Commit graph

10 commits

Author SHA1 Message Date
Sebastiaan van Stijn
345be95498
vendor: golang.org/x/net v0.4.0
golang.org/x/net contains a fix for CVE-2022-41717, which was addressed
in stdlib in go1.19.4 and go1.18.9;

> net/http: limit canonical header cache by bytes, not entries
>
> An attacker can cause excessive memory growth in a Go server accepting
> HTTP/2 requests.
>
> HTTP/2 server connections contain a cache of HTTP header keys sent by
> the client. While the total number of entries in this cache is capped,
> an attacker sending very large keys can cause the server to allocate
> approximately 64 MiB per open connection.
>
> This issue is also fixed in golang.org/x/net/http2 v0.4.0,
> for users manually configuring HTTP/2.

full diff: https://github.com/golang/net/compare/v0.2.0...v0.4.0

other dependency updates (due to (circular) dependencies):

- golang.org/x/sys v0.3.0: https://github.com/golang/sys/compare/3c1f35247d10...v0.3.0
- golang.org/x/text v0.5.0: https://github.com/golang/text/compare/v0.3.7...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-08 10:39:04 +01:00
Sebastiaan van Stijn
f9dee9dc90
vendor: golang.org/x/net v0.0.0-20220906165146-f3363e06e74c
Update to the latest version that contains a fix for CVE-2022-27664;
f3363e06e7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-06 23:09:44 +02:00
Adam Kaplan
81a2d171ee Update aws-sdk to 1.42.27
Upgrade the aws golang SDK to 1.42.27 to add the new options for
configuring S3 dualstack endpoints.

Signed-off-by: Adam Kaplan <adam.kaplan@redhat.com>
2022-01-04 17:19:05 -05:00
David Justice
3e68d47da6
chore: update azure go-autorest dependencies
Signed-off-by: David Justice <david@devigned.com>
2021-08-25 13:43:18 -04:00
Yong Wen Chua
e1464fd317
Bump AWS SDK
Fixes https://github.com/docker/distribution/issues/3097

Signed-off-by: Yong Wen Chua <lawliet89@users.noreply.github.com>
2020-08-21 17:35:24 +08:00
Tariq Ibrahim
afe29bb697
update the golang compiler version and the versions of several dependencies
Signed-off-by: Tariq Ibrahim <tariq181290@gmail.com>
2019-06-19 22:43:52 -07:00
Tariq Ibrahim
5223c27422
migrate to go modules from vndr
Signed-off-by: Tariq Ibrahim <tariq181290@gmail.com>
2019-06-19 12:24:07 -07:00
Derek McGowan
b22c6b7a4e Update vendor directory to match expectation of vndr tool
Adds READMEs and enforces vendor is done at repository root

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
2017-04-10 12:07:32 -07:00
Derek McGowan
a685e3fc98
Replace godep with vndr
Vndr has a simpler configuration and allows pointing to forked
packages. Additionally other docker projects are now using
vndr making vendoring in distribution more consistent.

Updates letsencrypt to use fork.
No longer uses sub-vendored packages.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-11-23 15:07:06 -08:00
Olivier Gambier
d1444b56e9 Fix GCS
Signed-off-by: Olivier Gambier <olivier@docker.com>
2016-03-22 10:50:52 -07:00