build(deps): bump the go_modules group across 7 directories with 14 updates

[dependabot]

Bumps the go_modules group with 2 updates in the /engine/k8s-manager directory: google.golang.org/grpc and gopkg.in/yaml.v3.
Bumps the go_modules group with 6 updates in the /engine/mongo-writer directory:

Package	From	To
google.golang.org/protobuf	1.27.1	1.33.0
golang.org/x/sys	0.0.0-20220209214540-3681064d5158	0.1.0
golang.org/x/text	0.3.7	0.3.8
gopkg.in/yaml.v3	3.0.0-20210107192922-496545a6307b	3.0.0
go.mongodb.org/mongo-driver	1.3.5	1.17.1
github.com/nats-io/nats-server/v2	2.1.7	2.9.23

Bumps the go_modules group with 5 updates in the /engine/nats-manager directory:

Package	From	To
google.golang.org/grpc	1.49.0	1.56.3
github.com/nats-io/nats-server/v2	2.9.1	2.9.23
github.com/containerd/containerd	1.6.19	1.6.26
github.com/docker/distribution	2.8.1+incompatible	2.8.2+incompatible
github.com/docker/docker	23.0.1+incompatible	25.0.6+incompatible

Bumps the go_modules group with 7 updates in the /krt-template/greeter/src/go-greeter directory:

Package	From	To
google.golang.org/protobuf	1.25.0	1.33.0
golang.org/x/sys	0.0.0-20210510120138-977fb7262007	0.1.0
golang.org/x/text	0.3.3	0.3.8
gopkg.in/yaml.v3	3.0.0-20200615113413-eeeca48fe776	3.0.0
go.mongodb.org/mongo-driver	1.3.5	1.17.1
github.com/labstack/echo/v4	4.1.11	4.9.0
github.com/nats-io/jwt	0.3.2	2.4.0+incompatible

Bumps the go_modules group with 5 updates in the /libs/krt-utils directory:

Package	From	To
golang.org/x/sys	0.0.0-20220919091848-fb04ddd9f9c8	0.28.0
golang.org/x/text	0.3.7	0.3.8
gopkg.in/yaml.v3	3.0.0-20210107192922-496545a6307b	3.0.0
golang.org/x/crypto	0.0.0-20220919173607-35f4265a4bc0	0.30.0
github.com/docker/distribution	2.7.1+incompatible	2.8.2+incompatible

Bumps the go_modules group with 2 updates in the /tests/acceptance directory: google.golang.org/grpc and gopkg.in/yaml.v3.
Bumps the go_modules group with 3 updates in the /tests/acceptance/test_krt/runtime-test-v1/src/go-runner directory: google.golang.org/protobuf, go.mongodb.org/mongo-driver and github.com/nats-io/nats-server/v2.

Updates google.golang.org/grpc from 1.49.0 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

• server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

  In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

• client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

• client: support channel idleness using WithIdleTimeout dial option (#6263)
  • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
• client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
• xds: Add support for Custom LB Policies (gRFC A52) (#6224)
• xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
• client: add support for pickfirst address shuffling (gRFC A62) (#6311)
• xds: Add support for String Matcher Header Matcher in RDS (#6313)
• xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • Special Thanks: @​s-matyukevich
• xds: enable RLS in xDS by default (#6343)
• orca: add support for application_utilization field and missing range checks on several metrics setters
• balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
• authz: add conversion of json to RBAC Audit Logging config (#6192)
• authz: add support for stdout logger (#6230 and #6298)
• authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

• orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
• xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
• xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

• orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

• xds: enable federation support by default (#6151)
• status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits

• 1055b48 Update version.go to 1.56.3 (#6713)
• 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
• bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
• faab873 Update version.go to v1.56.2 (#6432)
• 6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
• ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
• cd6a794 Update version.go to v1.56.2-dev (#6387)
• 5b67e5e Update version.go to v1.56.1 (#6386)
• d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
• 997c1ea Change version to 1.56.1-dev (#6345)
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.28.1 to 1.30.0

Updates golang.org/x/net from 0.0.0-20220127200216-cd36cc0744dd to 0.9.0

Commits

• See full diff in compare view

Updates golang.org/x/sys from 0.0.0-20220919091848-fb04ddd9f9c8 to 0.7.0

Commits

• See full diff in compare view

Updates golang.org/x/text from 0.3.7 to 0.9.0

Commits

• 434eadc language: reject excessively large Accept-Language strings
• 23407e7 go.mod: ignore cyclic dependency for tagging
• b18d3dd secure/precis: replace bytes.Compare with bytes.Equal
• 795e854 all: replace io/ioutil with io and os package
• b0ca10f internal/language: bump script types to uint16 and update registry
• ba9b0e1 go.mod: update x/tools to HEAD
• d03b418 A+C: delete AUTHORS and CONTRIBUTORS
• b4bca84 language/display: fix Tag method comment
• ea49e3e go.mod: update x/tools to HEAD
• 78819d0 go.mod: update to golang.org/x/text v0.1.10
• Additional commits viewable in compare view

Updates gopkg.in/yaml.v3 from 3.0.0-20210107192922-496545a6307b to 3.0.0

Updates google.golang.org/protobuf from 1.27.1 to 1.33.0

Updates golang.org/x/sys from 0.0.0-20220209214540-3681064d5158 to 0.1.0

Commits

• See full diff in compare view

Updates golang.org/x/text from 0.3.7 to 0.3.8

Commits

• 434eadc language: reject excessively large Accept-Language strings
• 23407e7 go.mod: ignore cyclic dependency for tagging
• b18d3dd secure/precis: replace bytes.Compare with bytes.Equal
• 795e854 all: replace io/ioutil with io and os package
• b0ca10f internal/language: bump script types to uint16 and update registry
• ba9b0e1 go.mod: update x/tools to HEAD
• d03b418 A+C: delete AUTHORS and CONTRIBUTORS
• b4bca84 language/display: fix Tag method comment
• ea49e3e go.mod: update x/tools to HEAD
• 78819d0 go.mod: update to golang.org/x/text v0.1.10
• Additional commits viewable in compare view

Updates gopkg.in/yaml.v3 from 3.0.0-20210107192922-496545a6307b to 3.0.0

Updates go.mongodb.org/mongo-driver from 1.3.5 to 1.17.1

Release notes

Sourced from go.mongodb.org/mongo-driver's releases.

MongoDB Go Driver 1.17.1

The MongoDB Go Driver Team is pleased to release version 1.17.1 of the official Go driver.

Release Notes

This release improves the behavior of connection checkout by checking for closed connections.

It also fixes a bug where the authSource from a TXT record would be overridden for auth mechanisms that require an authSource of $external.

---

For a full list of tickets included in this release, please see the links below:

• Improvements
• Bugs
• Tasks

Full Changelog: v1.17.0...v1.17.1

Documentation for the Go driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. Questions and inquiries can be asked on the MongoDB Developer Community. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go driver is greatly appreciated!

MongoDB Go Driver 1.17.0

The MongoDB Go Driver Team is pleased to release version 1.17.0 of the official MongoDB Go driver.

Release Notes

This release adds support for client authentication using OpenID Connect (MONGODB-OIDC), and for the Queryable Encryption Range Protocol. The driver now supports MongoDB 8.0. Additionally, IndexView has been extended to include methods for dropping indexes by key (i.e. DropOneWithKey and DropWithKey).

[!NOTE]

This is the last planned minor release in the 1.x series. Future driver versions will be in the 2.x series. The v1.17.x will still receive security and bug fixes for a year.

Queryable Encryption Range Protocol

Added range protocol support for Queryable Encryption.

MONGODB-OIDC

Added support OpenID Connect (OIDC) authentication for workload identities. A workload identity is an identity you assign to a software workload, such as an application, service, script, or container, to authenticate and access other services and resources.

See the documentation for more details.

---

For a full list of tickets included in this release, please see the links below:

• New Features
• Improvements
• Bugs

... (truncated)

Commits

• 070817d BUMP v1.17.1
• b45e5d9 GODRIVER-3156 Detect and discard closed idle connections. (#1815) [release/1....
• b473d1b GODRIVER-3313 [release/1.17] Skip CSOT spec tests on Windows and macOS. (#1838)
• c0afeee GODRIVER-3358 [release/1.17] Do not override authSource from TXT record (#1840)
• bd39092 GODRIVER-2589 [release/1.17] Clarify *Cursor.All() behavior in comment. (#1...
• b7e6686 DEVPROD-10453 Use assume_role for s3 uploads [release/1.17] (#1824) (#1837)
• 3911a1b update repo metadata
• 5484657 BUMP v1.17.0
• be25b9a GODRIVER-3302 Handle malformatted message length properly. (#1758)
• 4757f44 GODRIVER-3312 Use remaining test secrets from the vault [v1] (#1811)
• Additional commits viewable in compare view

Updates github.com/nats-io/nats-server/v2 from 2.1.7 to 2.9.23

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.9.23

Changelog

Go Version

• 1.20.10

Fixed

Accounts

• Prevent bypassing authorization block when enabling system account access in accounts block (#4605). Backport from v2.10.2

Leafnodes

• Prevent a leafnode cluster from receiving a message multiple times in a queue subscription (#4578). Backport from v2.10.2

JetStream

• Hold lock when calculating the first message for subject in a message block (#4531). Backport from v2.10.0
• Add self-healing mechanism to detect and delete orphaned Raft groups (#4647). Backport from v2.10.0
• Prevent forward proposals in consumers after scaling down a stream (#4647). Backport from v2.10.0
• Fix race condition during leader failover scenarios resulting in potential duplicate messages being sourced (#4592). Backport from v2.10.2

Complete Changes

nats-io/nats-server@v2.9.22...v2.9.23

Release v2.9.22

Changelog

Go Version

• 1.20.8 (updated out-of-cycle since Go 1.19 is now EOL)

Dependencies

• github.com/nats-io/jwt/v2 v2.5.0
• golang.org/x/crypto v0.12.0
• golang.org/x/sys v0.11.0

Improved

Monitoring

• CORS Allow-Origin passthrough for monitoring server (#4423) Thanks to @​mdawar for the contribution!

JetStream

• Improve consumer scaling reliability with filters and cluster restart (#4404)
• Send event on lame duck mode (LDM) to avoid placing assets on shutting down nodes (#4405)
• Skip filestore tombstones if downgrade from 2.10 occurs (#4452)
• Adjust delivered and waiting count when consumer message delivery fails (#4472)

Fixed

Config

• Allow empty configs and fix JSON compatibility (#4394, #4418)
• Remove TLS OCSP debug log on reload (#4453)

... (truncated)

Commits

• 45436e1 Release v2.9.23 (#4652)
• 72ffa38 Release v2.9.23
• 05fe77f Backport #4592 to 2.9 (#4651)
• 6a73e68 [2.9.x] Bump Travis Go version to 1.20.10 (#4650)
• 8b981a2 Backports from v2.10 for v2.9.23 release (#4647)
• 28eb7c0 Only setup auto no-auth for $G account iff no authorization block was defined.
• 9f16edd Make sure to not forward a message across a route for dq sub when we are a sp...
• 0ac7895 Add in utility to detect and delete any NRG orphans.
• 50722e9 When scaling a consumer down make sure to pop the loopAndForwardProposals go ...
• 770cf2e Backport JetStream benchmarks improvements to 2.9.x (#4644)
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.0.0-20220214200702-86341886e292 to 0.26.0

Commits

• See full diff in compare view

Updates google.golang.org/grpc from 1.49.0 to 1.56.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

• server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

  In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

• client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

• client: support channel idleness using WithIdleTimeout dial option (#6263)
  • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
• client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
• xds: Add support for Custom LB Policies (gRFC A52) (#6224)
• xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
• client: add support for pickfirst address shuffling (gRFC A62) (#6311)
• xds: Add support for String Matcher Header Matcher in RDS (#6313)
• xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • Special Thanks: @​s-matyukevich
• xds: enable RLS in xDS by default (#6343)
• orca: add support for application_utilization field and missing range checks on several metrics setters
• balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
• authz: add conversion of json to RBAC Audit Logging config (#6192)
• authz: add support for stdout logger (#6230 and #6298)
• authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

• orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
• xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
• xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

• orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

• xds: enable federation support by default (#6151)
• status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits

• 1055b48 Update version.go to 1.56.3 (#6713)
• 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
• bd1f038 Upgrade version.go to 1.56.3-dev (#6434)
• faab873 Update version.go to v1.56.2 (#6432)
• 6b0b291 status: fix panic when servers return a wrapped error with status OK (#6374) ...
• ed56401 [PSM interop] Don't fail target if sub-target already failed (#6390) (#6405)
• cd6a794 Update version.go to v1.56.2-dev (#6387)
• 5b67e5e Update version.go to v1.56.1 (#6386)
• d0f5150 client: handle empty address lists correctly in addrConn.updateAddrs (#6354) ...
• 997c1ea Change version to 1.56.1-dev (#6345)
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.28.1 to 1.30.0

Updates golang.org/x/net from 0.8.0 to 0.9.0

Commits

• See full diff in compare view

Updates golang.org/x/sys from 0.6.0 to 0.7.0

Commits

• See full diff in compare view

Updates golang.org/x/text from 0.8.0 to 0.9.0

Commits

• 434eadc language: reject excessively large Accept-Language strings
• 23407e7 go.mod: ignore cyclic dependency for tagging
• b18d3dd secure/precis: replace bytes.Compare with bytes.Equal
• 795e854 all: replace io/ioutil with io and os package
• b0ca10f internal/language: bump script types to uint16 and update registry
• ba9b0e1 go.mod: update x/tools to HEAD
• d03b418 A+C: delete AUTHORS and CONTRIBUTORS
• b4bca84 language/display: fix Tag method comment
• ea49e3e go.mod: update x/tools to HEAD
• 78819d0 go.mod: update to golang.org/x/text v0.1.10
• Additional commits viewable in compare view

Updates github.com/nats-io/nats-server/v2 from 2.9.1 to 2.9.23

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.9.23

Changelog

Go Version

• 1.20.10

Fixed

Accounts

• Prevent bypassing authorization block when enabling system account access in accounts block (#4605). Backport from v2.10.2

Leafnodes

• Prevent a leafnode cluster from receiving a message multiple times in a queue subscription (#4578). Backport from v2.10.2

JetStream

• Hold lock when calculating the first message for subject in a message block (#4531). Backport from v2.10.0
• Add self-healing mechanism to detect and delete orphaned Raft groups (#4647). Backport from v2.10.0
• Prevent forward proposals in consumers after scaling down a stream (#4647). Backport from v2.10.0
• Fix race condition during leader failover scenarios resulting in potential duplicate messages being sourced (#4592). Backport from v2.10.2

Complete Changes

nats-io/nats-server@v2.9.22...v2.9.23

Release v2.9.22

Changelog

Go Version

• 1.20.8 (updated out-of-cycle since Go 1.19 is now EOL)

Dependencies

• github.com/nats-io/jwt/v2 v2.5.0
• golang.org/x/crypto v0.12.0
• golang.org/x/sys v0.11.0

Improved

Monitoring

• CORS Allow-Origin passthrough for monitoring server (#4423) Thanks to @​mdawar for the contribution!

JetStream

• Improve consumer scaling reliability with filters and cluster restart (#4404)
• Send event on lame duck mode (LDM) to avoid placing assets on shutting down nodes (#4405)
• Skip filestore tombstones if downgrade from 2.10 occurs (#4452)
• Adjust delivered and waiting count when consumer message delivery fails (#4472)

Fixed

Config

• Allow empty configs and fix JSON compatibility (#4394, #4418)
• Remove TLS OCSP debug log on reload (#4453)

... (truncated)

Commits

• 45436e1 Release v2.9.23 (#4652)
• 72ffa38 Release v2.9.23
• 05fe77f Backport #4592 to 2.9 (#4651)
• 6a73e68 [2.9.x] Bump Travis Go version to 1.20.10 (#4650)
• 8b981a2 Backports from v2.10 for v2.9.23 release (#4647)
• 28eb7c0 Only setup auto no-auth for $G account iff no authorization block was defined.
• 9f16edd Make sure to not forward a message across a route for dq sub when we are a sp...
• 0ac7895 Add in utility to detect and delete any NRG orphans.
• 50722e9 When scaling a consumer down make sure to pop the loopAndForwardProposals go ...
• 770cf2e Backport JetStream benchmarks improvements to 2.9.x (#4644)
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.7.0 to 0.12.0

Commits

• See full diff in compare view

Updates github.com/containerd/containerd from 1.6.19 to 1.6.26

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.6.26

Welcome to the v1.6.26 release of containerd!

The twenty-sixth patch release for containerd 1.6 contains various fixes and updates.

Notable Updates

• Fix windows default path overwrite issue (#9441)
• Update push to inherit distribution sources from parent (#9453)
• Mask /sys/devices/virtual/powercap path in runtime spec and deny in default apparmor profile (GHSA-7ww5-4wqc-m92c)

Deprecation Warnings

• Emit deprecation warning for AUFS snapshotter usage (#9448)
• Emit deprecation warning for v1 runtime usage (#9468)
• Emit deprecation warning for CRI v1alpha1 usage (#9468)

See the changelog for complete list of changes

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Samuel Karp
• Derek McGowan
• Kohei Tokunaga
• Phil Estes
• Bjorn Neergaard
• Sebastiaan van Stijn
• Brian Goff
• Charity Kathure
• Kazuyoshi Kato
• Milas Bowman
• Wei Fu
• ruiwen-zhao

Changes

• [release/1.6] Prepare release notes for v1.6.26 (#9490)
  • ac5c5d3e0 Prepare release notes for v1.6.26
• Github Security Advisory GHSA-7ww5-4wqc-m92c
  • 02f07fe19 contrib/apparmor: deny /sys/devices/virtual/powercap
  • c94577e78 oci/spec: deny /sys/devices/virtual/powercap
• [release/1.6] update to go1.20.12, test go1.21.5 (#9472)
  • 7cbdfc92e update to go1.20.12, test go1.21.5
  • 024b1cce6 update to go1.20.11, test go1.21.4
• [release/1.6] Add cri-api v1alpha2 usage warning to all api calls (#9484)

... (truncated)

Commits

• 3dd1e88 Merge pull request #9490 from dmcgowan/prepare-1.6.26
• 746b910 Merge pull request from GHSA-7ww5-4wqc-m92c
• ac5c5d3 Prepare release notes for v1.6.26
• e7ca005 Merge pull request #9472 from thaJeztah/1.6_update_golang_1.20.12
• 7cbdfc9 update to go1.20.12, test go1.21.5
• 024b1cc update to go1.20.11, test go1.21.4
• 2e40459 Merge pull request #9484 from ruiwen-zhao/cri-api-warning-1.6
• 64e56bf Add cri-api v1alpha2 usage warning to all api calls
• c566b7d Merge pull request #9468 from samuelkarp/deprecation-warning-runtime-1.6
• efefd3b tasks: emit warning for runc v1 runtime
• Additional commits viewable in compare view

Updates github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible

Release notes

Sourced from github.com/docker/distribution's releases.

v2.8.2

What's Changed

• Revert registry/client: set Accept: identity header when getting layers by @​ndeloof in distribution/distribution#3783
• Parse http forbidden as denied by @​vvoland in distribution/distribution#3914
• Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by @​thaJeztah (#3650)
• Fix CVE-2023-2253 runaway allocation on /v2/_catalog by @​josegomezr 521ea3d9
• Fix panic in inmemory driver by @​wy65701436 in distribution/distribution#3815
• bump up golang version (alternative) by @​thaJeztah in distribution/distribution#3903
• Dockerfile: update xx to v1.2.1 by @​thaJeztah in distribution/distribution#3907
• update to go1.19.9 by @​thaJeztah in distribution/distribution#3908
• Add code to handle pagination of parts. Fixes max layer size of 10GB bug by @​DavidSpek in distribution/distribution#3893
• Dockerfile: fix filenames of artifacts by @​thaJeztah in distribution/distribution#3911

Full Changelog: distribution/distribution@v2.8.1...v2.8.2

v2.8.2-beta.2

What's Changed

• Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by @​thaJeztah (#3650)
• Fix CVE-2023-2253 runaway allocation on /v2/_catalog by @​josegomezr 521ea3d9
• Fix panic in inmemory driver by @​wy65701436 in distribution/distribution#3815
• bump up golang version (alternative) by @​thaJeztah in distribution/distribution#3903
• Dockerfile: update xx to v1.2.1 by @​thaJeztah in distribution/distribution#3907
• update to go1.19.9 by @​thaJeztah in distribution/distribution#3908
• Add code to handle pagination of parts. Fixes max layer size of 10GB bug by @​DavidSpek in distribution/distribution#3893
• Dockerfile: fix filenames of artifacts by @​thaJeztah in distribution/distribution#3911

Full Changelog: distribution/distribution@v2.8.1...v2.8.2-beta.2

v2.8.2-beta.1

NOTE: This is a pre-release that does not contain any artifacts!

What's Changed

• Fix runaway allocation on /v2/_catalog by @​josegomezr 521ea3d9
• Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by @​thaJeztah in distribution/distribution#3650
• Fix panic in inmemory driver by @​wy65701436 in distribution/distribution#3815
• bump up golang version (alternative) by @​thaJeztah in distribution/distribution#3903
• Dockerfile: update xx to v1.2.1 by @​thaJeztah in distribution/distribution#3907
• update to go1.19.9 by @​thaJeztah in distribution/distribution#3908
• Add code to handle pagination of parts. Fixes max layer size of 10GB bug by @​DavidSpek in distribution/distribution#3893

Full Changelog: distribution/distribution@v2.8.1...v2.8.2-beta.1

Commits

• 7c354a4 Merge pull request #3915 from distribution/2.8.2-release-notes
• a173a9c Add v2.8.2 release notes
• 4894d35 Merge pull request #3914 from vvoland/handle-forbidden-28
• f067f66 Merge pull request #3783 from ndeloof/accept-encoding-28
• 483ad69 registry/errors: Parse http forbidden as denied
• 2b0f84d Revert "registry/client: set Accept: identity header when getting layers"
• 320d6a1 Merge pull request #3912 from distribution/2.8.2-beta.2-release-notes
• 5f3ca1b Add release notes for 2.8.2-beta.2 release
• cb840f6 Merge pull request #3911 from thaJeztah/2.8_backport_fix_releaser_filenames
• e884644 Dockerfile: fix filenames of artifacts
• Additional commits viewable in compare view

Updates github.com/docker/docker from 23.0.1+incompatible to 25.0.6+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v25.0.6

25.0.6

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 25.0.6 milestone
• moby/moby, 25.0.6 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Security

This release contains a fix for CVE-2024-41110 / GHSA-v23v-6jw2-98fq that impacted setups using authorization plugins (AuthZ) for access control.

Bug fixes and enhancements

• [25.0] remove erroneous platform from image config OCI descriptor in docker save output. moby/moby#47695
• [25.0 backport] Fix a nil dereference when getting image history for images having layers without the Created value set. moby/moby#47759
• [25.0 backport] apparmor: Allow confined runc to kill containers. moby/moby#47830
• [25.0 backport] Fix an issue where rapidly promoting a Swarm node after another node was demoted could cause the promoted node to fail its promotion. moby/moby#47869
• [25.0 backport] don't depend on containerd platform.Parse to return a typed error. moby/moby#47890
• [25.0 backport] builder/mobyexporter: Add missing nil check