nemunaire/minifaas
Archived
1
0
Fork 0
Code Issues Pull Requests 3 Releases Activity

Update module github.com/docker/docker to v20.10.9 #4

Merged
nemunaire merged 1 commits from renovate/github.com-docker-docker-20.x into master 2021-10-16 08:38:36 +00:00
Conversation 0 Commits 1 Files Changed 2 +3 -1
renovate-bot commented 2021-10-12 11:04:46 +00:00
Contributor
Copy Link

This PR contains the following updates:

Package Type Update Change
github.com/docker/docker require patch v20.10.8+incompatible -> v20.10.9

Release Notes

docker/docker

v20.10.9

Compare Source

This release is a security release with security fixes in the CLI, runtime, as
well as updated versions of the containerd.io package and the Go runtime.

Client

  • CVE-2021-41092
    Ensure default auth config has address field set, to prevent credentials being
    sent to the default registry.

Runtime

  • CVE-2021-41089
    Create parent directories inside a chroot during docker cp to prevent a specially
    crafted container from changing permissions of existing files in the host’s filesystem.
  • CVE-2021-41091
    Lock down file permissions to prevent unprivileged users from discovering and
    executing programs in /var/lib/docker.

Packaging

  • Update Golang runtime to Go 1.16.8, which contains fixes for CVE-2021-36221
    and CVE-2021-39293
  • Update static binaries and containerd.io rpm and deb packages to containerd
    v1.4.11 and runc v1.0.2 to address CVE-2021-41103.
  • Update the bundled buildx version to v0.6.3 for rpm and deb packages.

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/docker/docker](https://github.com/docker/docker) | require | patch | `v20.10.8+incompatible` -> `v20.10.9` | --- ### Release Notes <details> <summary>docker/docker</summary> ### [`v20.10.9`](https://github.com/docker/docker/releases/v20.10.9) [Compare Source](https://github.com/docker/docker/compare/v20.10.8...v20.10.9) This release is a security release with security fixes in the CLI, runtime, as well as updated versions of the containerd.io package and the Go runtime. #### Client - [CVE-2021-41092](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092) Ensure default auth config has address field set, to prevent credentials being sent to the default registry. #### Runtime - [CVE-2021-41089](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089) Create parent directories inside a chroot during `docker cp` to prevent a specially crafted container from changing permissions of existing files in the host’s filesystem. - [CVE-2021-41091](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091) Lock down file permissions to prevent unprivileged users from discovering and executing programs in `/var/lib/docker`. #### Packaging - Update Golang runtime to Go 1.16.8, which contains fixes for [CVE-2021-36221](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36221) and [CVE-2021-39293](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39293) - Update static binaries and containerd.io rpm and deb packages to containerd v1.4.11 and runc v1.0.2 to address [CVE-2021-41103](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103). - Update the bundled buildx version to v0.6.3 for rpm and deb packages. </details> --- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box. --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
renovate-bot added 1 commit 2021-10-12 11:04:49 +00:00
nemunaire merged commit 5f8b2df0ef into master 2021-10-16 08:38:36 +00:00
nemunaire deleted branch renovate/github.com-docker-docker-20.x 2021-10-16 08:38:37 +00:00
This repo is archived. You cannot comment on pull requests.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: nemunaire/minifaas#4
No description provided.
Delete Branch "renovate/github.com-docker-docker-20.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?