pkg/watch/watcher_darwin.go:96:16: Error return value of `d.stream.Start` is not checked (errcheck)
d.stream.Start()
^
pkg/prompt/prompt.go:97:12: Error return value of `fmt.Fprint` is not checked (errcheck)
fmt.Fprint(u.stdout, message)
^
pkg/prompt/prompt.go:99:12: Error return value of `fmt.Scanln` is not checked (errcheck)
fmt.Scanln(&answer)
^
cmd/formatter/logs.go:118:15: Error return value of `fmt.Fprintf` is not checked (errcheck)
fmt.Fprintf(w, "%s%s%s\n", p.prefix, timestamp, line)
^
cmd/formatter/logs.go:120:15: Error return value of `fmt.Fprintf` is not checked (errcheck)
fmt.Fprintf(w, "%s%s\n", p.prefix, line)
^
pkg/progress/json.go:67:15: Error return value of `fmt.Fprintln` is not checked (errcheck)
fmt.Fprintln(p.out, string(marshal))
^
pkg/progress/json.go:87:15: Error return value of `fmt.Fprintln` is not checked (errcheck)
fmt.Fprintln(p.out, string(marshal))
^
pkg/progress/plain.go:47:14: Error return value of `fmt.Fprintln` is not checked (errcheck)
fmt.Fprintln(p.out, prefix, e.ID, e.Text, e.StatusText)
^
pkg/progress/tty.go:162:12: Error return value of `fmt.Fprint` is not checked (errcheck)
fmt.Fprint(w.out, b.Column(0).ANSI)
^
pkg/progress/tty.go:165:12: Error return value of `fmt.Fprint` is not checked (errcheck)
fmt.Fprint(w.out, aec.Hide)
^
pkg/compose/attach.go:53:13: Error return value of `fmt.Fprintf` is not checked (errcheck)
fmt.Fprintf(s.stdout(), "Attaching to %s\n", strings.Join(names, ", "))
^
pkg/compose/compose.go:194:6: emptyStringTest: replace `len(dependencies) > 0` with `dependencies != ""` (gocritic)
if len(dependencies) > 0 {
^
pkg/compose/convergence.go:461:2: builtinShadow: shadowing of predeclared identifier: max (gocritic)
max := 0
^
pkg/compose/run.go:127:5: emptyStringTest: replace `len(opts.User) > 0` with `opts.User != ""` (gocritic)
if len(opts.User) > 0 {
^
pkg/compose/run.go:139:5: emptyStringTest: replace `len(opts.WorkingDir) > 0` with `opts.WorkingDir != ""` (gocritic)
if len(opts.WorkingDir) > 0 {
^
pkg/compose/viz.go:91:8: emptyStringTest: replace `len(portConfig.HostIP) > 0` with `portConfig.HostIP != ""` (gocritic)
if len(portConfig.HostIP) > 0 {
^
cmd/compatibility/convert.go:66:6: emptyStringTest: replace `len(arg) > 0` with `arg != ""` (gocritic)
if len(arg) > 0 && arg[0] != '-' {
^
pkg/e2e/watch_test.go:208:25: printf: non-constant format string in call to gotest.tools/v3/poll.Continue (govet)
return poll.Continue(res.Combined())
^
pkg/e2e/watch_test.go:290:25: printf: non-constant format string in call to gotest.tools/v3/poll.Continue (govet)
return poll.Continue(r.Combined())
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When Compose is watching a project/reattaching streams on container
start, it will make new API `ContainerAttach()` calls every time a
container it's watching is started. However, it only closes the stream
when the context used to start the attach is canceled.
This means that if a user has a project with multiple containers where
containers keep restarting, Compose will attach to the new containers
but never close the previous streams, causing fds to pile up and
goroutines on the engine to get stuck.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
go1.21.12 (released 2024-07-02) includes security fixes to the net/http package,
as well as bug fixes to the compiler, the go command, the runtime, and the
crypto/x509, net/http, net/netip, and os packages. See the Go 1.21.12 milestone
on our issue tracker for details:
- https://github.com/golang/go/issues?q=milestone%3AGo1.21.12+label%3ACherryPickApproved
- full diff: https://github.com/golang/go/compare/go1.21.11...go1.21.12
From the security mailing:
> Hello gophers,
>
> We have just released Go versions 1.22.5 and 1.21.12, minor point releases.
>
> These minor releases include 1 security fixes following the security policy:
>
> * net/http: denial of service due to improper 100-continue handling
>
> The net/http HTTP/1.1 client mishandled the case where a server responds
> to a request with an “Expect: 100-continue” header with a non-informational
> (200 or higher) status. This mishandling could leave a client connection
> in an invalid state, where the next request sent on the connection will fail.
>
> An attacker sending a request to a net/http/httputil.ReverseProxy proxy can
> exploit this mishandling to cause a denial of service by sending
> “Expect: 100-continue” requests which elicit a non-informational response
> from the backend. Each such request leaves the proxy with an invalid connection,
> and causes one subsequent request using that connection to fail.
>
> Thanks to Geoff Franks for reporting this issue.
>
> This is CVE-2024-24791 and Go issue https://go.dev/issue/67555.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Nicolas De Loof
Sebastiaan van Stijn
Guillaume Lours
dependabot[bot]
Nathan Baulch
Felix Fontein
Laura Brehm
jonathan-dev
Remco Kranenburg
David Karlsson
Suleiman Dibirov
Joana Hrotko
Mayank Kapur
Jan Brasna
Cody Rigney
guoguangwu