
2022-01-10 11:10:35 -03:00
github.com/caarlos0/go-reddit/v3 v3.0.1
2021-03-22 08:45:18 -03:00
github.com/caarlos0/go-shellwords v1.0.12
2023-04-30 14:19:55 -03:00
github.com/caarlos0/go-version v0.1.1
2023-10-16 08:18:55 -03:00
github.com/caarlos0/log v0.4.4
2023-10-07 15:17:16 +00:00
github.com/charmbracelet/keygen v0.5.0
2023-10-14 18:57:21 -03:00
github.com/charmbracelet/lipgloss v0.9.1
2023-10-10 23:16:27 -03:00
github.com/charmbracelet/x/exp/ordered v0.0.0-20231010190216-1cb11efc897d
2023-11-18 13:39:49 -03:00
github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589
2021-12-21 00:03:48 -03:00
github.com/dghubble/go-twitter v0.0.0-20211115160449-93a8679adecb
2022-12-08 09:41:38 -03:00
github.com/dghubble/oauth1 v0.7.2
2023-11-23 17:38:25 -03:00
github.com/disgoorg/disgo v0.17.0
2022-10-17 08:52:12 -03:00
github.com/disgoorg/snowflake/v2 v2.0.1
2023-01-16 22:34:49 -03:00
github.com/distribution/distribution/v3 v3.0.0-20221021092657-c47a966fded8
2021-10-29 14:02:33 -03:00
github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible
2023-08-03 09:34:13 -03:00
github.com/google/go-containerregistry v0.16.1
2023-10-14 22:04:41 +00:00
github.com/google/go-github/v56 v56.0.0
2023-11-23 17:38:08 -03:00
github.com/google/ko v0.15.1
2023-10-27 08:05:44 +00:00
github.com/google/uuid v1.4.0
2022-02-11 23:17:13 -03:00
github.com/goreleaser/fileglob v1.3.0
2023-10-30 08:42:52 +00:00
github.com/goreleaser/nfpm/v2 v2.34.0
2022-12-28 12:24:21 -03:00
github.com/hashicorp/go-multierror v1.1.1
2023-10-05 09:48:15 -03:00
github.com/invopop/jsonschema v0.12.0
2023-08-17 08:33:17 -03:00
github.com/jarcoal/httpmock v1.3.1
2023-05-11 12:38:19 +00:00
github.com/klauspost/pgzip v1.2.6
2022-11-17 17:40:00 -06:00
github.com/mattn/go-mastodon v0.0.6
2019-06-29 16:02:40 +02:00
github.com/mitchellh/go-homedir v1.1.0
2022-06-22 08:46:38 -03:00
github.com/muesli/mango-cobra v1.2.0
2022-01-18 10:17:52 -03:00
github.com/muesli/roff v0.1.0
2023-06-28 09:46:00 -03:00
github.com/muesli/termenv v0.15.2
2023-04-23 14:09:35 -03:00
github.com/ory/dockertest/v3 v3.10.0
2023-09-19 08:43:35 -03:00
github.com/slack-go/slack v0.12.3
2023-11-06 12:44:28 -03:00
github.com/spf13/cobra v1.8.0
2023-05-31 10:52:51 -03:00
github.com/stretchr/testify v1.8.4
2022-12-13 09:44:34 -03:00
github.com/ulikunitz/xz v0.5.11
2022-08-22 09:29:27 -03:00
github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1
2023-11-23 17:37:49 -03:00
github.com/xanzy/go-gitlab v0.94.0
2023-09-19 08:47:21 -03:00
gocloud.dev v0.34.0
2023-11-18 12:18:36 -03:00
golang.org/x/crypto v0.15.0
2023-11-18 13:39:25 -03:00
golang.org/x/oauth2 v0.14.0
2023-11-06 12:51:07 -03:00
golang.org/x/sync v0.5.0
2023-11-06 12:44:16 -03:00
golang.org/x/text v0.14.0
2023-11-18 12:18:36 -03:00
golang.org/x/tools v0.15.0
2021-10-26 20:02:03 +02:00
gopkg.in/mail.v2 v2.3.1
2022-06-02 09:01:47 -03:00
gopkg.in/yaml.v3 v3.0.1
2021-10-26 20:02:03 +02:00
2023-10-17 12:47:47 -03:00
require (
2023-11-18 13:39:49 -03:00
github.com/distribution/reference v0.5.0 // indirect
github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
2023-10-17 12:47:47 -03:00
github.com/sagikazarmark/locafero v0.3.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
2023-11-18 13:39:49 -03:00
github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect
2023-10-17 12:47:47 -03:00
github.com/sourcegraph/conc v0.3.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
2023-11-18 13:39:49 -03:00
gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
2023-10-17 12:47:47 -03:00
2021-08-24 20:49:11 -03:00
require (
2023-11-18 13:39:49 -03:00
cloud.google.com/go v0.110.9 // indirect
cloud.google.com/go/compute v1.23.2 // indirect
2023-02-05 12:09:06 -03:00
cloud.google.com/go/compute/metadata v0.2.3 // indirect
2023-11-18 13:39:49 -03:00
cloud.google.com/go/iam v1.1.4 // indirect
cloud.google.com/go/kms v1.15.4 // indirect
cloud.google.com/go/storage v1.33.0 // indirect
2021-11-13 22:23:11 -03:00
github.com/AlekSi/pointer v1.2.0 // indirect
2023-03-29 14:38:57 -03:00
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
2023-11-18 13:39:49 -03:00
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0 // indirect
2023-06-20 09:04:08 -03:00
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 // indirect
2023-01-11 09:09:51 -03:00
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
2023-07-20 09:56:26 -03:00
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.1.0 // indirect
2023-06-26 13:56:50 -03:00
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
2021-08-24 20:49:11 -03:00
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
2023-05-27 00:24:50 -03:00
github.com/Azure/go-autorest/autorest v0.11.29 // indirect
2023-06-20 09:04:08 -03:00
github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
2023-03-29 14:38:57 -03:00
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
2023-01-16 22:34:49 -03:00
github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
2021-08-24 20:49:11 -03:00
github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
2023-01-16 22:34:49 -03:00
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
2023-11-18 13:39:49 -03:00
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.0 // indirect
2023-06-26 13:56:50 -03:00
github.com/BurntSushi/toml v1.2.1 // indirect
2021-08-24 20:49:11 -03:00
github.com/Masterminds/goutils v1.1.1 // indirect
2023-06-26 13:20:47 -03:00
github.com/Masterminds/sprig/v3 v3.2.3 // indirect
2023-06-26 13:56:50 -03:00
github.com/Microsoft/go-winio v0.6.1 // indirect
2022-12-15 10:25:52 -03:00
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
2023-11-18 13:39:49 -03:00
github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
2023-06-26 13:20:47 -03:00
github.com/acomagu/bufpipe v1.0.4 // indirect
2023-01-16 22:34:49 -03:00
github.com/alessio/shellescape v1.4.1 // indirect
2023-05-03 23:11:29 -03:00
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
2023-11-18 13:39:49 -03:00
github.com/aws/aws-sdk-go v1.47.0 // indirect
github.com/aws/aws-sdk-go-v2 v1.21.2 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13 // indirect
github.com/aws/aws-sdk-go-v2/config v1.19.1 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
2023-08-02 08:25:44 +00:00
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.76 // indirect
2023-11-18 13:39:49 -03:00
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.1.4 // indirect
github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.14 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.36 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4 // indirect
github.com/aws/aws-sdk-go-v2/service/kms v1.24.7 // indirect
github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
github.com/aws/smithy-go v1.15.0 // indirect
2023-03-19 22:47:02 -03:00
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
2023-09-22 02:17:31 +00:00
github.com/bahlo/generic-list-go v0.2.0 // indirect
2023-01-16 22:34:49 -03:00
github.com/beorn7/perks v1.0.1 // indirect
2021-08-24 20:49:11 -03:00
github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb // indirect
2023-09-22 02:17:31 +00:00
github.com/buger/jsonparser v1.1.1 // indirect
2021-12-21 00:03:48 -03:00
github.com/cavaliergopher/cpio v1.0.1 // indirect
2023-11-18 13:39:49 -03:00
github.com/cenkalti/backoff/v4 v4.2.1 // indirect
2023-03-06 13:07:00 -03:00
github.com/cespare/xxhash/v2 v2.2.0 // indirect
2023-11-18 13:39:49 -03:00
github.com/cloudflare/circl v1.3.5 // indirect
2022-12-15 10:25:52 -03:00
github.com/containerd/continuity v0.3.0 // indirect
2023-03-20 09:58:29 -03:00
github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
2023-11-06 12:44:28 -03:00
github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
2023-10-17 12:47:47 -03:00
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
2023-09-22 02:17:31 +00:00
github.com/davidmz/go-pageant v1.0.2 // indirect
2021-12-21 00:03:48 -03:00
github.com/dghubble/sling v1.4.0 // indirect
2023-01-16 22:34:49 -03:00
github.com/dimchansky/utfbom v1.1.1 // indirect
2023-05-23 09:56:41 -03:00
github.com/disgoorg/json v1.1.0 // indirect
2023-11-18 13:39:49 -03:00
github.com/docker/cli v24.0.7+incompatible // indirect
github.com/docker/distribution v2.8.3+incompatible // indirect
2023-10-30 15:52:07 +00:00
github.com/docker/docker v24.0.7+incompatible // indirect
2023-11-18 13:39:49 -03:00
github.com/docker/docker-credential-helpers v0.8.0 // indirect
2022-12-15 10:25:52 -03:00
github.com/docker/go-connections v0.4.0 // indirect
2023-01-16 22:34:49 -03:00
github.com/docker/go-metrics v0.0.1 // indirect
2023-04-24 08:47:21 -03:00
github.com/docker/go-units v0.5.0
2023-05-02 09:06:35 -03:00
github.com/elliotchance/orderedmap/v2 v2.2.0 // indirect
2023-06-26 13:20:47 -03:00
github.com/emirpasic/gods v1.18.1 // indirect
2023-01-16 22:34:49 -03:00
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
2023-11-18 13:39:49 -03:00
github.com/fsnotify/fsnotify v1.7.0 // indirect
2023-09-22 02:17:31 +00:00
github.com/go-fed/httpsig v1.1.0 // indirect
2023-06-26 13:20:47 -03:00
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
github.com/go-git/go-billy/v5 v5.4.1 // indirect
github.com/go-git/go-git/v5 v5.7.0 // indirect
2023-01-16 22:34:49 -03:00
github.com/go-openapi/analysis v0.21.4 // indirect
2023-11-18 13:39:49 -03:00
github.com/go-openapi/errors v0.20.4 // indirect
github.com/go-openapi/jsonpointer v0.20.0 // indirect
2023-06-20 09:04:08 -03:00
github.com/go-openapi/jsonreference v0.20.2 // indirect
2023-01-16 22:34:49 -03:00
github.com/go-openapi/loads v0.21.2 // indirect
2023-05-03 23:11:29 -03:00
github.com/go-openapi/runtime v0.26.0 // indirect
github.com/go-openapi/spec v0.20.9 // indirect
github.com/go-openapi/strfmt v0.21.7 // indirect
2023-10-17 12:47:47 -03:00
github.com/go-openapi/swag v0.22.4 // indirect
2023-05-03 23:11:29 -03:00
github.com/go-openapi/validate v0.22.1 // indirect
2021-08-24 20:49:11 -03:00
github.com/gobwas/glob v0.2.3 // indirect
2022-12-15 10:25:52 -03:00
github.com/gogo/protobuf v1.3.2 // indirect
2023-05-27 00:24:50 -03:00
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
2021-08-24 20:49:11 -03:00
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
2023-03-19 22:28:33 -03:00
github.com/golang/protobuf v1.5.3 // indirect
2021-10-14 09:32:52 -03:00
github.com/google/go-querystring v1.1.0 // indirect
2023-07-20 09:56:26 -03:00
github.com/google/rpmpack v0.5.0 // indirect
2023-10-17 12:47:47 -03:00
github.com/google/s2a-go v0.1.7 // indirect
2023-03-29 14:38:57 -03:00
github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect
2022-12-15 10:25:52 -03:00
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
2021-08-24 20:49:11 -03:00
github.com/google/wire v0.5.0 // indirect
2023-11-18 13:39:49 -03:00
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
2023-07-20 09:56:26 -03:00
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
2023-06-26 13:20:47 -03:00
github.com/goreleaser/chglog v0.5.0 // indirect
2023-01-16 22:34:49 -03:00
github.com/gorilla/mux v1.8.0 // indirect
2023-11-23 17:38:25 -03:00
github.com/gorilla/websocket v1.5.1 // indirect
2022-12-28 12:24:21 -03:00
github.com/hashicorp/errwrap v1.1.0 // indirect
2022-06-02 09:02:24 -03:00
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
2023-11-18 13:39:49 -03:00
github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
2023-01-16 22:34:49 -03:00
github.com/hashicorp/go-version v1.6.0 // indirect
2023-11-18 13:39:49 -03:00
github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
2023-06-26 13:20:47 -03:00
github.com/huandu/xstrings v1.3.3 // indirect
2023-09-22 02:17:31 +00:00
github.com/imdario/mergo v0.3.16 // indirect
2023-03-20 09:58:29 -03:00
github.com/inconshreveable/mousetrap v1.1.0 // indirect
2021-08-24 20:49:11 -03:00
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
2023-01-16 22:34:49 -03:00
github.com/josharian/intern v1.0.0 // indirect
2023-06-26 13:20:47 -03:00
github.com/kevinburke/ssh_config v1.2.0 // indirect
2023-10-30 08:42:52 +00:00
github.com/klauspost/compress v1.17.2 // indirect
2022-10-05 09:49:30 -03:00
github.com/kylelemons/godebug v1.1.0 // indirect
2023-11-18 13:39:49 -03:00
github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
2022-06-21 21:11:15 -03:00
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
2023-02-05 12:09:06 -03:00
github.com/magiconair/properties v1.8.7 // indirect
2023-01-16 22:34:49 -03:00
github.com/mailru/easyjson v0.7.7 // indirect
2023-06-28 09:46:00 -03:00
github.com/mattn/go-isatty v0.0.18 // indirect
feat(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 (#4364)
from 0.8.0 to 0.9.0.
<summary>Release notes</summary>
<p><em>Sourced from <a
<h1>My, how the tables have turned</h1>
<p>Now you can draw <code>Table</code>s with Lip Gloss! 💅</p>
<!-- raw HTML omitted -->
<p>View <a
source code</a>.</p>
<h2>Let's get started</h2>
<pre lang="go"><code>import
<p>Define some rows of data.</p>
<pre lang="go"><code>rows := [][]string{
{"Chinese", "您好", "你好"},
{"Japanese", "こんにちは", "やあ"},
{"Arabic", "أهلين", "أهلا"},
{"Russian", "Здравствуйте", "Привет"},
{"Spanish", "Hola", "¿Qué tal?"},
<p>Use the table package to style and render the table.</p>
<pre lang="go"><code>t := table.New().
StyleFunc(func(row, col int) lipgloss.Style {
switch {
case row == 0:
return HeaderStyle
case row%2 == 0:
return EvenRowStyle
return OddRowStyle
<p>// You can also add tables row-by-row
t.Row("English", "You look absolutely fabulous.",
"How's it going?")
<!-- raw HTML omitted -->
<p>... (truncated)</p>
Feature: Tables (<a
feat: add <code>Middle</code> borders (<a
feat: bump minimum go version to 1.18 (<a
feat(deps): bump github.com/mattn/go-runewidth from 0.0.14 to 0.0.15 (<a
fix(border): both GetHorizontalBorderSize and GetVerticalBorderSize (<a
fix(border): GetBorderRightSize (<a
chore(deps): bump actions/checkout from 3 to 4 (<a
<li>See full diff in <a
<br />
[![Dependabot compatibility
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 09:05:53 -03:00
github.com/mattn/go-runewidth v0.0.15 // indirect
2021-11-13 22:23:11 -03:00
github.com/mitchellh/copystructure v1.2.0 // indirect
2022-12-15 10:25:52 -03:00
github.com/mitchellh/mapstructure v1.5.0 // indirect
2021-11-13 22:23:11 -03:00
github.com/mitchellh/reflectwalk v1.0.2 // indirect
2023-10-17 12:47:47 -03:00
github.com/moby/term v0.5.0 // indirect
2022-02-04 15:51:42 -03:00
github.com/muesli/mango v0.1.0 // indirect
github.com/muesli/mango-pflag v0.1.0 // indirect
2022-09-11 23:06:01 -03:00
github.com/muesli/reflow v0.3.0 // indirect
2023-01-16 22:34:49 -03:00
github.com/oklog/ulid v1.3.1 // indirect
2022-12-15 10:25:52 -03:00
github.com/opencontainers/go-digest v1.0.0 // indirect
2023-10-17 12:47:47 -03:00
github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
feat(deps): bump github.com/opencontainers/runc from 1.1.2 to 1.1.5 (#3896)
from 1.1.2 to 1.1.5.
<summary>Release notes</summary>
<p><em>Sourced from <a
<h2>runc 1.1.5 -- "囚われた屈辱は 反撃の嚆矢だ"</h2>
<p>This is the fifth patch release in the 1.1.z series of runc, which
three CVEs found in runc.</p>
<p>CVE-2023-25809 is a vulnerability involving rootless containers where
(under specific configurations), the container would have write access
to the /sys/fs/cgroup/user.slice/... cgroup hierarchy. No other
hierarchies on the host were affected. This vulnerability was
discovered by Akihiro Suda.
<p>CVE-2023-27561 was a regression which effectively re-introduced
CVE-2019-19921. This bug was present from v1.0.0-rc95 to v1.1.4. This
regression was discovered by <a
<p>CVE-2023-28642 is a variant of CVE-2023-27561 and was fixed by the
patch. This variant of the above vulnerability was reported by Lei
<p>In addition, the following other fixes are included in this
<li>Fix the inability to use <code>/dev/null</code> when inside a
container. (<a
<li>Fix changing the ownership of host's <code>/dev/null</code> caused
by fd redirection
(a regression in 1.1.1). (<a
<li>Fix rare runc exec/enter unshare error on older kernels, including
CentOS < 7.7. (<a
<li>nsexec: Check for errors in <code>write_log()</code>. (<a
<h3>Static Linking Notices</h3>
<p>The <code>runc</code> binary distributed with this release are
<em>statically linked</em> with
the following <a
LGPL-2.1</a> licensed libraries, with <code>runc</code> acting
as a "work that uses the Library":</p>
<li><a href="https://github.com/seccomp/libseccomp">libseccomp</a></li>
<p>The versions of these libraries were not modified from their upstream
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the
runc source code) may be used to exercise your rights under the
<p>However we strongly suggest that you make use of your distribution's
or download them from the authoritative upstream sources, especially
these libraries are related to the security of your containers.</p>
<!-- raw HTML omitted -->
<p>... (truncated)</p>
<p><em>Sourced from <a
<h2>[1.1.5] - 2023-03-29</h2>
<li>Prohibit container's <code>/proc</code> and <code>/sys</code> to be
symlinks (CVE-2019-19921,
CVE-2023-27561, CVE-2023-28642, <a
<li>rootless: rework /sys/fs/cgroup mounts to avoid exposing the host's
hierarchy into the container. (CVE-2023-25809)</li>
<li>Fix the inability to use <code>/dev/null</code> when inside a
container. (<a
<li>Fix changing the ownership of host's <code>/dev/null</code> caused
by fd redirection
(a regression in 1.1.1). (<a
<li>Fix rare runc exec/enter unshare error on older kernels, inlcuding
CentOS < 7.7. (<a
<li>nsexec: Check for errors in <code>write_log()</code>. (<a
<li>Various CI fixes and updates. (<a
<h2>[1.1.4] - 2022-08-24</h2>
<p>If you look for perfection, you'll never be content.</p>
<li>Fix mounting via wrong proc fd.
When the user and mount namespaces are used, and the bind mount is
followed by
the cgroup mount in the spec, the cgroup was mounted using the bind
mount fd. (<a
<li>Switch <code>kill()</code> in <code>libcontainer/nsenter</code> to
<code>sane_kill()</code>. (<a
<li>Fix "permission denied" error from <code>runc run</code>
on <code>noexec</code> fs. (<a
<li>Fix failed exec after <code>systemctl daemon-reload</code>.
Due to a regression in v1.1.3, the <code>DeviceAllow=char-pts rwm</code>
rule was no
longer added and was causing an error <code>open /dev/pts/0: operation
not permitted: unknown</code>
when systemd was reloaded. (<a
<li>Various CI fixes. (<a
<h2>[1.1.3] - 2022-06-09</h2>
<p>In the beginning there was nothing, which exploded.</p>
<li>Our seccomp <code>-ENOSYS</code> stub now correctly handles
multiplexed syscalls on
s390 and s390x. This solves the issue where syscalls the host kernel did
support would return <code>-EPERM</code> despite the existence of the
<code>-ENOSYS</code> stub
code (this was due to how s390x does syscall multiplexing). (<a
<li>Retry on dbus disconnect logic in libcontainer/cgroups/systemd now
works as
intended; this fix does not affect runc binary itself but is important
libcontainer users such as Kubernetes. (<a
<li>Inability to compile with recent clang due to an issue with
<!-- raw HTML omitted -->
<p>... (truncated)</p>
VERSION: release v1.1.5</li>
Merge pull request from GHSA-m8cg-xc2p-r3fc</li>
merge branch 'pr-3776' into release-1.1</li>
nsexec: retry unshare on EINVAL</li>
merge branch 'pr-3785' into release-1.1</li>
Prohibit /proc and /sys to be symlinks</li>
rootless: fix /sys/fs/cgroup mounts</li>
Merge pull request <a
from kinvolk/rata/nsfixes-backport</li>
nsexec: Check for errors in write_log()</li>
Merge pull request <a
from kolyshkin/1.1-fix-dev-null</li>
<li>Additional commits viewable in <a
<br />
[![Dependabot compatibility
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-29 14:37:12 -03:00
github.com/opencontainers/runc v1.1.5 // indirect
2023-01-16 22:34:49 -03:00
github.com/pelletier/go-toml v1.9.5 // indirect
2023-10-17 12:47:47 -03:00
github.com/pelletier/go-toml/v2 v2.1.0 // indirect
2023-06-26 13:20:47 -03:00
github.com/pjbgf/sha1cd v0.3.0 // indirect
2023-01-11 09:09:51 -03:00
github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
2021-08-24 20:49:11 -03:00
github.com/pkg/errors v0.9.1 // indirect
2023-10-17 12:47:47 -03:00
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
2023-11-18 13:39:49 -03:00
github.com/prometheus/client_golang v1.17.0 // indirect
github.com/prometheus/client_model v0.5.0 // indirect
github.com/prometheus/common v0.45.0 // indirect
github.com/prometheus/procfs v0.12.0 // indirect
2022-09-11 23:06:01 -03:00
github.com/rivo/uniseg v0.4.2 // indirect
2021-11-13 22:23:11 -03:00
github.com/russross/blackfriday/v2 v2.1.0 // indirect
2022-08-18 21:22:41 +02:00
github.com/sasha-s/go-csync v0.0.0-20210812194225-61421b77c44b // indirect
2021-08-24 20:49:11 -03:00
github.com/sergi/go-diff v1.2.0 // indirect
2023-06-26 13:20:47 -03:00
github.com/shopspring/decimal v1.2.0 // indirect
2023-11-18 13:39:49 -03:00
github.com/sigstore/cosign/v2 v2.2.1 // indirect
github.com/sigstore/rekor v1.3.3 // indirect
github.com/sigstore/sigstore v1.7.5 // indirect
2023-10-17 12:47:47 -03:00
github.com/sirupsen/logrus v1.9.3 // indirect
2023-06-26 13:20:47 -03:00
github.com/skeema/knownhosts v1.1.1 // indirect
2023-10-17 12:47:47 -03:00
github.com/spf13/afero v1.10.0 // indirect
2023-06-26 13:20:47 -03:00
github.com/spf13/cast v1.5.1 // indirect
2021-08-24 20:49:11 -03:00
github.com/spf13/pflag v1.0.5 // indirect
2023-10-17 12:47:47 -03:00
github.com/spf13/viper v1.17.0 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
2021-10-26 20:02:03 +02:00
github.com/technoweenie/multipartstreamer v1.0.1 // indirect
2023-01-16 22:34:49 -03:00
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
2022-11-17 17:40:00 -06:00
github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 // indirect
2023-11-18 13:39:49 -03:00
github.com/vbatts/tar-split v0.11.5 // indirect
2023-09-22 02:17:31 +00:00
github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect
2023-06-26 13:20:47 -03:00
github.com/xanzy/ssh-agent v0.3.3 // indirect
2023-01-16 22:34:49 -03:00
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
2022-12-15 10:25:52 -03:00
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
2022-08-16 01:00:17 -03:00
gitlab.com/digitalxero/go-conventional-commit v1.0.7 // indirect
2023-11-18 13:39:49 -03:00
go.mongodb.org/mongo-driver v1.12.1 // indirect
2023-01-11 09:09:51 -03:00
go.opencensus.io v0.24.0 // indirect
2023-07-20 09:56:26 -03:00
go.uber.org/automaxprocs v1.5.3
2023-11-18 13:39:49 -03:00
golang.org/x/exp v0.0.0-20231006140011-7918f672742d
2023-11-18 12:18:36 -03:00
golang.org/x/mod v0.14.0 // indirect
golang.org/x/net v0.18.0 // indirect
golang.org/x/sys v0.14.0 // indirect
golang.org/x/term v0.14.0 // indirect
2023-01-10 08:55:31 -03:00
golang.org/x/time v0.3.0 // indirect
2023-11-18 13:39:49 -03:00
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
google.golang.org/api v0.149.0 // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
google.golang.org/grpc v1.59.0 // indirect
feat(deps): bump the gomod-deps group with 3 updates (#4165)
Bumps the gomod-deps group with 3 updates:
[golang.org/x/oauth2](https://github.com/golang/oauth2) and
Updates `golang.org/x/crypto` from 0.10.0 to 0.11.0
go.mod: update golang.org/x dependencies</li>
x509roots: generate a stable sort, for real this time</li>
x509roots/fallback: add //go:build go1.20 to bundle.go</li>
ssh: add hmac-sha2-512</li>
x509roots: remove list hash and generation date, change ordering</li>
x509roots: fix generate script argument checking</li>
x509roots: use "generate" build tag</li>
ssh/test: set a timeout and WaitDelay on sshd subcommands</li>
<li>See full diff in <a
<br />
Updates `golang.org/x/oauth2` from 0.9.0 to 0.10.0
go.mod: update golang.org/x dependencies</li>
all: update dependencies to their latest versions</li>
<li>See full diff in <a
<br />
Updates `golang.org/x/tools` from 0.10.0 to 0.11.0
<summary>Release notes</summary>
<p><em>Sourced from <a
<p>This is a small release containing new integrations of vulnerability
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
setting to <code>"Imports"</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
<h2>Support changes</h2>
<p>This release removes support for the
<code>"experimentalUseInvalidMetadata"</code> setting, as
described in the <a
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<li>Imports-based scanning, enabled by the <a
"Imports"</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using "Run govulncheck to
verify" code actions or the <a
code lens on <code>go.mod</code> files.</li>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
alt="image" /></p>
<h2>Configuration changes</h2>
<li>The <a
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>"Imports"</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
setting controls the presence of code lenses that run the <a
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<p>A full list of all issues fixed can be found in the <a
To report a new problem, please file a new issue at <a
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@bcmills</code></a>, <a
href="https://github.com/dle8"><code>@dle8</code></a>, <a
href="https://github.com/findleyr"><code>@findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@pjweinbgo</code></a>, <a
<p>This release contains a fix for <a
a new crash during method completion on variables of type
<!-- raw HTML omitted -->
<p>... (truncated)</p>
go.mod: update golang.org/x dependencies</li>
go/ssa/interp: support conversions to slices of named bytes</li>
gopls/doc/contributing.md: document error handling strategies</li>
go/packages/gopackages: document -mode flag</li>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
gopls/internal/lsp/filecache: reduce GC frequency</li>
Revert "go/analysis: add Sizes that matches gc size
go/analysis: add Sizes that matches gc size computations</li>
go/vcs: delete</li>
<li>Additional commits viewable in <a
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-12 09:53:29 -03:00
google.golang.org/protobuf v1.31.0 // indirect
2021-10-26 20:02:03 +02:00
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
2023-01-16 22:34:49 -03:00
gopkg.in/ini.v1 v1.67.0 // indirect
2021-08-24 20:49:11 -03:00
gopkg.in/warnings.v0 v0.1.2 // indirect
2022-12-15 10:25:52 -03:00
gopkg.in/yaml.v2 v2.4.0 // indirect
2023-06-26 13:56:50 -03:00
sigs.k8s.io/kind v0.20.0 // indirect
2023-11-18 13:39:49 -03:00
sigs.k8s.io/yaml v1.4.0 // indirect
2021-08-24 20:49:11 -03:00