Skip to content

Comments

update to go1.21.12#48120

Merged
thaJeztah merged 1 commit intomoby:masterfrom
vvoland:update-go
Jul 3, 2024
Merged

update to go1.21.12#48120
thaJeztah merged 1 commit intomoby:masterfrom
vvoland:update-go

Conversation

@vvoland
Copy link
Contributor

@vvoland vvoland commented Jul 3, 2024

These minor releases include 1 security fixes following the security policy:

net/http: denial of service due to improper 100-continue handling

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Thanks to Geoff Franks for reporting this issue.

This is CVE-2024-24791 and Go issue https://go.dev/issue/67555.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.21.12

- Description for the changelog
Note: We don't use net/http/httputil.ReverseProxy so the server-side vulnerability doesn't apply.

This release updates the Go runtime to 1.21.11 which contains security fixes for [CVE-2024-24791](https://github.com/advisories/GHSA-hw49-2p59-3mhj)
Update Go runtime to 1.21.12

Signed-off-by: Paweł Gronowski [email protected]

@vvoland
update to go1.21.12
4d1d7c3 
- https://github.com/golang/go/issues?q=milestone%3AGo1.21.12+label%3ACherryPickApproved
- full diff: golang/go@go1.21.11...go1.21.12

These minor releases include 1 security fixes following the security policy:

net/http: denial of service due to improper 100-continue handling

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail.

An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.

Thanks to Geoff Franks for reporting this issue.

This is CVE-2024-24791 and Go issue https://go.dev/issue/67555.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.21.12

**- Description for the changelog**

```markdown changelog
Update Go runtime to 1.21.12
```

Signed-off-by: Paweł Gronowski <[email protected]>
@vvoland vvoland added this to the 28.0.0 milestone Jul 3, 2024
@vvoland vvoland self-assigned this Jul 3, 2024
@vvoland vvoland requested a review from tianon as a code owner July 3, 2024 08:39
thaJeztah
thaJeztah approved these changes Jul 3, 2024
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

.github/workflows/.test.yml

env:
GO_VERSION: "1.21.9"
GO_VERSION: "1.21.12"
Copy link
Member

@thaJeztah thaJeztah Jul 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah! Interesting; looks like we missed one 🙈

@thaJeztah thaJeztah merged commit 0c71dfc into moby:master Jul 3, 2024
thaJeztah
thaJeztah reviewed Jul 3, 2024
View reviewed changes
.github/workflows/.windows.yml
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
go-version: 1.21.12
Copy link
Member

@thaJeztah thaJeztah Jul 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, wait; why was this one changed from the env-var?

Copy link
Contributor Author

@vvoland vvoland Jul 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Huh, looks like I borked something. I'll open a follow up PR.

Copy link
Contributor Author

@vvoland vvoland Jul 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#48121

Copy link
Member

@thaJeztah thaJeztah Jul 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I completely missed it here, but noticed it when I rebased my "go1.23" PR 😂

This was referenced Jul 3, 2024
Merged
Merged
@vvoland vvoland mentioned this pull request Jul 3, 2024
Merged
@austinvazquez austinvazquez mentioned this pull request Jul 12, 2024
Merged
This was referenced Jul 22, 2024
Closed
Closed
Closed
Open
Merged
Closed
Open
Closed
This was referenced Jul 23, 2024
Closed
Closed
Merged
Closed
Open
Closed
Closed
Closed
Open
Merged
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Merged
Closed
Closed
Merged
Closed
Closed
Closed
Closed
Closed
Closed
joshrwolf pushed a commit to chainguard-dev/terraform-provider-imagetest that referenced this pull request Jul 23, 2024
@dependabot
chore(deps): Bump github.com/docker/docker from 27.0.3+incompatible t…
c20a70f 
…o 27.1.0+incompatible (#144)

Bumps [github.com/docker/docker](https://github.com/docker/docker) from
27.0.3+incompatible to 27.1.0+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v27.1.0</h2>
<h2>27.1.0</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A27.1.0">docker/cli,
27.1.0 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A27.1.0">moby/moby,
27.1.0 milestone</a></li>
<li>Deprecated and removed features, see <a
href="https://github.com/docker/cli/blob/v27.1.0/docs/deprecated.md">Deprecated
Features</a>.</li>
<li>Changes to the Engine API, see <a
href="https://github.com/moby/moby/blob/v27.1.0/docs/api/version-history.md">API
version history</a>.</li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>rootless: add <code>Requires=dbus.socket</code> to prevent errors
when starting the daemon on a cgroup v2 host with systemd <a
href="https://redirect.github.com/moby/moby/pull/48141">moby/moby#48141</a></li>
<li>containerd integration: <code>image tag</code> event is now properly
emitted when building images with Buildkit <a
href="https://redirect.github.com/moby/moby/pull/48182">moby/moby#48182</a></li>
<li>cli: add OOMScoreAdj to docker service create and docker stack <a
href="https://redirect.github.com/docker/cli/pull/5274">docker/cli#5274</a></li>
<li>cli: add support for <code>DOCKER_CUSTOM_HEADERS</code> env-var
(experimental) <a
href="https://redirect.github.com/docker/cli/pull/5271">docker/cli#5271</a></li>
<li>cli: containerd-integration: Fix <code>docker push</code> defaulting
the <code>--platform</code> flag to a value of
<code>DOCKER_DEFAULT_PLATFORM</code> environment variable on unsupported
API versions <a
href="https://redirect.github.com/docker/cli/pull/5248">docker/cli#5248</a></li>
<li>cli: fix: ctx cancellation on login prompt <a
href="https://redirect.github.com/docker/cli/pull/5260">docker/cli#5260</a></li>
<li>cli: fix: wait for the container to exit before closing the stream
when sending a termination request to the CLI while attached to a
container <a
href="https://redirect.github.com/docker/cli/pull/5250">docker/cli#5250</a></li>
</ul>
<h3>Deprecated</h3>
<ul>
<li>the pkg/rootless/specconv package is deprecated, an will be removed
in the next release <a
href="https://redirect.github.com/moby/moby/pull/48185">moby/moby#48185</a></li>
<li>the pkg/containerfs package is deprecated, an will be removed in the
next release <a
href="https://redirect.github.com/moby/moby/pull/48185">moby/moby#48185</a></li>
<li>the pkg/directory package is deprecated, an will be removed in the
next release <a
href="https://redirect.github.com/moby/moby/pull/48185">moby/moby#48185</a></li>
<li>api/types/system: remove deprecated Info.ExecutionDriver <a
href="https://redirect.github.com/moby/moby/pull/48184">moby/moby#48184</a></li>
</ul>
<h3>Packaging updates</h3>
<ul>
<li>Update Buildx to <a
href="https://github.com/docker/buildx/releases/tag/v0.16.1">v0.16.1</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1039">moby/docker-ce-packaging#1039</a></li>
<li>Update Compose to <a
href="https://github.com/docker/compose/releases/tag/v2.29.0">v2.29.0</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1038">moby/docker-ce-packaging#1038</a></li>
<li>Update Containerd (static binaries only) to <a
href="https://github.com/containerd/containerd/releases/tag/v1.7.20">v1.7.20</a>.
<a
href="https://redirect.github.com/moby/moby/pull/48191">moby/moby#48191</a></li>
<li>Update BuildKit to <a
href="https://github.com/moby/buildkit/releases/tag/v0.15.0">v0.15.0</a>.
<a
href="https://redirect.github.com/moby/moby/pull/48175">moby/moby#48175</a></li>
<li>Update Go runtime to 1.21.12, which contains security fixes for <a
href="https://github.com/advisories/GHSA-hw49-2p59-3mhj">CVE-2024-24791</a>
<a
href="48175://redirect.github.com/moby/moby/pull/48120">moby/moby#48120</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/moby/moby/compare/v27.0.3...v27.1.0">https://github.com/moby/moby/compare/v27.0.3...v27.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/moby/moby/commit/a21b1a2d12e2c01542cb191eb526d7bfad0641e3"><code>a21b1a2</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48196">#48196</a>
from thaJeztah/27.1_backport_vendor_containerd_1.7.20</li>
<li><a
href="https://github.com/moby/moby/commit/1bc907c97cc5b7e241802a75c44b431761dcd900"><code>1bc907c</code></a>
vendor: github.com/containerd/containerd v1.7.20</li>
<li><a
href="https://github.com/moby/moby/commit/4bb4575ffb88fcb93afb989625a9281c4f75361a"><code>4bb4575</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48191">#48191</a>
from thaJeztah/27.1_backport_update_containerd_bina...</li>
<li><a
href="https://github.com/moby/moby/commit/df7f275db657150a810764c77ccf209897717dcd"><code>df7f275</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48195">#48195</a>
from thaJeztah/27.1_backport_fix_pr_title_check</li>
<li><a
href="https://github.com/moby/moby/commit/1c0885d60dad9df0adf9b1c2a03a3672ab2e47f2"><code>1c0885d</code></a>
gha: check-pr-branch: fix branch check regression</li>
<li><a
href="https://github.com/moby/moby/commit/fb3ec9fc96b9f0c7d0d8b2df1400f485b3acc88e"><code>fb3ec9f</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48187">#48187</a>
from thaJeztah/27.1_backport_bump_buildx_compose</li>
<li><a
href="https://github.com/moby/moby/commit/ed83a9e3a153c1d96ed791a73b85a2e8891fe428"><code>ed83a9e</code></a>
update containerd binary to v1.7.20</li>
<li><a
href="https://github.com/moby/moby/commit/71b59bf442545e8d623ab4a573b8dc0b7db7e9a7"><code>71b59bf</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48178">#48178</a>
from thaJeztah/27.1_backport_relax_pr_check</li>
<li><a
href="https://github.com/moby/moby/commit/f8f926b719f7c69126079ac2e4caa034a8857b53"><code>f8f926b</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48185">#48185</a>
from thaJeztah/27.1_backport_internalize_pkg_directory</li>
<li><a
href="https://github.com/moby/moby/commit/422ef48c2f17268a6a1c94be157df198804dd5ef"><code>422ef48</code></a>
gha: check-pr-branch: verify major version only</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v27.0.3...v27.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=27.0.3+incompatible&new-version=27.1.0+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
pendo324 pushed a commit to runfinch/finch that referenced this pull request Jul 23, 2024
@dependabot
build(deps): bump github.com/docker/docker from 27.0.3+incompatible t…
942b639 
…o 27.1.0+incompatible (#1042)

Bumps [github.com/docker/docker](https://github.com/docker/docker) from
27.0.3+incompatible to 27.1.0+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v27.1.0</h2>
<h2>27.1.0</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A27.1.0">docker/cli,
27.1.0 milestone</a></li>
<li><a
href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A27.1.0">moby/moby,
27.1.0 milestone</a></li>
<li>Deprecated and removed features, see <a
href="https://github.com/docker/cli/blob/v27.1.0/docs/deprecated.md">Deprecated
Features</a>.</li>
<li>Changes to the Engine API, see <a
href="https://github.com/moby/moby/blob/v27.1.0/docs/api/version-history.md">API
version history</a>.</li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>rootless: add <code>Requires=dbus.socket</code> to prevent errors
when starting the daemon on a cgroup v2 host with systemd <a
href="https://redirect.github.com/moby/moby/pull/48141">moby/moby#48141</a></li>
<li>containerd integration: <code>image tag</code> event is now properly
emitted when building images with Buildkit <a
href="https://redirect.github.com/moby/moby/pull/48182">moby/moby#48182</a></li>
<li>cli: add OOMScoreAdj to docker service create and docker stack <a
href="https://redirect.github.com/docker/cli/pull/5274">docker/cli#5274</a></li>
<li>cli: add support for <code>DOCKER_CUSTOM_HEADERS</code> env-var
(experimental) <a
href="https://redirect.github.com/docker/cli/pull/5271">docker/cli#5271</a></li>
<li>cli: containerd-integration: Fix <code>docker push</code> defaulting
the <code>--platform</code> flag to a value of
<code>DOCKER_DEFAULT_PLATFORM</code> environment variable on unsupported
API versions <a
href="https://redirect.github.com/docker/cli/pull/5248">docker/cli#5248</a></li>
<li>cli: fix: ctx cancellation on login prompt <a
href="https://redirect.github.com/docker/cli/pull/5260">docker/cli#5260</a></li>
<li>cli: fix: wait for the container to exit before closing the stream
when sending a termination request to the CLI while attached to a
container <a
href="https://redirect.github.com/docker/cli/pull/5250">docker/cli#5250</a></li>
</ul>
<h3>Deprecated</h3>
<ul>
<li>the pkg/rootless/specconv package is deprecated, an will be removed
in the next release <a
href="https://redirect.github.com/moby/moby/pull/48185">moby/moby#48185</a></li>
<li>the pkg/containerfs package is deprecated, an will be removed in the
next release <a
href="https://redirect.github.com/moby/moby/pull/48185">moby/moby#48185</a></li>
<li>the pkg/directory package is deprecated, an will be removed in the
next release <a
href="https://redirect.github.com/moby/moby/pull/48185">moby/moby#48185</a></li>
<li>api/types/system: remove deprecated Info.ExecutionDriver <a
href="https://redirect.github.com/moby/moby/pull/48184">moby/moby#48184</a></li>
</ul>
<h3>Packaging updates</h3>
<ul>
<li>Update Buildx to <a
href="https://github.com/docker/buildx/releases/tag/v0.16.1">v0.16.1</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1039">moby/docker-ce-packaging#1039</a></li>
<li>Update Compose to <a
href="https://github.com/docker/compose/releases/tag/v2.29.0">v2.29.0</a>.
<a
href="https://redirect.github.com/docker/docker-ce-packaging/pull/1038">moby/docker-ce-packaging#1038</a></li>
<li>Update Containerd (static binaries only) to <a
href="https://github.com/containerd/containerd/releases/tag/v1.7.20">v1.7.20</a>.
<a
href="https://redirect.github.com/moby/moby/pull/48191">moby/moby#48191</a></li>
<li>Update BuildKit to <a
href="https://github.com/moby/buildkit/releases/tag/v0.15.0">v0.15.0</a>.
<a
href="https://redirect.github.com/moby/moby/pull/48175">moby/moby#48175</a></li>
<li>Update Go runtime to 1.21.12, which contains security fixes for <a
href="https://github.com/advisories/GHSA-hw49-2p59-3mhj">CVE-2024-24791</a>
<a
href="48175://redirect.github.com/moby/moby/pull/48120">moby/moby#48120</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/moby/moby/compare/v27.0.3...v27.1.0">https://github.com/moby/moby/compare/v27.0.3...v27.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/moby/moby/commit/a21b1a2d12e2c01542cb191eb526d7bfad0641e3"><code>a21b1a2</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48196">#48196</a>
from thaJeztah/27.1_backport_vendor_containerd_1.7.20</li>
<li><a
href="https://github.com/moby/moby/commit/1bc907c97cc5b7e241802a75c44b431761dcd900"><code>1bc907c</code></a>
vendor: github.com/containerd/containerd v1.7.20</li>
<li><a
href="https://github.com/moby/moby/commit/4bb4575ffb88fcb93afb989625a9281c4f75361a"><code>4bb4575</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48191">#48191</a>
from thaJeztah/27.1_backport_update_containerd_bina...</li>
<li><a
href="https://github.com/moby/moby/commit/df7f275db657150a810764c77ccf209897717dcd"><code>df7f275</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48195">#48195</a>
from thaJeztah/27.1_backport_fix_pr_title_check</li>
<li><a
href="https://github.com/moby/moby/commit/1c0885d60dad9df0adf9b1c2a03a3672ab2e47f2"><code>1c0885d</code></a>
gha: check-pr-branch: fix branch check regression</li>
<li><a
href="https://github.com/moby/moby/commit/fb3ec9fc96b9f0c7d0d8b2df1400f485b3acc88e"><code>fb3ec9f</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48187">#48187</a>
from thaJeztah/27.1_backport_bump_buildx_compose</li>
<li><a
href="https://github.com/moby/moby/commit/ed83a9e3a153c1d96ed791a73b85a2e8891fe428"><code>ed83a9e</code></a>
update containerd binary to v1.7.20</li>
<li><a
href="https://github.com/moby/moby/commit/71b59bf442545e8d623ab4a573b8dc0b7db7e9a7"><code>71b59bf</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48178">#48178</a>
from thaJeztah/27.1_backport_relax_pr_check</li>
<li><a
href="https://github.com/moby/moby/commit/f8f926b719f7c69126079ac2e4caa034a8857b53"><code>f8f926b</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/48185">#48185</a>
from thaJeztah/27.1_backport_internalize_pkg_directory</li>
<li><a
href="https://github.com/moby/moby/commit/422ef48c2f17268a6a1c94be157df198804dd5ef"><code>422ef48</code></a>
gha: check-pr-branch: verify major version only</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v27.0.3...v27.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=27.0.3+incompatible&new-version=27.1.0+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

@tianon tianon Awaiting requested review from tianon tianon is a code owner

Assignees

@vvoland vvoland

Labels

area/dependencies area/packaging impact/changelog process/cherry-pick/23.0 process/cherry-picked

Projects

None yet

Milestone

28.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@vvoland @thaJeztah