Woodpecker is a community fork of the Drone CI system.
Find a file
renovate[bot] 6ffb3b1bd6
fix(deps): update module github.com/moby/moby to v24.0.9+incompatible [security] (#3323)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [github.com/moby/moby](https://togithub.com/moby/moby) |
`v24.0.8+incompatible` -> `v24.0.9+incompatible` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fmoby%2fmoby/v24.0.9+incompatible?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fmoby%2fmoby/v24.0.9+incompatible?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fmoby%2fmoby/v24.0.8+incompatible/v24.0.9+incompatible?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fmoby%2fmoby/v24.0.8+incompatible/v24.0.9+incompatible?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2024-24557](https://togithub.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc)

The classic builder cache system is prone to cache poisoning if the
image is built `FROM scratch`.
Also, changes to some instructions (most important being `HEALTHCHECK`
and `ONBUILD`) would not cause a cache miss.

An attacker with the knowledge of the Dockerfile someone is using could
poison their cache by making them pull a specially crafted image that
would be considered as a valid cache candidate for some build steps.

For example, an attacker could create an image that is considered as a
valid cache candidate for:
```
FROM scratch
MAINTAINER Pawel
```

when in fact the malicious image used as a cache would be an image built
from a different Dockerfile.

In the second case, the attacker could for example substitute a
different `HEALTCHECK` command.

### Impact

23.0+ users are only affected if they explicitly opted out of Buildkit
(`DOCKER_BUILDKIT=0` environment variable) or are using the `/build` API
endpoint (which uses the classic builder by default).

All users on versions older than 23.0 could be impacted. An example
could be a CI with a shared cache, or just a regular Docker user pulling
a malicious image due to misspelling/typosquatting.

Image build API endpoint (`/build`) and `ImageBuild` function from
`github.com/docker/docker/client` is also affected as it the uses
classic builder by default.

### Patches

Patches are included in Moby releases:

- v25.0.2
- v24.0.9

### Workarounds

- Use `--no-cache` or use Buildkit if possible (`DOCKER_BUILDKIT=1`,
it's default on 23.0+ assuming that the buildx plugin is installed).
- Use `Version = types.BuilderBuildKit` or `NoCache = true` in
`ImageBuildOptions` for `ImageBuild` call.

---

### Release Notes

<details>
<summary>moby/moby (github.com/moby/moby)</summary>

###
[`v24.0.9+incompatible`](https://togithub.com/moby/moby/compare/v24.0.8...v24.0.9)

[Compare
Source](https://togithub.com/moby/moby/compare/v24.0.8...v24.0.9)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - "before 4am"
(UTC).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/woodpecker-ci/woodpecker).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2024-02-04 07:53:53 +01:00
.github Fix/improve issue templates (#3232) 2024-01-20 18:29:19 +01:00
.vscode Add spellcheck config (#3018) 2024-01-27 21:15:10 +01:00
.woodpecker chore(deps): update docker.io/woodpeckerci/plugin-docker-buildx docker tag to v3.0.1 (#3324) 2024-02-04 07:30:43 +01:00
agent Clean up models (#3228) 2024-01-22 07:56:18 +01:00
cli Add release event trigger (#3226) 2024-01-30 17:39:00 +01:00
cmd Add release event trigger (#3226) 2024-01-30 17:39:00 +01:00
contrib/woodpecker-test-repo/.woodpecker Cleanups + prefer .yaml (#3069) 2024-01-11 18:43:54 +01:00
docker Fix build output paths (#3065) 2023-12-29 20:30:20 +01:00
docs Add 2.3 docs (#3306) 2024-01-31 19:47:52 +01:00
nfpm build: fix nfpm path for server binary (#3246) 2024-01-21 23:08:53 +01:00
pipeline Add release event trigger (#3226) 2024-01-30 17:39:00 +01:00
server Remove accidentally added file (#3304) 2024-01-31 18:38:39 +01:00
shared Lowercase all log strings (#3173) 2024-01-11 19:17:07 +01:00
version Add spellcheck config (#3018) 2024-01-27 21:15:10 +01:00
web Translated using Weblate (French) 2024-02-02 18:57:28 +00:00
woodpecker-go Add release event trigger (#3226) 2024-01-30 17:39:00 +01:00
.cspell.json Add spellcheck config (#3018) 2024-01-27 21:15:10 +01:00
.ecrc Add spellcheck config (#3018) 2024-01-27 21:15:10 +01:00
.editorconfig Use editorconfig-checker (#982) 2022-06-17 12:03:34 +02:00
.gitattributes Fix "check_swagger" step (#2024) 2023-07-20 22:12:32 +02:00
.gitignore Use dag in ci config (#3010) 2023-12-28 16:39:14 +01:00
.gitpod.yml Fix Gitpod: Gitea auth token creation (#3299) 2024-01-30 18:39:59 +01:00
.golangci.yaml Replace goimports with gci (#3202) 2024-01-14 18:22:06 +01:00
.hadolint.yaml Cleanups + prefer .yaml (#3069) 2024-01-11 18:43:54 +01:00
.markdownlint.yaml Add spellcheck config (#3018) 2024-01-27 21:15:10 +01:00
.pre-commit-config.yaml Add spellcheck config (#3018) 2024-01-27 21:15:10 +01:00
.prettierignore Do not run prettier with pre-commit (#3196) 2024-01-14 21:14:00 +01:00
.prettierrc.json Remove old files (#3077) 2023-12-30 15:10:31 +01:00
.yamllint.yaml Add spellcheck config (#3018) 2024-01-27 21:15:10 +01:00
CHANGELOG.md 🎉 Release 2.3.0 (#3249) 2024-01-31 17:41:26 +01:00
docker-compose.example.yaml Cleanups + prefer .yaml (#3069) 2024-01-11 18:43:54 +01:00
docker-compose.gitpod.yaml Add spellcheck config (#3018) 2024-01-27 21:15:10 +01:00
go.mod fix(deps): update module github.com/moby/moby to v24.0.9+incompatible [security] (#3323) 2024-02-04 07:53:53 +01:00
go.sum fix(deps): update module github.com/moby/moby to v24.0.9+incompatible [security] (#3323) 2024-02-04 07:53:53 +01:00
LICENSE Check for correct license header (#2137) 2023-08-10 11:06:00 +02:00
Makefile Update UI building in Makefile (#3250) 2024-01-22 09:10:28 +02:00
README.md Add spellcheck config (#3018) 2024-01-27 21:15:10 +01:00
release-config.ts Add release helper (#1976) 2023-09-07 17:17:17 +02:00

Woodpecker

Woodpecker


Build Status Code coverage Translation status Discord chat Matrix space Go Report Card go reference GitHub release Docker pulls License: Apache-2.0 OpenSSF best practices pre-commit.ci


Woodpecker is a simple yet powerful CI/CD engine with great extensibility.

woodpecker

🫶 Support

Please consider donating and become a backer. 🙏 [Become a backer]

Open Collective backers

📖 Documentation

https://woodpecker-ci.org/

Contribute

See Contributing Guide

Open in Gitpod

📣 Translate

We use an own Weblate instance at translate.woodpecker-ci.org.

Translation status

👋 Who uses Woodpecker?

Woodpecker is used by itself multiple well-known companies, organizations like Codeberg, hobbyist and many others.

Leave a comment if you're using it as well.

Also consider using the topic WoodpeckerCI in your repository, so others can learn from your config and use the hashtag #WoodpeckerCI when talking about the project on social media!

Here are some places where people mention Woodpecker:

Stars over time

Stargazers over time

License

Woodpecker is Apache 2.0 licensed with the source files in this repository having a header indicating which license they are under and what copyrights apply.

Files under the docs/ folder are licensed under Creative Commons Attribution-ShareAlike 4.0 International Public License.