Skip to content

[VAULT-38910]: upgrade docker package to resolve GO-2025-3829#31490

Closed
ryancragun wants to merge 1 commit intomainfrom
ryan/VAULT-38910-ce
Closed

[VAULT-38910]: upgrade docker package to resolve GO-2025-3829#31490
ryancragun wants to merge 1 commit intomainfrom
ryan/VAULT-38910-ce

Conversation

@ryancragun
Copy link
Copy Markdown
Collaborator

@ryancragun ryancragun commented Aug 13, 2025

Description

Upgrade github.com/docker/docker to resolve GO-2025-3829.

This is not ready for merge but I'm putting it up to test with the changes proposed in hashicorp/go-secure-stdlib#168

Tested equivalent changes in enterprise here: https://github.com/hashicorp/vault-enterprise/pull/8642

TODO only if you're a HashiCorp employee

  • Backport Labels: If this fix needs to be backported, use the appropriate backport/ label that matches the desired release branch. Note that in the CE repo, the latest release branch will look like backport/x.x.x, but older release branches will be backport/ent/x.x.x+ent.
    • LTS: If this fixes a critical security vulnerability or severity 1 bug, it will also need to be backported to the current LTS versions of Vault. To ensure this, use all available enterprise labels.
  • ENT Breakage: If this PR either 1) removes a public function OR 2) changes the signature
    of a public function, even if that change is in a CE file, double check that
    applying the patch for this PR to the ENT repo and running tests doesn't
    break any tests. Sometimes ENT only tests rely on public functions in CE
    files.
  • Jira: If this change has an associated Jira, it's referenced either
    in the PR description, commit message, or branch name.
  • RFC: If this change has an associated RFC, please link it in the description.
  • ENT PR: If this change has an associated ENT PR, please link it in the
    description. Also, make sure the changelog is in this PR, not in your ENT PR.

PCI review checklist

  • I have documented a clear reason for, and description of, the change I am making.
  • If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
  • If applicable, I've documented the impact of any changes to security controls.

Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.

@ryancragun
[VAULT-38910]: upgrade docker package to resolve GO-2025-3829
0d36811 
Signed-off-by: Ryan Cragun <me@ryan.ec>
@ryancragun ryancragun requested a review from a team as a code owner August 13, 2025 19:03
@ryancragun ryancragun requested a review from jane-palash August 13, 2025 19:04
@github-actions github-actions Bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Aug 13, 2025
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Aug 13, 2025
edited
Loading

Build Results:
All builds succeeded! ✅

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Aug 13, 2025

CI Results:
All Go tests succeeded! ✅

@ryancragun ryancragun requested a review from sgmiller August 14, 2025 16:33
@ryancragun
Copy link
Copy Markdown
Collaborator Author

ryancragun commented Aug 22, 2025

Merging the change via enterprise

@ryancragun ryancragun closed this Aug 22, 2025
@ryancragun ryancragun deleted the ryan/VAULT-38910-ce branch August 22, 2025 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jane-palash jane-palash Awaiting requested review from jane-palash jane-palash is a code owner automatically assigned from hashicorp/vault

@sgmiller sgmiller Awaiting requested review from sgmiller

Assignees

No one assigned

Labels

do-not-merge hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ryancragun