build(deps): bump the non-majors group with 16 updates

[dependabot]

Bumps the non-majors group with 16 updates:

Package	From	To
github.com/docker/cli	27.3.1+incompatible	27.4.1+incompatible
github.com/gliderlabs/ssh	0.3.7	0.3.8
github.com/go-git/go-git/v5	5.12.0	5.13.0
github.com/labstack/echo/v4	4.12.0	4.13.3
github.com/moby/buildkit	0.17.3	0.18.2
github.com/prometheus/common	0.60.1	0.61.0
github.com/regclient/regclient	0.7.2	0.8.0
github.com/traefik/traefik/v3	3.2.1	3.2.3
golang.org/x/crypto	0.29.0	0.31.0
golang.org/x/net	0.31.0	0.33.0
golang.org/x/sync	0.9.0	0.10.0
google.golang.org/protobuf	1.35.2	1.36.1
k8s.io/api	0.31.3	0.32.0
k8s.io/apiextensions-apiserver	0.31.3	0.32.0
k8s.io/apimachinery	0.31.3	0.32.0
k8s.io/client-go	0.31.3	0.32.0

Updates github.com/docker/cli from 27.3.1+incompatible to 27.4.1+incompatible

Commits

• b9d17ea Merge pull request #5700 from thaJeztah/27.x_backport_remove_use_of_netfilter...
• a08a120 cli/command/system: remove BridgeNfIptables, BridgeNfIp6tables in tests
• 4870b3d Merge pull request #5699 from thaJeztah/27.x_backport_remove_system_isabs
• d3b59fb cli/command/container: use local copy of pkg/system.IsAbs
• ac40240 Merge pull request #5685 from thaJeztah/27.x_backport_bump_xx
• 3fa9480 Merge pull request #5690 from thaJeztah/27.x_backport_bump_gomd2man
• fce7c04 Merge pull request #5692 from thaJeztah/27.x_backport_remove_netfilter_warnings
• 70815c1 cli/command/system: remove netfilter warnings from tests
• 12d98b0 update go-md2man to v2.0.5
• f9783ec update xx to v1.6.1 for compatibility with alpine 3.21
• Additional commits viewable in compare view

Updates github.com/gliderlabs/ssh from 0.3.7 to 0.3.8

Release notes

Sourced from github.com/gliderlabs/ssh's releases.

v0.3.8

This bumps x/crypto to 0.31.0 to resolve CVE-2024-45337. The API has not changed, which means there are still a number of ways you could be vulnerable if your code improperly uses the PublicKeyHandler.

Note that this may result in a performance regression, as the PublicKeyHandler may be called multiple times for the same key. The last time it is called will be the key the user is actually using.

Note that if you are using Permissions to pass information about the public key out of the handler, you need to make sure you always overwrite all relevant stored map keys in order to avoid being vulnerable.

Full Changelog: gliderlabs/ssh@v0.3.7...v0.3.8

Commits

• a8ecd3e Bump x/crypto to 0.31.0 to fix CVE-2024-45337
• See full diff in compare view

Updates github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.13.0

What's Changed

• build: bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 in /cli/go-git by @​dependabot in go-git/go-git#1065
• build: bump golang.org/x/net from 0.22.0 to 0.23.0 by @​dependabot in go-git/go-git#1068
• build: bump golang.org/x/net from 0.23.0 to 0.24.0 by @​dependabot in go-git/go-git#1071
• Properly support skipping of non-mandatory extensions by @​codablock in go-git/go-git#1066
• git: Refine some codes in test and non-test. by @​onee-only in go-git/go-git#1077
• plumbing: protocol/packp, client-side filter capability support by @​edigaryev in go-git/go-git#1000
• build: bump golang.org/x/net from 0.22.0 to 0.23.0 in /cli/go-git by @​dependabot in go-git/go-git#1078
• plumbing: fix sideband demux on flush by @​aymanbagabas in go-git/go-git#1084
• storage: dotgit, head reference usually comes first by @​aymanbagabas in go-git/go-git#1085
• build: bump golang.org/x/text from 0.14.0 to 0.15.0 by @​dependabot in go-git/go-git#1091
• build: bump golang.org/x/crypto from 0.22.0 to 0.23.0 by @​dependabot in go-git/go-git#1094
• build: bump golang.org/x/net from 0.24.0 to 0.25.0 by @​dependabot in go-git/go-git#1093
• git: Added an example for Repository.Branches by @​johnmatthiggins in go-git/go-git#1088
• git: worktree_commit, Modify checking empty commit. Fixes #723 by @​onee-only in go-git/go-git#1050
• plumbing: transport/http, Wrap http errors to return reason. Fixes #1097 by @​ggambetti in go-git/go-git#1100
• build: bump golang.org/x/sys from 0.20.0 to 0.21.0 by @​dependabot in go-git/go-git#1106
• build: bump golang.org/x/text from 0.15.0 to 0.16.0 by @​dependabot in go-git/go-git#1107
• Bumps Go versions and go-billy by @​pjbgf in go-git/go-git#1056
• _examples: Fixed a dead link COMPATIBILITY.md by @​gecko655 in go-git/go-git#1109
• build: bump github.com/jessevdk/go-flags from 1.5.0 to 1.6.1 in /cli/go-git by @​dependabot in go-git/go-git#1115
• build: bump github.com/elazarl/goproxy from v0.0.0-20230808193330-2592e75ae04a to v0.0.0-20240618083138-03be62527ccb by @​hbelmiro in go-git/go-git#1124
• build: bump golang.org/x/net from 0.25.0 to 0.26.0 by @​dependabot in go-git/go-git#1104
• Add option approximating git clean -x flag. by @​msuozzo in go-git/go-git#995
• Revert "Add option approximating git clean -x flag." by @​pjbgf in go-git/go-git#1129
• Fix reference updated concurrently error for the filesystem storer by @​Javier-varez in go-git/go-git#1116
• build: bump golang.org/x/net from 0.26.0 to 0.27.0 by @​dependabot in go-git/go-git#1134
• utils: merkletrie, Align error message with upstream by @​pjbgf in go-git/go-git#1142
• plumbing: transport/file, Change paths to absolute by @​pjbgf in go-git/go-git#1141
• plumbing: gitignore, Fix loading of ignored .gitignore files. by @​Achilleshiel in go-git/go-git#1114
• build: bump github.com/skeema/knownhosts from 1.2.2 to 1.3.0 by @​dependabot in go-git/go-git#1147
• plumbing: transport/ssh, Add support for SSH @​cert-authority. by @​Javier-varez in go-git/go-git#1157
• build: run example tests during CI workflow by @​crazybolillo in go-git/go-git#1030
• storage: filesystem, Fix object cache not working due to uninitialised objects being put into cache by @​SatelliteMind in go-git/go-git#1138
• git: Fix fetching missing commits by @​AriehSchneier in go-git/go-git#1032
• plumbing: format/packfile, remove duplicate checks in findMatch() by @​edigaryev in go-git/go-git#1152
• git: worktree, Fix file reported as Untracked while it is committed by @​rodrigocam in go-git/go-git#1023
• build: bump golang.org/x/sys from 0.22.0 to 0.23.0 by @​dependabot in go-git/go-git#1160
• plumbing: filemode, Remove check for setting size of .git/index file by @​nicholasSUSE in go-git/go-git#1159
• build: bump golang.org/x/net from 0.27.0 to 0.28.0 by @​dependabot in go-git/go-git#1163
• Fix some lint warning and increase stalebot to 180 days by @​pjbgf in go-git/go-git#1128
• adjust path extracted from file: url on Windows by @​tomqwpl in go-git/go-git#416
• build: bump golang.org/x/sys from 0.23.0 to 0.24.0 by @​dependabot in go-git/go-git#1164
• Add RestoreStaged to Worktree that mimics the behaviour of git restore --staged ... by @​ben-tbotlabs in go-git/go-git#493
• plumbing: signature, support the same x509 signature formats as git by @​yoavamit in go-git/go-git#1169
• fix: allow discovery of non bare repos in fsLoader by @​jakobmoellerdev in go-git/go-git#1170
• build: bump golang.org/x/sys from 0.24.0 to 0.25.0 by @​dependabot in go-git/go-git#1178
• build: bump golang.org/x/text from 0.17.0 to 0.18.0 by @​dependabot in go-git/go-git#1179
• build: bump golang.org/x/net from 0.28.0 to 0.29.0 by @​dependabot in go-git/go-git#1184

... (truncated)

Commits

• 94bd4af Merge pull request #1261 from BeChris/issue680
• 8b7f5ba Merge pull request #1262 from go-git/dependabot/go_modules/github.com/elazarl...
• 41d80a0 build: bump github.com/elazarl/goproxy
• 4998140 git: worktree_commit, sanitize author and commiter name and email before crea...
• 9049625 Merge pull request #1260 from go-git/dependabot/github_actions/github/codeql-...
• dae48b4 build: bump github/codeql-action from 3.27.9 to 3.28.0
• 7d6fbc2 Merge pull request #1220 from BeChris/accept_uppercase_hexa_in_pktline_length
• 62a77b7 plumbing: Fix invalid reference name error while cloning branches containing ...
• 5e11196 plumbing: format/pktline, accept upercase hexadecimal value as pktline length...
• 65f5e1a Merge pull request #1256 from go-git/dependabot/go_modules/golang-org-232a611e2d
• Additional commits viewable in compare view

Updates github.com/labstack/echo/v4 from 4.12.0 to 4.13.3

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.13.3

Security

• Update golang.org/x/net dependency GO-2024-3333 in labstack/echo#2722

Full Changelog: labstack/echo@v4.13.2...v4.13.3

v4.13.2 - update dependencies

Security

• Update dependencies (dependabot reports https://pkg.go.dev/vuln/GO-2024-3321 by @​aldas in labstack/echo#2721

Full Changelog: labstack/echo@v4.13.1...v4.13.2

v4.13.1

Fixes

• Fix BindBody ignoring Transfer-Encoding: chunked requests (introduced in #2710) by @​178inaba in labstack/echo#2717

Full Changelog: labstack/echo@v4.13.0...v4.13.1

JWT Middleware Removed

BREAKING CHANGE: JWT Middleware Removed from Core

The JWT middleware has been removed from Echo core due to another security vulnerability, CVE-2024-51744. For more details, refer to issue #2699. A drop-in replacement is available in the labstack/echo-jwt repository or see alternative implementation

Important: Direct assignments like token := c.Get("user").(*jwt.Token) will now cause a panic due to an invalid cast. Update your code accordingly. Replace the current imports from "github.com/golang-jwt/jwt" in your handlers to the new middleware version using "github.com/golang-jwt/jwt/v5".

Background:

The version of golang-jwt/jwt (v3.2.2) previously used in Echo core has been in an unmaintained state for some time. This is not the first vulnerability affecting this library; earlier issues were addressed in [PR #1946](labstack/echo#1946). JWT middleware was marked as deprecated in Echo core as of v4.10.0 on 2022-12-27. If you did not notice that, consider leveraging tools like Staticcheck to catch such deprecations earlier in you dev/CI flow. For bonus points - check out gosec.

We sincerely apologize for any inconvenience caused by this change. While we strive to maintain backward compatibility within Echo core, recurring security issues with third-party dependencies have forced this decision.

Enhancements

• remove jwt middleware by @​stevenwhitehead in labstack/echo#2701
• optimization: struct alignment by @​behnambm in labstack/echo#2636
• bind: Maintain backwards compatibility for map[string]interface{} binding by @​thesaltree in labstack/echo#2656
• Add Go 1.23 to CI by @​aldas in labstack/echo#2675
• improve MultipartForm test by @​martinyonatann in labstack/echo#2682
• bind : add support of multipart multi files by @​martinyonatann in labstack/echo#2684
• Add TemplateRenderer struct to ease creating renderers for html/template and text/template packages. by @​aldas in labstack/echo#2690
• Refactor TestBasicAuth to utilize table-driven test format by @​ErikOlson in labstack/echo#2688
• Remove broken header by @​aldas in labstack/echo#2705

... (truncated)

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.13.3 - 2024-12-19

Security

• Update golang.org/x/net dependency GO-2024-3333 in labstack/echo#2722

v4.13.2 - 2024-12-12

Security

• Update dependencies (dependabot reports GO-2024-3321) in labstack/echo#2721

v4.13.1 - 2024-12-11

Fixes

• Fix BindBody ignoring Transfer-Encoding: chunked requests by @​178inaba in labstack/echo#2717

v4.13.0 - 2024-12-04

BREAKING CHANGE JWT Middleware Removed from Core use labstack/echo-jwt instead

The JWT middleware has been removed from Echo core due to another security vulnerability, CVE-2024-51744. For more details, refer to issue #2699. A drop-in replacement is available in the labstack/echo-jwt repository.

Important: Direct assignments like token := c.Get("user").(*jwt.Token) will now cause a panic due to an invalid cast. Update your code accordingly. Replace the current imports from "github.com/golang-jwt/jwt" in your handlers to the new middleware version using "github.com/golang-jwt/jwt/v5".

Background:

The version of golang-jwt/jwt (v3.2.2) previously used in Echo core has been in an unmaintained state for some time. This is not the first vulnerability affecting this library; earlier issues were addressed in [PR #1946](labstack/echo#1946). JWT middleware was marked as deprecated in Echo core as of v4.10.0 on 2022-12-27. If you did not notice that, consider leveraging tools like Staticcheck to catch such deprecations earlier in you dev/CI flow. For bonus points - check out gosec.

We sincerely apologize for any inconvenience caused by this change. While we strive to maintain backward compatibility within Echo core, recurring security issues with third-party dependencies have forced this decision.

Enhancements

• remove jwt middleware by @​stevenwhitehead in labstack/echo#2701
• optimization: struct alignment by @​behnambm in labstack/echo#2636
• bind: Maintain backwards compatibility for map[string]interface{} binding by @​thesaltree in labstack/echo#2656
• Add Go 1.23 to CI by @​aldas in labstack/echo#2675
• improve MultipartForm test by @​martinyonatann in labstack/echo#2682
• bind : add support of multipart multi files by @​martinyonatann in labstack/echo#2684
• Add TemplateRenderer struct to ease creating renderers for html/template and text/template packages. by @​aldas in labstack/echo#2690
• Refactor TestBasicAuth to utilize table-driven test format by @​ErikOlson in labstack/echo#2688
• Remove broken header by @​aldas in labstack/echo#2705
• fix(bind body): content-length can be -1 by @​phamvinhdat in labstack/echo#2710

... (truncated)

Commits

• 45524e3 Update golang.org/x/net dependency [GO-2024-3333](https://pkg.go.dev/vuln/GO-...
• 692bc2a Update dependencies (dependabot reports https://pkg.go.dev/vuln/GO-2024-3321)...
• fd3f074 Changelog for v4.13.1 (#2719)
• 0368ed8 Add Conditions to Ensure Bind Succeeds with Transfer-Encoding: chunked (#2717)
• 3b01785 Changelog for 4.13.0 (#2712)
• fe26277 remove jwt middleware
• 9e73691 Shorten Github issue template and add test example
• 118c163 CORS middleware should compile allowOrigin regexp at creation.
• a973e3b add unit-test
• c4410fe fix(bind body): content-length can be -1
• Additional commits viewable in compare view

Updates github.com/moby/buildkit from 0.17.3 to 0.18.2

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.18.2

buildkit 0.18.2

Welcome to the v0.18.2 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Notable Changes

• Builtin Dockerfile frontend has been updated to v1.12.1 changelog
• Fix possible concurrent map write error #5577
• Update Runc to v1.2.3 to fix possible build error when using parallel cache mounts #5588 #5590

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.18.1

v0.18.1

Welcome to the v0.18.1 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Notable Changes

• Fix issue where builds from older versions of clients/frontends could result in missing "no-cache" behavior or original Dockerfile commands could be missing in progress output #5563

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.18.0

v0.18.0

Welcome to the v0.18.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

... (truncated)

Commits

• e4da654 Merge pull request #5601 from tonistiigi/v0.18.2-picks
• 987b409 dockerfile: fix named context replacement for child stages
• 873382b dockerfile: fix onbuild propagation for child stages
• 6614837 dockerfile: add regression test for parallel cache mounts
• 25649b3 Dockerfile: update runc binary to v1.2.3
• 36a6e05 llb: avoid concurrent map write on parallel marshal
• 4241ae2 update xx to v1.6.1
• 715418b hack: remove loong64 validation in archutil
• eb68885 Merge pull request #5564 from tonistiigi/v0.18.1-picks
• ec39add llbsolver: fix recompute test and avoid struct copy
• Additional commits viewable in compare view

Updates github.com/prometheus/common from 0.60.1 to 0.61.0

Release notes

Sourced from github.com/prometheus/common's releases.

v0.61.0

What's Changed

• Mark sigv4 deprecated by @​SuperQ in prometheus/common#715
• Provide a way to get UserAgent by @​mmorel-35 in prometheus/common#716
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#714
• Bump golang.org/x/net from 0.29.0 to 0.30.0 by @​dependabot in prometheus/common#712
• chore: enable perfsprint linter by @​mmorel-35 in prometheus/common#717
• chore: use testify instead of testing.Fatal by @​mmorel-35 in prometheus/common#718
• Bump google.golang.org/protobuf from 1.34.2 to 1.35.1 by @​dependabot in prometheus/common#711
• setup dependabot for github.com/prometheus/common/assets by @​mmorel-35 in prometheus/common#719
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#721
• Mark promlog deprecated by @​SuperQ in prometheus/common#720
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#722
• Allow custom user-agent definition by @​mmorel-35 in prometheus/common#725
• fix: values escaping bugs by @​ywwg in prometheus/common#727
• fix(promslog): always use UTC for time by @​tjhop in prometheus/common#735
• Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 in /assets by @​dependabot in prometheus/common#729
• Bump golang.org/x/oauth2 from 0.23.0 to 0.24.0 by @​dependabot in prometheus/common#730
• promslog: always lowercase log level from CLI by @​jkroepke in prometheus/common#728
• Synchronize common files from prometheus/prometheus by @​prombot in prometheus/common#726
• Bump golang.org/x/net from 0.30.0 to 0.32.0 by @​dependabot in prometheus/common#736
• Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @​dependabot in prometheus/common#731
• Bump google.golang.org/protobuf from 1.35.1 to 1.35.2 by @​dependabot in prometheus/common#732

Full Changelog: prometheus/common@v0.60.1...v0.61.0

Commits

• 7b484e9 Bump google.golang.org/protobuf from 1.35.1 to 1.35.2 (#732)
• 05e3c40 Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#731)
• a0ef737 Bump golang.org/x/net from 0.30.0 to 0.32.0 (#736)
• f99f029 Update common Prometheus files (#726)
• b88f24c promslog: always lowercase log level from CLI (#728)
• 2c3c048 Bump golang.org/x/oauth2 from 0.23.0 to 0.24.0 (#730)
• ec7291f Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 in /assets (#729)
• 145b50a fix(promslog): always use UTC for time (#735)
• 39a62f7 fix: values escaping bugs (#727)
• 7ed4523 Allow custom user-agent definition (#725)
• Additional commits viewable in compare view

Updates github.com/regclient/regclient from 0.7.2 to 0.8.0

Release notes

Sourced from github.com/regclient/regclient's releases.

v0.8.0

Release v0.8.0

Highlights

There are three headline changes in this release: slog support, external referrers, and deprecating legacy packages.

This release switches from logrus to slog. Migration methods are included to minimize the impact on existing users. Anyone parsing the logging output from regctl, regsync, and regbot will notice the format has changed.

External referrers allow referrers to be pushed and pulled from a separate repository from the subject image. This feature requires users to provide the external repository themselves since a registry has no way to communicate this to the user. An example use case of this feature are third parties, like security scanners, providing attestations of images they do not control.

Legacy packages have been disabled by default and will eventually be removed. To continue using legacy packages until their removal, you may compile with -tags legacy.

Breaking

• Breaking: Warning handlers switched from logrus to slog which will only impact those with a custom warning handler. ([PR 847][pr-847])
• Breaking: Disable legacy packages by default. ([PR 852][pr-852])

Features

• Feat: Refactor logging to use log/slog. ([PR 847][pr-847])
• Feat: Switch regbot to slog. ([PR 849][pr-849])
• Feat: Switch regctl to slog. ([PR 850][pr-850])
• Feat: Switch regsync to slog. ([PR 851][pr-851])
• Feat: Move logrus calls into files excluded by wasm. ([PR 853][pr-853])
• Feat: Allow plus in ocidir path. ([PR 856][pr-856])
• Feat: Support referrers in an external repository. ([PR 866][pr-866])
• Feat: Image mod environment variables. ([PR 867][pr-867])
• Feat: Include source in referrers response. ([PR 870][pr-870])
• Feat: Add external flag to regctl artifact put. ([PR 873][pr-873])
• Feat: Copy image with external referrers. ([PR 874][pr-874])
• Feat: Document community maintained packages. ([PR 878][pr-878])
• Feat: Support external referrers in regsync. ([PR 881][pr-881])
• Feat: Support incomplete subject descriptor. ([PR 885][pr-885])

Fixes

• Fix: Inject release notes by file. ([PR 854][pr-854])
• Fix: Platform test for darwin/macos should not add variant. ([PR 879][pr-879])
• Fix: Handle repeated digest in copy with external referrers. ([PR 882][pr-882])

Chores

• Chore: Improve error message when inspecting artifacts. ([PR 862][pr-862])
• Chore: Remove unused short arg parameters. ([PR 877][pr-877])

... (truncated)

Changelog

Sourced from github.com/regclient/regclient's changelog.

Release v0.8.0

Highlights

There are three headline changes in this release: slog support, external referrers, and deprecating legacy packages.

This release switches from logrus to slog. Migration methods are included to minimize the impact on existing users. Anyone parsing the logging output from regctl, regsync, and regbot will notice the format has changed.

External referrers allow referrers to be pushed and pulled from a separate repository from the subject image. This feature requires users to provide the external repository themselves since a registry has no way to communicate this to the user. An example use case of this feature are third parties, like security scanners, providing attestations of images they do not control.

Legacy packages have been disabled by default and will eventually be removed. To continue using legacy packages until their removal, you may compile with -tags legacy.

Breaking

• Breaking: Warning handlers switched from logrus to slog which will only impact those with a custom warning handler. ([PR 847][pr-847])
• Breaking: Disable legacy packages by default. ([PR 852][pr-852])

Features

• Feat: Refactor logging to use log/slog. ([PR 847][pr-847])
• Feat: Switch regbot to slog. ([PR 849][pr-849])
• Feat: Switch regctl to slog. ([PR 850][pr-850])
• Feat: Switch regsync to slog. ([PR 851][pr-851])
• Feat: Move logrus calls into files excluded by wasm. ([PR 853][pr-853])
• Feat: Allow plus in ocidir path. ([PR 856][pr-856])
• Feat: Support referrers in an external repository. ([PR 866][pr-866])
• Feat: Image mod environment variables. ([PR 867][pr-867])
• Feat: Include source in referrers response. ([PR 870][pr-870])
• Feat: Add external flag to regctl artifact put. ([PR 873][pr-873])
• Feat: Copy image with external referrers. ([PR 874][pr-874])
• Feat: Document community maintained packages. ([PR 878][pr-878])
• Feat: Support external referrers in regsync. ([PR 881][pr-881])
• Feat: Support incomplete subject descriptor. ([PR 885][pr-885])

Fixes

• Fix: Inject release notes by file. ([PR 854][pr-854])
• Fix: Platform test for darwin/macos should not add variant. ([PR 879][pr-879])
• Fix: Handle repeated digest in copy with external referrers. ([PR 882][pr-882])

Chores

• Chore: Improve error message when inspecting artifacts. ([PR 862][pr-862])
• Chore: Remove unused short arg parameters. ([PR 877][pr-877])

... (truncated)

Commits

• 106f460 Release v0.8.0
• e70df96 Merge for release v0.8.0
• ca88133 Merge pull request #885 from sudo-bmitch/pr-allow-referrers-without-size
• 7a2a05e Feat: Support incomplete subject descriptor
• d6a5a84 Merge pull request #882 from sudo-bmitch/pr-fix-copy-external-referrers
• c29933e Fix: Handle repeated digest in copy with external referrers
• bb5f4b7 Merge pull request #881 from sudo-bmitch/pr-referrer-external-regsync
• 851cc63 Feat: Support external referrers in regsync
• 88ac519 Merge pull request #880 from sudo-bmitch/pr-update-20241208
• ec1c51a Version bump
• Additional commits viewable in compare view

Updates github.com/traefik/traefik/v3 from 3.2.1 to 3.2.3

Release notes

Sourced from github.com/traefik/traefik/v3's releases.

v3.2.3

Documentation:

• Update reference install documentation with current chart default (#11332 by mloiseleur)

Misc:

• Merge branch v2.11 into v3.2 (#11346 by kevinpollet)
• Merge branch v2.11 into v3.2 (#11337 by kevinpollet)

v3.2.2

CVE: CVE-2024-53259 (Advisory GHSA-hxr6-2p24-hf98)

Bug fixes:

• [docker,docker/swarm] Rename traefik.docker.* labels for Docker Swarm to traefik.swarm.* (#11247 by anchal00)
• [k8s/gatewayapi] Update sigs.k8s.io/gateway-api to v1.2.1 (#11314 by kevinpollet)
• [plugins] Fix WASM settings (#11321 by juliens)
• [rules] Fix models mechanism for default rule syntax (#11300 by rtribotte)

Documentation:

• Move callout to the entrypoint page footer (#11305 by kevinpollet)
• Fix incorrect links in v3 migration sections (#11297 by kevinpollet)
• New Install Reference Documentation (#11213 by sheddy-traefik)

Changelog

Sourced from github.com/traefik/traefik/v3's changelog.

v3.2.3 (2024-12-16)

All Commits

Documentation:

• Update reference install documentation with current chart default (#11332 by mloiseleur)

Misc:

• Merge branch v2.11 into v3.2 (#11346 by kevinpollet)
• Merge branch v2.11 into v3.2 (#11337 by kevinpollet)

v2.11.16 (2024-12-16)

All Commits

Bug fixes:

• [server] Update golang.org/x dependencies (#11336 by rtribotte)

v3.2.2 (2024-12-10)

All Commits

Bug fixes:

• [docker,docker/swarm] Rename traefik.docker.* labels for Docker Swarm to traefik.swarm.* (#11247 by anchal00)
• [k8s/gatewayapi] Update sigs.k8s.io/gateway-api to v1.2.1 (#11314 by kevinpollet)
• [plugins] Fix WASM settings (#11321 by juliens)
• [rules] Fix models mechanism for default rule syntax (#11300 by rtribotte)

Documentation:

• Move callout to the entrypoint page footer (#11305 by kevinpollet)
• Fix incorrect links in v3 migration sections (#11297 by kevinpollet)
• New Install Reference Documentation (#11213 by sheddy-traefik)

v2.11.15 (2024-12-06)

All Commits

Bug fixes:

• [acme] Update go-acme/lego to v4.20.4 (#11295 by ldez)
• [http3] Update github.com/quic-go/quic-go to v0.48.2 (#11320 by kevinpollet)

Commits

• 8983e45 Prepare release v3.2.3
• ec214fa Merge branch v2.11 into v3.2
• 1c00940 Prepare release v2.11.16
• 3a3ffab Update reference install documentation with current chart default
• 33cf06b Merge branch v2.11 into v3.2
• 590ddfc Update nokogiri gem to v1.16.8
• 39d7b77 Bump Dockerfile to Alpine v3.21
• 74e0abf Update golang.org/x dependencies
• e87da0f Prepare release v3.2.2
• 8eb1279 Merge current branch v2.11 into v3.2
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.29.0 to 0.31.0

Commits

• b4f1988 ssh: make the public key cache a 1-entry FIFO cache
• 7042ebc openpgp/clearsign: just use rand.Reader in tests
• 3e90321 go.mod: update golang.org/x dependencies
• 8c4e668 x509roots/fallback: update bundle
• See full diff in compare view

Updates golang.org/x/net from 0.31.0 to 0.33.0

Commits

• dfc720d go.mod: update golang.org/x dependencies
• 8e66b04 html: use strings.EqualFold instead of lowering ourselves
• b935f7b html: avoid endless loop on error token
• 9af49ef route: remove unused sizeof* consts
• 6705db9 quic: clean up crypto streams when dropping packet protection keys
• 4ef7588 quic: handle ACK frame in packet which drops number space
• 552d8ac Revert "route: change from syscall to x/sys/unix"
• 13a7c01 Revert "route: remove unused sizeof* consts on freebsd"
• 285e1cf go.mod: update golang.org/x dependencies
• d0a1049 route: remove unused sizeof* consts on freebsd
• Additional commits viewable in compare view

Updates golang.org/x/sync from 0.9.0 to 0.10.0

Commits

• 913fb63 singleflight: fix typo in singleflight_test.go
• See full diff in compare view

Updates google.golang.org/protobuf from 1.35.2 to 1.36.1

Updates k8s.io/api from 0.31.3 to 0.32.0

Commits

• e622342 Update dependencies to v0.32.0 tag
• b0543a3 Merge remote-tracking branch 'origin/master' into release-1.32

[github-actions]

Preview (prod backend + PR dashboard) → https://989.ns-preview.trapti.tech/