chore: update github.com/docker/docker dependency to v28.3.3 to fix C… #9857
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Summary of Changes
Hello @menahyouyeah, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request primarily focuses on a critical security update for the Docker dependencies, bringing github.com/docker/docker and github.com/docker/cli to v28.3.3. Beyond the security fix, the changes involve a broad modernization of the codebase, including updating the Go build environment, refactoring internal YAML and interpolation logic, and a significant evolution of the internal API definitions. These updates introduce new features and deprecate older ones, reflecting a move towards more robust and secure practices. Additionally, improvements to configuration handling and SSH connection management are included.
Highlights
- Dependency Updates: The core
github.com/docker/dockerandgithub.com/docker/clidependencies have been updated tov28.3.3, addressing a critical security advisory (GHSA-4vq8-7jfc-9cvp). This update also removes previous version pinning, indicating improved compatibility. - Go Toolchain Alignment: The Go build environment has been updated, with
go:builddirectives changing fromgo1.22togo1.23across severalvendor/github.com/docker/clifiles. This aligns the project with a newer Go toolchain. - Internal Codebase Refactoring: Significant refactoring occurred in the
vendor/github.com/docker/clicodebase, particularly in YAML parsing (migrating fromyaml.v2toyaml.v3) and interpolation logic. This includes explicit error handling for type casting and streamlined recursive key conversion. - API Version Bump and Schema Evolution: The internal API definitions have been extensively updated, bumping the API version from
1.47to1.51. This includes the introduction of new fields (e.g.,imagemount type,GwPriorityfor network endpoints, detailed container stats,DeviceInfo,FirewallInfo), deprecation of older fields, and removal of various internal utility packages related to archiving and filesystem operations, suggesting a shift towards external or more modern alternatives. - Configuration and Credential Management: Changes to
vendor/github.com/docker/cli/cli/configandvendor/github.com/docker/cli/cli/configfileenhance configuration handling, including improved symlink management and support forDOCKER_AUTH_CONFIGenvironment variable for credential stores. - SSH Connection Handling: Updates to
vendor/github.com/docker/cli/cli/connhelperfiles refine SSH connection handling, specifically by usingcontext.WithoutCancelforexec.CommandContextto prevent premature termination of SSH processes and by improving error formatting.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
This pull request updates the github.com/docker/docker dependency to v28.3.3 to address the security vulnerability GHSA-4vq8-7jfc-9cvp. The changes primarily consist of updates to go.mod and go.sum, along with a large number of changes to vendored files from the updated dependency. The update removes a replace directive that was pinning an older version, which is a positive step. The changes within the vendored dependency include numerous refactorings, bug fixes, and cleanups, such as improved error handling, better handling of symlinks, and performance optimizations. The changes appear correct and beneficial. The pull request achieves its goal of updating the dependency to a secure version.
Description
chore: update github.com/docker/docker dependency to v28.3.3 to fix GHSA-4vq8-7jfc-9cvp