- Don't allow unbounded amounts of splits.
Fixes GHSA-c6gw-w398-hv78 / CVE-2025-27144
- Various other dependency updates, small fixes, and documentation
updates in the full changelog
full diff: https://github.com/go-jose/go-jose/compare/v4.0.4...v4.0.5
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Add exported functions to preserve pkg/flag compatibility
- Add IPNetSlice and unit tests
- Revert the local fork added in 80a2256478,
which was pending the upstream feature to be shipped in a release.
full diff: https://github.com/spf13/pflag/compare/v1.0.5...v1.0.6
Revert "Swarm init: use local IPNetSliceValue"
This reverts commit 80a2256478.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- update github.com/Azure/go-ansiterm to v0.0.0-20250102033503-faa5f7b0171c
to fix OSC string terminator parsing.
- add security policy
- update github actions and test against go1.22, go1.23
full diff: https://github.com/moby/term/compare/v0.5.0...v0.5.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The use of pools here is unnecessary and creates a code dependency on
moby library which will move to internal.
The pool does not provide any value here since it is only done for a
single operation and unlikely performed in alongside other operations
which are re-using the buffers many times between garbage collections.
Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We used a hard-coded list of capabilities that we copied from containerd,
but the new "capability" package allows use to have a maintained list
of capabilities.
There's likely still some improvements to be made;
First of all, the capability package could provide a function to get the list
of strings.
On the completion-side, we need to consider what format is most convenient;
currently we use the canonical name (uppercase and "CAP_" prefix), however,
tab-completion is case-sensitive by default, so requires the user to type
uppercase letters to filter the list of options.
Bash completion provides a `completion-ignore-case on` option to make completion
case-insensitive (https://askubuntu.com/a/87066), but it looks to be a global
option; the current cobra.CompletionOptions also don't provide this as an option
to be used in the generated completion-script.
Fish completion has `smartcase` (by default?) which matches any case if
all of the input is lowercase.
Zsh does not have a dedicated option, but allows setting matching-rules
(see https://superuser.com/a/1092328).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit adds support for the oauth [device-code](https://auth0.com/docs/get-started/authentication-and-authorization-flow/device-authorization-flow)
login flow when authenticating against the official registry.
This is achieved by adding `cli/internal/oauth`, which contains code to manage
interacting with the Docker OAuth tenant (`login.docker.com`), including launching
the device-code flow, refreshing access using the refresh-token, and logging out.
The `OAuthManager` introduced here is also made available through the `command.Cli`
interface method `OAuthManager()`.
In order to maintain compatibility with any clients manually accessing
the credentials through `~/.docker/config.json` or via credential
helpers, the added `OAuthManager` uses the retrieved access token to
automatically generate a PAT with Hub, and store that in the
credentials.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
removes (indirect) dependencie on the moby/sys/user/userns package, which
was retracted and moved to moby/sys/userns
- full diff: f3cf9359bd...2269acc7a3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: aae044039c...2b1097f080
The userns package in libcontainer was integrated into the moby/sys/user
module at commit 3778ae603c706494fd1e2c2faf83b406e38d687d.
The userns package is used in many places, and currently either depends
on runc/libcontainer, or on containerd, both of which have a complex
dependency tree. This patch is part of a series of patches to unify the
implementations, and to migrate toward that implementation to simplify
the dependency tree.
[3778ae603c706494fd1e2c2faf83b406e38d687d]: 3778ae603c
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
