Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/docker/docker v20.10.24 -> v24.0.7 #2789

Closed
wants to merge 1 commit into from
Closed

Bump github.com/docker/docker v20.10.24 -> v24.0.7 #2789

wants to merge 1 commit into from

Conversation

6543
Copy link
Member

@6543 6543 commented Nov 9, 2023

address GHSA-jq35-85cj-fj4p

make sure the docker deamon, the agent connect to, is updated

@6543
Bump github.com/docker/docker v20.10.24 -> v24.0.7
8ea1fdd 
address GHSA-jq35-85cj-fj4p

make sure the docker deamon, the agent connect to, is updated
@6543 6543 added this to the 1.1.0 milestone Nov 9, 2023
qwerty287
qwerty287 requested changes Nov 9, 2023
View reviewed changes
Copy link
Contributor

@qwerty287 qwerty287 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is breaking as it requires a newer docker version. @woodpecker-ci/maintainers Opinions?

@6543 6543 requested a review from anbraten November 10, 2023 02:06
@lafriks
Copy link
Contributor

lafriks commented Nov 13, 2023
edited
Loading

Docker Engine 20.10 will be EOL soon (if I remember correctly 10th December) so I think we should definitely update this but probably not for 1.x release as this could break some instances 🤷🏻‍♂️ Tho I would anyway recommend them updating docker engine because of ending support for it very soon

@qwerty287
Copy link
Contributor

For current next/2.0 release this was updated already

@lafriks
Copy link
Contributor

lafriks commented Nov 13, 2023

I always prefer security over compatibility and as this would be released as v1.1.0 not v1.0.x I would say 👍🏻 for this 😉

@pat-s
Copy link
Contributor

pat-s commented Nov 13, 2023

This has been discussed among maintainers in the matrix channel and until now there was no clear conclusion on how to proceed. There are good reasons for both approaches, but the tl;dr is: it's more than "just" a security patch and would be breaking due to API incompatibility with older OSes and hence not really a clean minor/patch release.

@6543
Copy link
Member Author

6543 commented Nov 13, 2023

well @anbraten did his final veto ... so v1.x.x is now unmaintained as of now

@6543 6543 closed this Nov 13, 2023
@6543 6543 deleted the sec_fix_v1.1 branch November 13, 2023 23:08
@6543 6543 mentioned this pull request Nov 13, 2023
Merged
6543 added a commit that referenced this pull request Nov 14, 2023
@6543
mark v1.0.x as unmaintained (#2818)
4ab6cea 
#2789 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qwerty287 qwerty287 qwerty287 requested changes

@anbraten anbraten Awaiting requested review from anbraten

Assignees
No one assigned
Labels
dependencies security
Projects
None yet
Milestone
1.1.0
Development

Successfully merging this pull request may close these issues.
4 participants
@6543 @lafriks @qwerty287 @pat-s