From 70a50661be719aeb82b0a7acdc3b8a5940d48924 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 May 2026 14:33:04 +0000 Subject: [PATCH] Bump github.com/docker/cli in the go-docker-dependencies group Bumps the go-docker-dependencies group with 1 update: [github.com/docker/cli](https://github.com/docker/cli). Updates `github.com/docker/cli` from 29.4.3+incompatible to 29.5.0+incompatible - [Commits](https://github.com/docker/cli/compare/v29.4.3...v29.5.0) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 29.5.0+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-docker-dependencies ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- .../docker/cli/cli/config/configfile/file.go | 131 +++++++++++------- .../cli/config/credentials/default_store.go | 17 ++- vendor/modules.txt | 2 +- 5 files changed, 96 insertions(+), 60 deletions(-) diff --git a/go.mod b/go.mod index 777a04df5a..aefdb60443 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/blang/semver v3.5.1+incompatible github.com/cpuguy83/go-md2man v1.0.10 github.com/creack/pty v1.1.24 - github.com/docker/cli v29.4.3+incompatible + github.com/docker/cli v29.5.0+incompatible github.com/docker/docker v28.5.2+incompatible github.com/fatih/color v1.19.0 github.com/go-jose/go-jose/v4 v4.1.4 diff --git a/go.sum b/go.sum index b45679d3ac..0d99a4309f 100644 --- a/go.sum +++ b/go.sum @@ -183,8 +183,8 @@ github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 h1:ge14PCmCvPjpMQM github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352/go.mod h1:SKVExuS+vpu2l9IoOc0RwqE7NYnb0JlcFHFnEJkVDzc= github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 h1:lxmTCgmHE1GUYL7P0MlNa00M67axePTq+9nBSGddR8I= github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7/go.mod h1:GvWntX9qiTlOud0WkQ6ewFm0LPy5JUR1Xo0Ngbd1w6Y= -github.com/docker/cli v29.4.3+incompatible h1:u+UliYm2J/rYrIh2FqHQg32neRG8GjbvNuwQRTzGspU= -github.com/docker/cli v29.4.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v29.5.0+incompatible h1:FPUvKJoKpeP4Njz8NrQdeUN8o247P7ndTiILtaP5/l4= +github.com/docker/cli v29.5.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM= github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.9.5 h1:EFNN8DHvaiK8zVqFA2DT6BjXE0GzfLOZ38ggPTKePkY= diff --git a/vendor/github.com/docker/cli/cli/config/configfile/file.go b/vendor/github.com/docker/cli/cli/config/configfile/file.go index 1a0e5b46ca..26e148f059 100644 --- a/vendor/github.com/docker/cli/cli/config/configfile/file.go +++ b/vendor/github.com/docker/cli/cli/config/configfile/file.go @@ -20,6 +20,34 @@ import ( "github.com/sirupsen/logrus" ) +// authConfigKey is the key used to store credentials for Docker Hub. It is +// a copy of [registry.IndexServer]. +// +// [registry.IndexServer]: https://pkg.go.dev/github.com/docker/docker@v28.5.1+incompatible/registry#IndexServer +const authConfigKey = "https://index.docker.io/v1/" + +// getAuthConfigKey returns the canonical key used to look up stored +// registry credentials for the given registry domain. +// +// For the official Docker Hub registry ("docker.io"), credentials are stored +// under the historical full index address ("https://index.docker.io/v1/"). +// +// For all other registries, the input is domainName to already be a normalized +// hostname (optionally including ":port") and is returned unchanged. +// +// This function performs key normalization only; it does not validate or parse +// the input. +// +// It is similar to [registry.GetAuthConfigKey] in the daemon. +// +// [registry.GetAuthConfigKey]: https://pkg.go.dev/github.com/docker/docker@v28.5.1+incompatible/registry#GetAuthConfigKey +func getAuthConfigKey(domainName string) string { + if domainName == "docker.io" || domainName == "index.docker.io" { + return authConfigKey + } + return domainName +} + // ConfigFile ~/.docker/config.json file info type ConfigFile struct { AuthConfigs map[string]types.AuthConfig `json:"auths"` @@ -96,12 +124,12 @@ func New(fn string) *ConfigFile { // LoadFromReader reads the configuration data given and sets up the auth config // information with given directory and populates the receiver object -func (configFile *ConfigFile) LoadFromReader(configData io.Reader) error { - if err := json.NewDecoder(configData).Decode(configFile); err != nil && !errors.Is(err, io.EOF) { +func (c *ConfigFile) LoadFromReader(configData io.Reader) error { + if err := json.NewDecoder(configData).Decode(c); err != nil && !errors.Is(err, io.EOF) { return err } var err error - for addr, ac := range configFile.AuthConfigs { + for addr, ac := range c.AuthConfigs { if ac.Auth != "" { ac.Username, ac.Password, err = decodeAuth(ac.Auth) if err != nil { @@ -110,33 +138,33 @@ func (configFile *ConfigFile) LoadFromReader(configData io.Reader) error { } ac.Auth = "" ac.ServerAddress = addr - configFile.AuthConfigs[addr] = ac + c.AuthConfigs[addr] = ac } return nil } // ContainsAuth returns whether there is authentication configured // in this file or not. -func (configFile *ConfigFile) ContainsAuth() bool { - return configFile.CredentialsStore != "" || - len(configFile.CredentialHelpers) > 0 || - len(configFile.AuthConfigs) > 0 +func (c *ConfigFile) ContainsAuth() bool { + return c.CredentialsStore != "" || + len(c.CredentialHelpers) > 0 || + len(c.AuthConfigs) > 0 } // GetAuthConfigs returns the mapping of repo to auth configuration -func (configFile *ConfigFile) GetAuthConfigs() map[string]types.AuthConfig { - if configFile.AuthConfigs == nil { - configFile.AuthConfigs = make(map[string]types.AuthConfig) +func (c *ConfigFile) GetAuthConfigs() map[string]types.AuthConfig { + if c.AuthConfigs == nil { + c.AuthConfigs = make(map[string]types.AuthConfig) } - return configFile.AuthConfigs + return c.AuthConfigs } // SaveToWriter encodes and writes out all the authorization information to // the given writer -func (configFile *ConfigFile) SaveToWriter(writer io.Writer) error { +func (c *ConfigFile) SaveToWriter(writer io.Writer) error { // Encode sensitive data into a new/temp struct - tmpAuthConfigs := make(map[string]types.AuthConfig, len(configFile.AuthConfigs)) - for k, authConfig := range configFile.AuthConfigs { + tmpAuthConfigs := make(map[string]types.AuthConfig, len(c.AuthConfigs)) + for k, authConfig := range c.AuthConfigs { authCopy := authConfig // encode and save the authstring, while blanking out the original fields authCopy.Auth = encodeAuth(&authCopy) @@ -146,18 +174,18 @@ func (configFile *ConfigFile) SaveToWriter(writer io.Writer) error { tmpAuthConfigs[k] = authCopy } - saveAuthConfigs := configFile.AuthConfigs - configFile.AuthConfigs = tmpAuthConfigs - defer func() { configFile.AuthConfigs = saveAuthConfigs }() + saveAuthConfigs := c.AuthConfigs + c.AuthConfigs = tmpAuthConfigs + defer func() { c.AuthConfigs = saveAuthConfigs }() // User-Agent header is automatically set, and should not be stored in the configuration - for v := range configFile.HTTPHeaders { + for v := range c.HTTPHeaders { if strings.EqualFold(v, "User-Agent") { - delete(configFile.HTTPHeaders, v) + delete(c.HTTPHeaders, v) } } - data, err := json.MarshalIndent(configFile, "", "\t") + data, err := json.MarshalIndent(c, "", "\t") if err != nil { return err } @@ -166,16 +194,16 @@ func (configFile *ConfigFile) SaveToWriter(writer io.Writer) error { } // Save encodes and writes out all the authorization information -func (configFile *ConfigFile) Save() (retErr error) { - if configFile.Filename == "" { +func (c *ConfigFile) Save() (retErr error) { + if c.Filename == "" { return errors.New("can't save config with empty filename") } - dir := filepath.Dir(configFile.Filename) + dir := filepath.Dir(c.Filename) if err := os.MkdirAll(dir, 0o700); err != nil { return err } - temp, err := os.CreateTemp(dir, filepath.Base(configFile.Filename)) + temp, err := os.CreateTemp(dir, filepath.Base(c.Filename)) if err != nil { return err } @@ -189,7 +217,7 @@ func (configFile *ConfigFile) Save() (retErr error) { } }() - err = configFile.SaveToWriter(temp) + err = c.SaveToWriter(temp) if err != nil { return err } @@ -199,7 +227,7 @@ func (configFile *ConfigFile) Save() (retErr error) { } // Handle situation where the configfile is a symlink, and allow for dangling symlinks - cfgFile := configFile.Filename + cfgFile := c.Filename if f, err := filepath.EvalSymlinks(cfgFile); err == nil { cfgFile = f } else if os.IsNotExist(err) { @@ -217,16 +245,16 @@ func (configFile *ConfigFile) Save() (retErr error) { // ParseProxyConfig computes proxy configuration by retrieving the config for the provided host and // then checking this against any environment variables provided to the container -func (configFile *ConfigFile) ParseProxyConfig(host string, runOpts map[string]*string) map[string]*string { +func (c *ConfigFile) ParseProxyConfig(host string, runOpts map[string]*string) map[string]*string { var cfgKey string - if _, ok := configFile.Proxies[host]; !ok { + if _, ok := c.Proxies[host]; !ok { cfgKey = "default" } else { cfgKey = host } - config := configFile.Proxies[cfgKey] + config := c.Proxies[cfgKey] permitted := map[string]*string{ "HTTP_PROXY": &config.HTTPProxy, "HTTPS_PROXY": &config.HTTPSProxy, @@ -290,11 +318,11 @@ func decodeAuth(authStr string) (string, string, error) { // GetCredentialsStore returns a new credentials store from the settings in the // configuration file -func (configFile *ConfigFile) GetCredentialsStore(registryHostname string) credentials.Store { - store := credentials.NewFileStore(configFile) +func (c *ConfigFile) GetCredentialsStore(registryHostname string) credentials.Store { + store := credentials.NewFileStore(c) - if helper := getConfiguredCredentialStore(configFile, registryHostname); helper != "" { - store = newNativeStore(configFile, helper) + if helper := getConfiguredCredentialStore(c, getAuthConfigKey(registryHostname)); helper != "" { + store = newNativeStore(c, helper) } envConfig := os.Getenv(DockerEnvConfigKey) @@ -357,8 +385,9 @@ var newNativeStore = func(configFile *ConfigFile, helperSuffix string) credentia } // GetAuthConfig for a repository from the credential store -func (configFile *ConfigFile) GetAuthConfig(registryHostname string) (types.AuthConfig, error) { - return configFile.GetCredentialsStore(registryHostname).Get(registryHostname) +func (c *ConfigFile) GetAuthConfig(registryHostname string) (types.AuthConfig, error) { + acKey := getAuthConfigKey(registryHostname) + return c.GetCredentialsStore(acKey).Get(acKey) } // getConfiguredCredentialStore returns the credential helper configured for the @@ -375,13 +404,13 @@ func getConfiguredCredentialStore(c *ConfigFile, registryHostname string) string // GetAllCredentials returns all of the credentials stored in all of the // configured credential stores. -func (configFile *ConfigFile) GetAllCredentials() (map[string]types.AuthConfig, error) { +func (c *ConfigFile) GetAllCredentials() (map[string]types.AuthConfig, error) { auths := make(map[string]types.AuthConfig) addAll := func(from map[string]types.AuthConfig) { maps.Copy(auths, from) } - defaultStore := configFile.GetCredentialsStore("") + defaultStore := c.GetCredentialsStore("") newAuths, err := defaultStore.GetAll() if err != nil { return nil, err @@ -389,8 +418,8 @@ func (configFile *ConfigFile) GetAllCredentials() (map[string]types.AuthConfig, addAll(newAuths) // Auth configs from a registry-specific helper should override those from the default store. - for registryHostname := range configFile.CredentialHelpers { - newAuth, err := configFile.GetAuthConfig(registryHostname) + for registryHostname := range c.CredentialHelpers { + newAuth, err := c.GetAuthConfig(registryHostname) if err != nil { // TODO(thaJeztah): use context-logger, so that this output can be suppressed (in tests). logrus.WithError(err).Warnf("Failed to get credentials for registry: %s", registryHostname) @@ -402,16 +431,16 @@ func (configFile *ConfigFile) GetAllCredentials() (map[string]types.AuthConfig, } // GetFilename returns the file name that this config file is based on. -func (configFile *ConfigFile) GetFilename() string { - return configFile.Filename +func (c *ConfigFile) GetFilename() string { + return c.Filename } // PluginConfig retrieves the requested option for the given plugin. -func (configFile *ConfigFile) PluginConfig(pluginname, option string) (string, bool) { - if configFile.Plugins == nil { +func (c *ConfigFile) PluginConfig(pluginname, option string) (string, bool) { + if c.Plugins == nil { return "", false } - pluginConfig, ok := configFile.Plugins[pluginname] + pluginConfig, ok := c.Plugins[pluginname] if !ok { return "", false } @@ -423,14 +452,14 @@ func (configFile *ConfigFile) PluginConfig(pluginname, option string) (string, b // plugin. Passing a value of "" will remove the option. If removing // the final config item for a given plugin then also cleans up the // overall plugin entry. -func (configFile *ConfigFile) SetPluginConfig(pluginname, option, value string) { - if configFile.Plugins == nil { - configFile.Plugins = make(map[string]map[string]string) +func (c *ConfigFile) SetPluginConfig(pluginname, option, value string) { + if c.Plugins == nil { + c.Plugins = make(map[string]map[string]string) } - pluginConfig, ok := configFile.Plugins[pluginname] + pluginConfig, ok := c.Plugins[pluginname] if !ok { pluginConfig = make(map[string]string) - configFile.Plugins[pluginname] = pluginConfig + c.Plugins[pluginname] = pluginConfig } if value != "" { pluginConfig[option] = value @@ -438,6 +467,6 @@ func (configFile *ConfigFile) SetPluginConfig(pluginname, option, value string) delete(pluginConfig, option) } if len(pluginConfig) == 0 { - delete(configFile.Plugins, pluginname) + delete(c.Plugins, pluginname) } } diff --git a/vendor/github.com/docker/cli/cli/config/credentials/default_store.go b/vendor/github.com/docker/cli/cli/config/credentials/default_store.go index a36afc41f4..35b9ae4f53 100644 --- a/vendor/github.com/docker/cli/cli/config/credentials/default_store.go +++ b/vendor/github.com/docker/cli/cli/config/credentials/default_store.go @@ -2,12 +2,19 @@ package credentials import "os/exec" -// DetectDefaultStore return the default credentials store for the platform if -// no user-defined store is passed, and the store executable is available. -func DetectDefaultStore(store string) string { - if store != "" { +// DetectDefaultStore returns the credentials store to use if no user-defined +// custom helper is passed. +// +// Some platforms define a preferred helper, in which case it attempts to look +// up the helper binary before falling back to the platform's default. +// +// If no user-defined helper is passed, and no helper is found, it returns an +// empty string, which means credentials are stored unencrypted in the CLI's +// config-file without the use of a credentials store. +func DetectDefaultStore(customStore string) string { + if customStore != "" { // use user-defined - return store + return customStore } platformDefault := defaultCredentialsStore() diff --git a/vendor/modules.txt b/vendor/modules.txt index 6f7e7dba3c..1131c16455 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -406,7 +406,7 @@ github.com/digitorus/pkcs7 # github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 ## explicit; go 1.16 github.com/digitorus/timestamp -# github.com/docker/cli v29.4.3+incompatible +# github.com/docker/cli v29.5.0+incompatible ## explicit github.com/docker/cli/cli/config github.com/docker/cli/cli/config/configfile