[PR #1027] [MERGED] chore(deps): bump the go_modules group with 3 updates #937

New issue

Closed

opened 2026-02-25 23:35:57 +03:00 by kerem · 0 comments

kerem commented

2026-02-25 23:35:57 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/go-shiori/shiori/pull/1027
Author: @dependabot[bot]
Created: 12/12/2024
Status: ✅ Merged
Merged: 12/12/2024
Merged by: @fmartingr

Base: master ← Head: dependabot/go_modules/go_modules-82b38db815

📝 Commits (1)

24318ad chore(deps): bump the go_modules group with 3 updates

📊 Changes

2 files changed (+24 additions, -24 deletions)

View changed files

📝 go.mod (+8 -8)
📝 go.sum (+16 -16)

📄 Description

Bumps the go_modules group with 3 updates: golang.org/x/crypto, golang.org/x/image and github.com/docker/docker.

Updates golang.org/x/crypto from 0.23.0 to 0.31.0

Commits

b4f1988 ssh: make the public key cache a 1-entry FIFO cache
7042ebc openpgp/clearsign: just use rand.Reader in tests
3e90321 go.mod: update golang.org/x dependencies
8c4e668 x509roots/fallback: update bundle
6018723 go.mod: update golang.org/x dependencies
71ed71b README: don't recommend go get
750a45f sha3: add MarshalBinary, AppendBinary, and UnmarshalBinary
36b1725 sha3: avoid trailing permutation
80ea76e sha3: fix padding for long cSHAKE parameters
c17aa50 sha3: avoid buffer copy
Additional commits viewable in compare view

Updates golang.org/x/image from 0.16.0 to 0.18.0

Commits

3bbf4a6 tiff: Validate palette indices when parsing palette-color images
6c5fa46 go.mod: update golang.org/x dependencies
See full diff in compare view

Updates github.com/docker/docker from 25.0.5+incompatible to 25.0.6+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v25.0.6

25.0.6

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 25.0.6 milestone

moby/moby, 25.0.6 milestone

Deprecated and removed features, see Deprecated Features.

Changes to the Engine API, see API version history.

Security

This release contains a fix for CVE-2024-41110 / GHSA-v23v-6jw2-98fq that impacted setups using authorization plugins (AuthZ) for access control.

Bug fixes and enhancements

[25.0] remove erroneous platform from image config OCI descriptor in docker save output. moby/moby#47695

[25.0 backport] Fix a nil dereference when getting image history for images having layers without the Created value set. moby/moby#47759

[25.0 backport] apparmor: Allow confined runc to kill containers. moby/moby#47830

[25.0 backport] Fix an issue where rapidly promoting a Swarm node after another node was demoted could cause the promoted node to fail its promotion. moby/moby#47869

[25.0 backport] don't depend on containerd platform.Parse to return a typed error. moby/moby#47890

[25.0 backport] builder/mobyexporter: Add missing nil check moby/moby#47987

Packaging updates

Update AWS SDK Go v2 to v1.24.1 for AWS CloudWatch logging driver. moby/moby#47724

Update Go runtime to 1.21.12, which contains security fixes for CVE-2024-24791 moby/moby#48146

Update Containerd (static binaries only) to v1.7.20. moby/moby#48199

Full Changelog: https://github.com/moby/moby/compare/v25.0.5...v25.0.6

Commits

b08a51f Merge pull request #48231 from austinvazquez/backport-vendor-otel-v0.46.1-to-...
d151b0f vendor: OTEL v0.46.1 / v1.21.0
c6ba9a5 Merge pull request #48225 from austinvazquez/backport-workflow-artifact-reten...
4673a3c Merge pull request #48227 from austinvazquez/backport-backport-branch-check-t...
30f8908 github/ci: Check if backport is opened against the expected branch
7454d6a ci: update workflow artifacts retention
65cc597 Merge commit from fork
b722836 Merge pull request #48199 from austinvazquez/update-containerd-binary-to-1.7.20
e8ecb9c update containerd binary to v1.7.20
e6cae1f update containerd binary to v1.7.19
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/go-shiori/shiori/pull/1027 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 12/12/2024 **Status:** ✅ Merged **Merged:** 12/12/2024 **Merged by:** [@fmartingr](https://github.com/fmartingr) **Base:** `master` ← **Head:** `dependabot/go_modules/go_modules-82b38db815` --- ### 📝 Commits (1) - [`24318ad`](https://github.com/go-shiori/shiori/commit/24318adc24da54aea2b3f50923f689b6b0fc0dac) chore(deps): bump the go_modules group with 3 updates ### 📊 Changes **2 files changed** (+24 additions, -24 deletions) <details> <summary>View changed files</summary> 📝 `go.mod` (+8 -8) 📝 `go.sum` (+16 -16) </details> ### 📄 Description Bumps the go_modules group with 3 updates: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/image](https://github.com/golang/image) and [github.com/docker/docker](https://github.com/docker/docker). Updates `golang.org/x/crypto` from 0.23.0 to 0.31.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"><code>b4f1988</code></a> ssh: make the public key cache a 1-entry FIFO cache</li> <li><a href="https://github.com/golang/crypto/commit/7042ebcbe097f305ba3a93f9a22b4befa4b83d29"><code>7042ebc</code></a> openpgp/clearsign: just use rand.Reader in tests</li> <li><a href="https://github.com/golang/crypto/commit/3e90321ac7bcee3d924ed63ed3ad97be2079cb56"><code>3e90321</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/8c4e668694ccbaa1be4785da7e7a40f2ef93152b"><code>8c4e668</code></a> x509roots/fallback: update bundle</li> <li><a href="https://github.com/golang/crypto/commit/6018723c74059e3b91c84268b212c2f6cdab1f64"><code>6018723</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/71ed71b4faf97caafd1863fed003e9ac311f10ee"><code>71ed71b</code></a> README: don't recommend go get</li> <li><a href="https://github.com/golang/crypto/commit/750a45fe5e473d5afa193e9088f3d135e64eca26"><code>750a45f</code></a> sha3: add MarshalBinary, AppendBinary, and UnmarshalBinary</li> <li><a href="https://github.com/golang/crypto/commit/36b172546bd03a74c79e109ec84c599b672ea9e4"><code>36b1725</code></a> sha3: avoid trailing permutation</li> <li><a href="https://github.com/golang/crypto/commit/80ea76eb17c0c52f5d5d04e833d6aeb6b062d81d"><code>80ea76e</code></a> sha3: fix padding for long cSHAKE parameters</li> <li><a href="https://github.com/golang/crypto/commit/c17aa50fbd32393e5d52fa65ca51cbfff0a75aea"><code>c17aa50</code></a> sha3: avoid buffer copy</li> <li>Additional commits viewable in <a href="https://github.com/golang/crypto/compare/v0.23.0...v0.31.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/image` from 0.16.0 to 0.18.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/image/commit/3bbf4a659e56fde394e7214ddd17673223aca672"><code>3bbf4a6</code></a> tiff: Validate palette indices when parsing palette-color images</li> <li><a href="https://github.com/golang/image/commit/6c5fa462eb87ac98bad9b09ea3b041dd770fa611"><code>6c5fa46</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/image/compare/v0.16.0...v0.18.0">compare view</a></li> </ul> </details> <br /> Updates `github.com/docker/docker` from 25.0.5+incompatible to 25.0.6+incompatible <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v25.0.6</h2> <h2>25.0.6</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.6">docker/cli, 25.0.6 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.6">moby/moby, 25.0.6 milestone</a></li> <li>Deprecated and removed features, see <a href="https://github.com/docker/cli/blob/v25.0.6/docs/deprecated.md">Deprecated Features</a>.</li> <li>Changes to the Engine API, see <a href="https://github.com/moby/moby/blob/v25.0.6/docs/api/version-history.md">API version history</a>.</li> </ul> <h3>Security</h3> <p>This release contains a fix for <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110">CVE-2024-41110</a> / <a href="https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq">GHSA-v23v-6jw2-98fq</a> that impacted setups using <a href="https://docs.docker.com/engine/extend/plugins_authorization/">authorization plugins (AuthZ)</a> for access control.</p> <h3>Bug fixes and enhancements</h3> <ul> <li>[25.0] remove erroneous <code>platform</code> from image <code>config</code> OCI descriptor in <code>docker save</code> output. <a href="https://redirect.github.com/moby/moby/pull/47695">moby/moby#47695</a></li> <li>[25.0 backport] Fix a nil dereference when getting image history for images having layers without the <code>Created</code> value set. <a href="https://redirect.github.com/moby/moby/pull/47759">moby/moby#47759</a></li> <li>[25.0 backport] apparmor: Allow confined runc to kill containers. <a href="https://redirect.github.com/moby/moby/pull/47830">moby/moby#47830</a></li> <li>[25.0 backport] Fix an issue where rapidly promoting a Swarm node after another node was demoted could cause the promoted node to fail its promotion. <a href="https://redirect.github.com/moby/moby/pull/47869">moby/moby#47869</a></li> <li>[25.0 backport] don't depend on containerd platform.Parse to return a typed error. <a href="https://redirect.github.com/moby/moby/pull/47890">moby/moby#47890</a></li> <li>[25.0 backport] builder/mobyexporter: Add missing nil check <a href="https://redirect.github.com/moby/moby/pull/47987">moby/moby#47987</a></li> </ul> <h3>Packaging updates</h3> <ul> <li>Update AWS SDK Go v2 to v1.24.1 for AWS CloudWatch logging driver. <a href="https://redirect.github.com/moby/moby/pull/47724">moby/moby#47724</a></li> <li>Update Go runtime to 1.21.12, which contains security fixes for <a href="https://github.com/advisories/GHSA-hw49-2p59-3mhj">CVE-2024-24791</a> <a href="https://redirect.github.com/moby/moby/pull/48146">moby/moby#48146</a></li> <li>Update Containerd (static binaries only) to <a href="https://github.com/containerd/containerd/releases/tag/v1.7.20">v1.7.20</a>. <a href="https://redirect.github.com/moby/moby/pull/48199">moby/moby#48199</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/moby/moby/compare/v25.0.5...v25.0.6">https://github.com/moby/moby/compare/v25.0.5...v25.0.6</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moby/moby/commit/b08a51fe16eed67de3861c03b363ba403643b12e"><code>b08a51f</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/48231">#48231</a> from austinvazquez/backport-vendor-otel-v0.46.1-to-...</li> <li><a href="https://github.com/moby/moby/commit/d151b0f87f9673f206b477c90db25956e1704ba5"><code>d151b0f</code></a> vendor: OTEL v0.46.1 / v1.21.0</li> <li><a href="https://github.com/moby/moby/commit/c6ba9a5124603357bfc4a64971cbb9708180f06e"><code>c6ba9a5</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/48225">#48225</a> from austinvazquez/backport-workflow-artifact-reten...</li> <li><a href="https://github.com/moby/moby/commit/4673a3ca2c37ae30270a29c281ccd9477107dcee"><code>4673a3c</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/48227">#48227</a> from austinvazquez/backport-backport-branch-check-t...</li> <li><a href="https://github.com/moby/moby/commit/30f89081028ce6fb1b49a71c02c156dacbe9aa62"><code>30f8908</code></a> github/ci: Check if backport is opened against the expected branch</li> <li><a href="https://github.com/moby/moby/commit/7454d6a2e672b0b977aaa14463c9aeb53acd06af"><code>7454d6a</code></a> ci: update workflow artifacts retention</li> <li><a href="https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919"><code>65cc597</code></a> Merge commit from fork</li> <li><a href="https://github.com/moby/moby/commit/b722836927669b414569c42f096869cd800b59a6"><code>b722836</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/48199">#48199</a> from austinvazquez/update-containerd-binary-to-1.7.20</li> <li><a href="https://github.com/moby/moby/commit/e8ecb9c76d97579ebbf3f9d3ef770d08ac303809"><code>e8ecb9c</code></a> update containerd binary to v1.7.20</li> <li><a href="https://github.com/moby/moby/commit/e6cae1f2373d4ff37499570e67f23b2cebb7a043"><code>e6cae1f</code></a> update containerd binary to v1.7.19</li> <li>Additional commits viewable in <a href="https://github.com/docker/docker/compare/v25.0.5...v25.0.6">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/go-shiori/shiori/network/alerts). </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>