Commit Graph

10 Commits

Author SHA1 Message Date
Aleksa Sarai 1623cde125 go: update github.com/cyphar/filepath-securejoin to v0.3.4
This includes a fix to avoid doing import "testing" in non-_test.go
code.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2024-10-09 15:13:28 +11:00
Aleksa Sarai b096459a07 vendor: update github.com/cyphar/filepath-securejoin to v0.3.3
This fixes issues we had with spurious MkdirAll failures.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2024-09-30 16:26:42 +02:00
Aleksa Sarai 066b109e99 vendor: update to github.com/cyphar/filepath-securejoin@v0.3.2
This includes a fix for the handling of S_ISGID directories.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2024-09-13 23:34:33 +10:00
Aleksa Sarai 1d308c7da4 vendor: update to github.com/cyphar/filepath-securejoin@v0.3.1
This includes the MkdirAll and OpenInRoot implementations which are
actually secure against races.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2024-09-03 23:05:59 +10:00
dependabot[bot] c7ad2749fd build(deps): bump github.com/cyphar/filepath-securejoin
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.2.3 to 0.2.4.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-07 04:30:28 +00:00
Kir Kolyshkin a0f8847e2a Drop go 1.16
Require go 1.17 from now on, since go 1.16 is no longer supported.
Drop go1.16 compatibility.

NOTE we also have to install go 1.18 from Vagrantfile, because
Fedora 35 comes with Go 1.16.x which can't be used.

Note the changes to go.mod and vendor are due to
https://go.dev/doc/go1.17#tools

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-03-22 12:22:22 -07:00
Aleksa Sarai 9f2a1f4df1 deps: update to github.com/cyphar/filepath-securejoin@v0.2.3
The main change is the switch to Go 1.13-style "%w" error wrapping,
dropping one of the github.com/pkg/errors dependencies we have left.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2021-07-04 21:24:12 +10:00
Odin Ugedal 69e8fb2a74 Add support for GO Modules
This removes vndr, and swiches to native Go Modules instead. All modules
are kept on the old version.

Keeps the vendor/ dir, so everything is backwards compatible.

Signed-off-by: Odin Ugedal <odin@ugedal.com>
2020-03-07 09:29:29 +01:00
Sebastiaan van Stijn 0fc0662338 bump cyphar/filepath-securejoin v0.2.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-09-06 01:43:42 +02:00
Vincent Demeester 594501475e Use cyphar/filepath-securejoin instead of docker pkg/symlink
runc shouldn't depend on docker and be more self-contained.
Removing github.com/pkg/symlink dep is the first step to not depend on docker anymore

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-10-31 16:53:45 +01:00