source/compose
1
0
Fork 0
mirror of https://github.com/docker/compose.git synced 2026-02-09 01:59:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
5,630 Commits 22 Branches 294 Tags
main
Commit Graph

839 Commits

Author SHA1 Message Date
hiroto.toyoda
06e1287483 fix: update github.com/moby/term to indirect dependency 
Signed-off-by: hiroto.toyoda <hiroto.toyoda@dena.com>
 2026-01-19 17:46:55 +01:00
Nicolas De Loof
27bf40357a Bump compose to v2.10.1 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2026-01-19 16:46:17 +01:00
Sebastiaan van Stijn
0a07df0e5b build(deps): bump github.com/sirupsen/logrus v1.9.4 
full diff: https://github.com/sirupsen/logrus/compare/v1.9.3...v1.9.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-01-15 19:45:49 +01:00
dependabot[bot]
f17d0dfc61 build(deps): bump github.com/go-viper/mapstructure/v2 
Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/go-viper/mapstructure/releases)
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-viper/mapstructure/compare/v2.4.0...v2.5.0)

---
updated-dependencies:
- dependency-name: github.com/go-viper/mapstructure/v2
  dependency-version: 2.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-13 10:21:23 +01:00
dependabot[bot]
ef14cfcfea build(deps): bump google.golang.org/grpc from 1.77.0 to 1.78.0 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.77.0 to 1.78.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.77.0...v1.78.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.78.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-12 17:50:14 +01:00
dependabot[bot]
a2a5c86f53 build(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.39.0 to 0.40.0.
- [Commits](https://github.com/golang/sys/compare/v0.39.0...v0.40.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-09 10:22:48 +01:00
Sebastiaan van Stijn
98e82127b3 build(deps): bump github.com/containerd/containerd/v2 to v2.2.1 
The pull request that was needed has been released now as part of v2.2.1;
full diff: https://github.com/containerd/containerd/compare/efd86f2b0bc2...v2.2.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-01-08 11:33:06 +01:00
Sebastiaan van Stijn
03e19e4a84 go.mod: remove exclude rules 
Commit 640c7deae0 added these exclude
rules as a temporary workaround until these transitive dependency
versions would be gone;

> downgrade go-difflib and go-spew to tagged releases
>
> These dependencies were updated to "master" in some modules we depend on,
> but have no code-changes since their last release. Unfortunately, this also
> causes a ripple effect, forcing all users of the containerd module to also
> update these dependencies to an unrelease / un-tagged version.
>
> Both these dependencies will unlikely do a new release in the near future,
> so exclude these versions so that we can downgrade to the current release.

Kubernetes, and other dependencies have reverted those bumps, so these
exclude rules are no longer needed.

This reverts commit 640c7deae0.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-01-08 07:07:57 +01:00
Sebastiaan van Stijn
b2c17ff118 build(deps): bump github.com/klauspost/compress to v1.18.2 
Fixes a regression in v1.18.1 that resulted in invalid flate/zip/gzip encoding.
The v1.18.1 tag has been retracted.

full diff: https://github.com/klauspost/compress/compare/v1.18.1...v1.18.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-01-07 14:03:12 +01:00
dependabot[bot]
232197d364 build(deps): bump github.com/moby/buildkit from 0.26.2 to 0.26.3 
Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.26.2 to 0.26.3.
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](https://github.com/moby/buildkit/compare/v0.26.2...v0.26.3)

---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
  dependency-version: 0.26.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-17 10:16:54 +01:00
dependabot[bot]
81ba889bee build(deps): bump tags.cncf.io/container-device-interface 
Bumps [tags.cncf.io/container-device-interface](https://github.com/cncf-tags/container-device-interface) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/cncf-tags/container-device-interface/releases)
- [Changelog](https://github.com/cncf-tags/container-device-interface/blob/main/RELEASE.md)
- [Commits](https://github.com/cncf-tags/container-device-interface/compare/v1.0.1...v1.1.0)

---
updated-dependencies:
- dependency-name: tags.cncf.io/container-device-interface
  dependency-version: 1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-16 09:34:43 +01:00
Nicolas De Loof
1297f97aef prefer aec library over raw ANSI sequences 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2025-12-15 16:36:57 +01:00
dependabot[bot]
4f419e5098 build(deps): bump golang.org/x/sync from 0.18.0 to 0.19.0 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.18.0 to 0.19.0.
- [Commits](https://github.com/golang/sync/compare/v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-version: 0.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-11 17:13:15 +01:00
dependabot[bot]
ac211e6e51 build(deps): bump github.com/docker/cli-docs-tool from 0.10.0 to 0.11.0 
Bumps [github.com/docker/cli-docs-tool](https://github.com/docker/cli-docs-tool) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/docker/cli-docs-tool/releases)
- [Commits](https://github.com/docker/cli-docs-tool/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: github.com/docker/cli-docs-tool
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-10 10:14:31 +01:00
Austin Vazquez
778a627b8e Set Go min version to absolute minimum version required 
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
 2025-12-09 20:33:00 +01:00
dependabot[bot]
3e206fdcc6 build(deps): bump golang.org/x/sys from 0.38.0 to 0.39.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.38.0 to 0.39.0.
- [Commits](https://github.com/golang/sys/compare/v0.38.0...v0.39.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-09 16:18:09 +01:00
Austin Vazquez
08de90c267 bump golang 1.24.11 
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
 2025-12-03 19:30:45 +01:00
Nicolas De Loof
72f4d655ef Bump compose go to v2.10.0 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2025-12-01 17:19:40 +01:00
Sebastiaan van Stijn
6ee7146354 build(deps): bump golang.org/x/crypto v0.45.0 
full diff: https://github.com/golang/crypto/compare/v0.44.0...v0.45.0

Hello gophers,

We have tagged version v0.45.0 of golang.org/x/crypto in order to address two
security issues.

This version fixes a vulnerability in the golang.org/x/crypto/ssh package and a
vulnerability in the golang.org/x/crypto/ssh/agent package which could cause
programs to consume unbounded memory or panic respectively.

SSH servers parsing GSSAPI authentication requests don't validate the number of
mechanisms specified in the request, allowing an attacker to cause unbounded
memory consumption.

Thanks to Jakub Ciolek for reporting this issue.

This is CVE-2025-58181 and Go issue https://go.dev/issue/76363.

SSH Agent servers do not validate the size of messages when processing new
identity requests, which may cause the program to panic if the message is
malformed due to an out of bounds read.

Thanks to Jakub Ciolek for reporting this issue.

This is CVE-2025-47914 and Go issue https://go.dev/issue/76364.

Cheers, Go Security team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-28 15:44:55 +01:00
dependabot[bot]
f28503426c build(deps): bump github.com/hashicorp/go-version from 1.7.0 to 1.8.0 
Bumps [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/hashicorp/go-version/releases)
- [Changelog](https://github.com/hashicorp/go-version/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/go-version/compare/v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-version
  dependency-version: 1.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-28 10:13:47 +01:00
Nicolas De Loof
fa832d72d7 Added support for build.no_cache_filter 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2025-11-26 09:37:04 +01:00
Nicolas De Loof
68bb7a71ba bump dependencies 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2025-11-24 17:26:40 +00:00
Sebastiaan van Stijn
3052934624 build(deps): bump github.com/docker/buildx from v0.29.1 to v0.30.0 
full diff: https://github.com/docker/buildx/compare/v0.29.1...v0.30.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-16 14:55:26 +01:00
Sebastiaan van Stijn
428abab16a build(deps): bump github.com/moby/buildkit from v0.25.2 to v0.26.0 
full diff: https://github.com/moby/buildkit/compare/v0.25.2...v0.26.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-16 14:55:26 +01:00
Sebastiaan van Stijn
755618e707 build(deps): bump go.opentelemetry.io/otel v1.38.0, go.opentelemetry.io/contrib v0.63.0 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-11-16 14:55:26 +01:00
Nicolas De Loof
2b4543935c next release will be major version v5.x 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2025-11-13 09:32:43 +01:00
dependabot[bot]
efd7424da7 build(deps): bump golang.org/x/sync from 0.17.0 to 0.18.0 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/sync/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-version: 0.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 11:09:20 +01:00
dependabot[bot]
02109c8d33 build(deps): bump golang.org/x/sys from 0.37.0 to 0.38.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.37.0 to 0.38.0.
- [Commits](https://github.com/golang/sys/compare/v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 10:23:37 +01:00
dependabot[bot]
8137b2bce8 build(deps): bump github.com/docker/cli 
Bumps [github.com/docker/cli](https://github.com/docker/cli) from 28.5.1+incompatible to 28.5.2+incompatible.
- [Commits](https://github.com/docker/cli/compare/v28.5.1...v28.5.2)

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-version: 28.5.2+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-06 10:27:37 +01:00
dependabot[bot]
4e3372b473 build(deps): bump github.com/containerd/containerd/v2 
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) from 2.1.4 to 2.2.0.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v2.1.4...v2.2.0)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-06 10:16:04 +01:00
dependabot[bot]
fef26fb372 build(deps): bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 28.5.1+incompatible to 28.5.2+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v28.5.1...v28.5.2)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-version: 28.5.2+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-06 10:15:05 +01:00
dependabot[bot]
a32e13a2b0 build(deps): bump github.com/moby/buildkit from 0.25.1 to 0.25.2 
Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.25.1 to 0.25.2.
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](https://github.com/moby/buildkit/compare/v0.25.1...v0.25.2)

---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
  dependency-version: 0.25.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-06 10:14:25 +01:00
dependabot[bot]
0c596ed3cf build(deps): bump github.com/containerd/platforms 
Bumps [github.com/containerd/platforms](https://github.com/containerd/platforms) from 1.0.0-rc.1 to 1.0.0-rc.2.
- [Release notes](https://github.com/containerd/platforms/releases)
- [Commits](https://github.com/containerd/platforms/compare/v1.0.0-rc.1...v1.0.0-rc.2)

---
updated-dependencies:
- dependency-name: github.com/containerd/platforms
  dependency-version: 1.0.0-rc.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 17:43:11 +01:00
Nicolas De Loof
af579ebd4b drop support for internal buildkit builder 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2025-11-04 11:36:40 +01:00
Nicolas De Loof
d70bb8cf5e distinguish event (short) status text and details 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2025-11-04 10:18:55 +01:00
Guillaume Lours
3eb2934eb7 bump compose-go to version v2.9.1 
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
 2025-10-30 10:12:50 +01:00
Nicolas De Loof
bf50c99193 pretend cli.Out is a containerd console.File 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2025-10-28 14:39:50 +01:00
Nicolas De Loof
7f668bd7fe Setup Compose service using functional parameters 
This commit introduces WithMaxConcurrency and WithDryRun to replace direct mutators on composeService
commands and flags are translated into a set of functional parameters which are eventually applied
as a ComposeService is created just before being actually used by a command

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2025-10-24 18:24:21 +02:00
Nicolas De Loof
27f59d7f42 Detect failure to access os.TempDir 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
 2025-10-17 09:49:44 +02:00
Guillaume Lours
147923c44c bump golang to version 1.24.9 
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
 2025-10-14 09:14:56 +02:00
Sebastiaan van Stijn
0b5fb36eb5 build(deps): bump docker/buildx v0.29.1, moby/buildkit v0.25.1 
full diff:

- https://github.com/docker/buildx/compare/v0.28.0...v0.29.1
- https://github.com/moby/buildkit/compare/v0.24.0...v0.25.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-10-13 21:21:01 +02:00
dependabot[bot]
a07f2b8ded build(deps): bump golang.org/x/sys from 0.36.0 to 0.37.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.36.0 to 0.37.0.
- [Commits](https://github.com/golang/sys/compare/v0.36.0...v0.37.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-09 11:35:31 +02:00
dependabot[bot]
f45a3ebcfd build(deps): bump github.com/docker/cli 
Bumps [github.com/docker/cli](https://github.com/docker/cli) from 28.5.0+incompatible to 28.5.1+incompatible.
- [Commits](https://github.com/docker/cli/compare/v28.5.0...v28.5.1)

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-version: 28.5.1+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-09 11:35:14 +02:00
dependabot[bot]
7fec70b6c7 build(deps): bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 28.5.0+incompatible to 28.5.1+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v28.5.0...v28.5.1)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-version: 28.5.1+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-09 11:34:52 +02:00
dependabot[bot]
d9423f6872 build(deps): bump github.com/docker/cli 
Bumps [github.com/docker/cli](https://github.com/docker/cli) from 28.5.0-rc.1+incompatible to 28.5.0+incompatible.
- [Commits](https://github.com/docker/cli/compare/v28.5.0-rc.1...v28.5.0)

---
updated-dependencies:
- dependency-name: github.com/docker/cli
  dependency-version: 28.5.0+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-03 11:32:15 +02:00
dependabot[bot]
5add90240d build(deps): bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 28.5.0-rc.1+incompatible to 28.5.0+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v28.5.0-rc.1...v28.5.0)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-version: 28.5.0+incompatible
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-03 11:32:08 +02:00
Sebastiaan van Stijn
56e0ba8080 build(deps): bump github.com/docker/docker, docker/cli v28.5.0-rc.1 
full diff:

- https://github.com/docker/cli/compare/v28.4.0...v28.5.0-rc.1
- https://github.com/docker/docker/compare/v28.4.0...v28.5.0-rc.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-09-25 16:50:44 +02:00
Sebastiaan van Stijn
ab7a6e9322 pkg/compose: remove uses of deprecated mitchellh/mapstructure module 
The github.com/mitchellh/mapstructure module was archived and is no longer
maintained. This module has moved to github.com/go-viper/mapstructure,
which updated to v2, with a minor breaking change in v2.0;

> Error is removed in favor of errors.Join (backported from Go 1.20 to
> preserve compatibility with earlier versions)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-09-24 09:21:40 +02:00
Guillaume Lours
db260938c1 bump compose-go to version v2.9.0 
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
 2025-09-19 10:13:08 +02:00
Guillaume Lours
956891af54 add support of develop.watch.initial_sync attribute 
Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com>
 2025-09-18 11:06:44 +02:00