This error-group was added in 89583b92b7, but
passed a context.TODO because the function didn't have a context as argument.
However, it does get the root-command passed, which holds the context, so
we can pass that.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We have tagged version v0.35.0 of golang.org/x/crypto in order to address
a security issue. Version v0.35.0 of golang.org/x/crypto fixes a vulnerability
in the golang.org/x/crypto/ssh package which could cause a denial of service.
SSH servers which implement file transfer protocols are vulnerable to a denial
of service attack from clients which complete the key exchange slowly, or not
at all, causing pending content to be read into memory, but never transmitted.
Thanks to Yuichi Watanabe for reporting this issue.
This is CVE-2025-22869 and Go issue https://go.dev/issue/71931.
full diff: https://github.com/golang/crypto/compare/v0.31.0...v0.35.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Go maintainers started to unconditionally update the minimum go version
for golang.org/x/ dependencies to go1.23, which means that we'll no longer
be able to support any version below that when updating those dependencies;
> all: upgrade go directive to at least 1.23.0 [generated]
>
> By now Go 1.24.0 has been released, and Go 1.22 is no longer supported
> per the Go Release Policy (https://go.dev/doc/devel/release#policy).
>
> For golang/go#69095.
This updates our minimum version to go1.23, as we won't be able to maintain
compatibility with older versions because of the above.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Seen failing when used elsewhere;
vendor/github.com/docker/cli/cli/command/formatter/displayutils.go:78:20: predeclared any requires go1.18 or later (-lang was set to go1.16; check go.mod)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function only needs access to the CLI's configfile; use the
config.Prider interface to be more clear on what's expected.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It was only used internally in cmd/docker and has no known external
consumers. Move it to cmd/docker and un-export it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This utility was only used internally, and has no external consumers;
move it to the "formatter" package, which is also imported in all files
using this utility.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's hard-coded to the API defaultversion, so we can use
that const directly. Ultimately, this should be something
returned by the API client configured on the CLI, not the
CLI itself.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This prevents users of the CLI that don't implement swarm-related
features from depending on the swarm API types.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use a consistent approach for producing warnings, but add a TODO for moving
this warning to the daemon, which can make a better call if it will work
or not (depending on networking mode).
This warning was originally added in [moby@afa92a9], before integration with
libnetwork, and this warning may be incorrect in many scenarios.
While updating, also removing the custom regular expression used to
detect if the IP is a loopback address, and using go's netip package
instead.
[moby@afa92a9]: afa92a9af0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This warning was originally added in [moby@3aa70c1], and moved to be printed
on both `run` and `create` in commit 7c514a31c9.
However, [moby@57f1305] (docker 19.03, API 1.40) moved such warnings to
the daemon side. The patch mentioned this issue:
> This patch will have one side-effect; docker cli's that also perform this check
> client-side will print the warning twice; this can be addressed by disabling
> the cli-side check for newer API versions, but will generate a bit of extra
> noise when using an older CLI.
The CLI does not take this into account currently, and still prints warnings
twice; even in cases where the option is not supported by the daemon, and
discarded:
On a host without OomKillDisable support:
docker create --oom-kill-disable alpine
WARNING: Disabling the OOM killer on containers without setting a '-m/--memory' limit may be dangerous.
WARNING: Your kernel does not support OomKillDisable. OomKillDisable discarded.
On a host that supports it:
docker create --oom-kill-disable alpine
WARNING: Disabling the OOM killer on containers without setting a '-m/--memory' limit may be dangerous.
WARNING: OOM killer is disabled for the container, but no memory limit is set, this can result in the system running out of resources.
This patch removes the client-side warning, leaving it to the daemon to
report if any warnings should produced (and the client to print them).
With this patch applied:
On a host without OomKillDisable support:
docker create --oom-kill-disable alpine
WARNING: Your kernel does not support OomKillDisable. OomKillDisable discarded.
On a host that supports it:
docker create --oom-kill-disable alpine
WARNING: OOM killer is disabled for the container, but no memory limit is set, this can result in the system running out of resources.
[moby@3aa70c1]: 3aa70c1948
[moby@57f1305]: 57f1305e74
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
