Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump Go and docker/docker #14

Merged
merged 1 commit into from
Jul 31, 2024
Merged

Bump Go and docker/docker #14

merged 1 commit into from
Jul 31, 2024

Conversation

daniponsg
Copy link
Contributor

@daniponsg daniponsg commented Jul 30, 2024
edited
Loading

docker/docker v24 is affected by CVE-2024-41110

@daniponsg daniponsg force-pushed the dpons/bump branch 4 times, most recently from c134884 to 991fb09 Compare July 30, 2024 14:44
scheca
scheca reviewed Jul 30, 2024
View reviewed changes
puller.go
@@ -31,7 +32,7 @@ type RepositoryConfig struct {

// Auth provides the default docker library's field to authenticate and will be used for pulling.
// Usually Username & Password fields should be filled.
Auth types.AuthConfig
Auth registry.AuthConfig
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey! nice to see activity in this project 🔝
Would this be a breaking change? It's an exported field of an exported struct and its type has changed from types.AuthConfig to registry.AuthConfig

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @scheca! Glad to see you here :)

Yes, it could be a breaking change. Bumping is being done due to vulnerabilities.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point to note, thanks @scheca The types.AuthConfig type was defined as type AuthConfig = registry.AuthConfig in the previous version, so it doesn't look critical

@daniponsg daniponsg force-pushed the dpons/bump branch 3 times, most recently from e77c0c2 to 7be8998 Compare July 31, 2024 06:52
yaroslavcev
yaroslavcev approved these changes Jul 31, 2024
View reviewed changes
Copy link
Contributor

@yaroslavcev yaroslavcev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@yaroslavcev yaroslavcev merged commit b93579a into cabify:master Jul 31, 2024
1 check passed
@daniponsg daniponsg deleted the dpons/bump branch July 31, 2024 10:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scheca scheca scheca left review comments

@yaroslavcev yaroslavcev yaroslavcev approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@daniponsg @scheca @yaroslavcev