Skip to content

security(compose): upgrade github.com/docker/compose/v2 to fix security vulnerability#3095

Merged
mdelapenya merged 1 commit intotestcontainers:mainfrom
sigi-glovebox:upgrade-docker-compose-to-v2.35.0
Apr 11, 2025
Merged

security(compose): upgrade github.com/docker/compose/v2 to fix security vulnerability#3095
mdelapenya merged 1 commit intotestcontainers:mainfrom
sigi-glovebox:upgrade-docker-compose-to-v2.35.0

Conversation

@sigi-glovebox
Copy link
Contributor

@sigi-glovebox sigi-glovebox commented Apr 11, 2025

This PR fixes a vulnerability found in an older version of github.com/golang-jwt/jwt by upgrading to latest version of compose (v2.35.0) which contains the fix. See #3088 for more details.

What does this PR do?

Upgrades the version of github.com/docker/compose/v2 used in modules/compose.

Why is it important?

The change is important because of the vulnerability found here GHSA-mh63-6h87-95cp.

Related issues

closes #3088

cd modules/compose

make test

@sigi-glovebox sigi-glovebox requested a review from a team as a code owner April 11, 2025 08:13
@netlify
Copy link

netlify bot commented Apr 11, 2025
edited
Loading

Deploy Preview for testcontainers-go ready!

Name Link
🔨 Latest commit 30424b3
🔍 Latest deploy log https://app.netlify.com/sites/testcontainers-go/deploys/67f8e6e265e1ef0008344cd6
😎 Deploy Preview https://deploy-preview-3095--testcontainers-go.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@sigi-glovebox sigi-glovebox changed the title Upgrade github.com/docker/compose/v2 to fix security vulnerability security: upgrade github.com/docker/compose/v2 to fix security vulnerability Apr 11, 2025
mdelapenya
mdelapenya reviewed Apr 11, 2025
View reviewed changes
mdelapenya
mdelapenya reviewed Apr 11, 2025
View reviewed changes
Copy link
Member

@mdelapenya mdelapenya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This LGTM, just added a question, but once addressed and the CI pass, we are good to go, thanks for your work here!

@mdelapenya mdelapenya self-assigned this Apr 11, 2025
@mdelapenya mdelapenya added dependencies Dependencies or external services compose Docker Compose. labels Apr 11, 2025
@mdelapenya mdelapenya changed the title security: upgrade github.com/docker/compose/v2 to fix security vulnerability security(compose): upgrade github.com/docker/compose/v2 to fix security vulnerability Apr 11, 2025
@mdelapenya mdelapenya added the security Vulnerabilities in dependencies or in the library itself label Apr 11, 2025
glours
glours approved these changes Apr 11, 2025
View reviewed changes
Copy link

@glours glours left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@sigi-glovebox
security: this commit addresses a security vulnerability found in an …
30424b3 
…older version of github.com/golang-jwt/jwt by updating to the latest version of compose (v2.35.0) which has been fixed. See testcontainers#3088 for more details.
@sigi-glovebox sigi-glovebox force-pushed the upgrade-docker-compose-to-v2.35.0 branch from 8b7ceff to 30424b3 Compare April 11, 2025 09:54
@sigi-glovebox
Copy link
Contributor Author

sigi-glovebox commented Apr 11, 2025

I rebased my branch

mdelapenya
mdelapenya approved these changes Apr 11, 2025
View reviewed changes
Copy link
Member

@mdelapenya mdelapenya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@mdelapenya mdelapenya merged commit 0c9dfe7 into testcontainers:main Apr 11, 2025
16 checks passed
mdelapenya added a commit to jm96441n/testcontainers-go that referenced this pull request Apr 11, 2025
@mdelapenya
Merge branch 'main' into jmaguire/add-reuse-and-container-name-options
a4161ed 
* main:
  security(compose): upgrade github.com/docker/compose/v2 to fix security vulnerability (testcontainers#3095)
mdelapenya added a commit to mdelapenya/testcontainers-go that referenced this pull request Apr 11, 2025
@mdelapenya
Merge branch 'main' into toxyproxy-module
fa0cbc3 
* main:
  security(compose): upgrade github.com/docker/compose/v2 to fix security vulnerability (testcontainers#3095)
  feat: add more functional options to the modules API (testcontainers#3070)
mdelapenya added a commit to mdelapenya/testcontainers-go that referenced this pull request Apr 14, 2025
@mdelapenya
Merge branch 'main' into u-health/main
bc68bb3 
* main: (91 commits)
  chore(deps): bump github/codeql-action from 3.28.13 to 3.28.15 (testcontainers#3097)
  chore(deps): bump golang.org/x/crypto from 0.31.0 to 0.37.0 (testcontainers#3098)
  feat(aerospike): add Aerospike module (testcontainers#3094)
  security(compose): upgrade github.com/docker/compose/v2 to fix security vulnerability (testcontainers#3095)
  feat: add more functional options to the modules API (testcontainers#3070)
  chore(deps): bump golang.org/x/net in /modules/arangodb (testcontainers#3087)
  feat: add arangodb module (testcontainers#3083)
  chore(deps): bump actions/upload-artifact from 4.6.0 to 4.6.2 (testcontainers#3086)
  chore(deps): bump SonarSource/sonarqube-scan-action from 5.0.0 to 5.1.0 (testcontainers#3085)
  feat: add socat container (testcontainers#3071)
  fix(mssql): reduce flakiness in tests (testcontainers#3084)
  chore: bump golangci-lint to v2 (testcontainers#3082)
  chore(gcloud): deprecate old gcp containers, creating subpackages for them (testcontainers#3063)
  fix(mongodb): replica set initialization & connection handling (testcontainers#2984)
  chore(deps): bump docker/setup-docker-action from 4.2.0 to 4.3.0 (testcontainers#3077)
  chore(deps): bump github/codeql-action from 3.28.12 to 3.28.13 (testcontainers#3078)
  chore(deps): bump tj-actions/changed-files from 45.0.4 to 46.0.3 (testcontainers#3076)
  docs: add dependabot configuration (testcontainers#3074)
  chore(deps): replace `golang.org/x/exp/slices` with stdlib (testcontainers#3075)
  fix(dind): use docker image load (testcontainers#3073)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mdelapenya mdelapenya mdelapenya approved these changes

+1 more reviewer

@glours glours glours approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mdelapenya mdelapenya

Labels

compose Docker Compose. dependencies Dependencies or external services security Vulnerabilities in dependencies or in the library itself

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: Security Vulnerability in github.com/golang-jwt/jwt

3 participants

@sigi-glovebox @glours @mdelapenya