From 005929b9a3f8e0f2dff1f8142d81ac1bcbbe86c0 Mon Sep 17 00:00:00 2001 From: Kostya Linou Date: Wed, 20 May 2026 01:42:32 -0700 Subject: [PATCH 1/3] APIE-1063: Migrate docker/docker to moby/moby to fix CVE-2026-34040 and CVE-2026-33997 CVE-2026-34040 and CVE-2026-33997 are patched only in Docker Engine 29.3.1. moby v29 renamed the module root to github.com/moby/moby/v2 and split the SDK into github.com/moby/moby/api and github.com/moby/moby/client; nothing is published as github.com/docker/docker @ v29.x, and v28 has no backport. So this is a module migration, not a version bump. - Swap internal/local/command_kafka{,_start,_stop}.go from docker/docker/{client,api/types/{container,image,network,strslice}} to the moby/moby equivalents. - v29 moved per-call Options types into the client package and added a Result return value to ContainerStart/Stop/Remove. ContainerList now returns ContainerListResult; iterate over .Items. ContainerCreate now takes a single ContainerCreateOptions struct. Refactor the ~10 call sites accordingly. - Replace github.com/docker/go-connections/nat port types with github.com/moby/moby/api/types/network (PortSet, PortMap, PortBinding, Port). network.PortBinding.HostIP is netip.Addr now, so wrap the localhost constant with netip.MustParseAddr; nat.Port(s) becomes network.MustParsePort(s) (inputs already validated upstream by net.Listen / freeport). - Drop github.com/docker/docker from go.mod; add github.com/moby/moby/api v1.54.2 and github.com/moby/moby/client v0.4.1. --- go.mod | 20 ++++----- go.sum | 58 ++++++++++++++------------- internal/local/command_kafka.go | 4 +- internal/local/command_kafka_start.go | 46 +++++++++++---------- internal/local/command_kafka_stop.go | 11 +++-- 5 files changed, 72 insertions(+), 67 deletions(-) diff --git a/go.mod b/go.mod index fc88698462..36b3d02ce8 100644 --- a/go.mod +++ b/go.mod @@ -65,8 +65,6 @@ require ( github.com/confluentinc/schema-registry-sdk-go v0.1.1-0.20251021214222-018e0cd35bf9 github.com/davecgh/go-spew v1.1.1 github.com/dghubble/sling v1.4.2 - github.com/docker/docker v28.0.0+incompatible - github.com/docker/go-connections v0.5.0 github.com/fatih/color v1.17.0 github.com/gdamore/tcell/v2 v2.7.4 github.com/go-git/go-git/v5 v5.19.0 @@ -90,8 +88,10 @@ require ( github.com/linkedin/goavro/v2 v2.13.0 github.com/mattn/go-isatty v0.0.20 github.com/mattn/go-runewidth v0.0.15 + github.com/moby/moby/api v1.54.2 + github.com/moby/moby/client v0.4.1 github.com/olekukonko/tablewriter v0.0.5 - github.com/opencontainers/image-spec v1.1.0 + github.com/opencontainers/image-spec v1.1.1 github.com/panta/machineid v1.0.2 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c @@ -125,7 +125,7 @@ require ( gopkg.in/launchdarkly/go-sdk-common.v2 v2.5.1 gopkg.in/yaml.v3 v3.0.1 k8s.io/apimachinery v0.30.2 - pgregory.net/rapid v1.1.0 + pgregory.net/rapid v1.2.0 ) require ( @@ -138,7 +138,6 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect - github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/ProtonMail/go-crypto v1.1.6 // indirect @@ -174,9 +173,12 @@ require ( github.com/charmbracelet/x/windows v0.1.0 // indirect github.com/cloudflare/circl v1.6.3 // indirect github.com/confluentinc/proto-go-setter v0.3.0 // indirect + github.com/containerd/errdefs v1.0.0 // indirect + github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/cyphar/filepath-securejoin v0.6.1 // indirect github.com/distribution/reference v0.6.0 // indirect github.com/dlclark/regexp2 v1.4.0 // indirect + github.com/docker/go-connections v0.7.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/envoyproxy/protoc-gen-validate v1.3.0 // indirect @@ -232,7 +234,6 @@ require ( github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect - github.com/moby/sys/userns v0.1.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect @@ -246,7 +247,7 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect - github.com/santhosh-tekuri/jsonschema/v5 v5.3.0 // indirect + github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect github.com/shopspring/decimal v1.3.1 // indirect github.com/skeema/knownhosts v1.3.1 // indirect @@ -269,7 +270,7 @@ require ( github.com/yuin/goldmark-emoji v1.0.2 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/auto/sdk v1.2.1 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0 // indirect go.opentelemetry.io/otel/trace v1.43.0 // indirect @@ -278,7 +279,7 @@ require ( golang.org/x/net v0.53.0 // indirect golang.org/x/sync v0.20.0 // indirect golang.org/x/sys v0.43.0 // indirect - golang.org/x/time v0.6.0 // indirect + golang.org/x/time v0.11.0 // indirect golang.org/x/tools v0.44.0 // indirect google.golang.org/api v0.191.0 // indirect google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf // indirect @@ -289,7 +290,6 @@ require ( gopkg.in/launchdarkly/go-jsonstream.v1 v1.0.1 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - gotest.tools/v3 v3.4.0 // indirect k8s.io/api v0.29.2 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect diff --git a/go.sum b/go.sum index 8e056a6a8a..d797d749fc 100644 --- a/go.sum +++ b/go.sum @@ -58,8 +58,8 @@ github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 h1:DRiANoJ github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0/go.mod h1:qLIye2hwb/ZouqhpSD9Zn3SJipvpEnz1Ywl3VUk9Y0s= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI= -github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= -github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= +github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -294,16 +294,18 @@ github.com/containerd/containerd v1.7.18 h1:jqjZTQNfXGoEaZdW1WwPU0RqSn1Bm2Ay/KJP github.com/containerd/containerd v1.7.18/go.mod h1:IYEk9/IO6wAPUz2bCMVUbsfXjzw5UNP5fLz4PsUygQ4= github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8= github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= -github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM= -github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0= +github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= +github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= +github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= +github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= github.com/containerd/ttrpc v1.2.5 h1:IFckT1EFQoFBMG4c3sMdT8EP3/aKfumK1msY+Ze4oLU= github.com/containerd/ttrpc v1.2.5/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o= -github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= -github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= +github.com/containerd/typeurl/v2 v2.2.0 h1:6NBDbQzr7I5LHgp34xAXYF5DOTQDn05X58lsPEmzLso= +github.com/containerd/typeurl/v2 v2.2.0/go.mod h1:8XOOxnyatxSWuG8OfsZXVnAF4iZfedjS/8UHSPJnX4g= github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E= github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -326,14 +328,14 @@ github.com/docker/compose/v2 v2.28.1 h1:ORPfiVHrpnRQBDoC3F8JJyWAY8N5gWuo3Fgwyivx github.com/docker/compose/v2 v2.28.1/go.mod h1:wDtGQFHe99sPLCHXeVbCkc+Wsl4Y/2ZxiAJa/nga6rA= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v28.0.0+incompatible h1:Olh0KS820sJ7nPsBKChVhk5pzqcwDR15fumfAd/p9hM= -github.com/docker/docker v28.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v27.1.1+incompatible h1:hO/M4MtV36kzKldqnA37IWhebRA+LnqqcqDja6kVaKY= +github.com/docker/docker v27.1.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8= github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c/go.mod h1:CADgU4DSXK5QUlFslkQu2yW2TKzFZcXq/leZfM0UH5Q= -github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= -github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= +github.com/docker/go-connections v0.7.0 h1:6SsRfJddP22WMrCkj19x9WKjEDTB+ahsdiGYf0mN39c= +github.com/docker/go-connections v0.7.0/go.mod h1:no1qkHdjq7kLMGUXYAduOhYPSJxxvgWBh7ogVvptn3Q= github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= @@ -467,7 +469,6 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= @@ -658,6 +659,10 @@ github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3N github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= +github.com/moby/moby/api v1.54.2 h1:wiat9QAhnDQjA7wk1kh/TqHz2I1uUA7M7t9SAl/JNXg= +github.com/moby/moby/api v1.54.2/go.mod h1:+RQ6wluLwtYaTd1WnPLykIDPekkuyD/ROWQClE83pzs= +github.com/moby/moby/client v0.4.1 h1:DMQgisVoMkmMs7fp3ROSdiBnoAu8+vo3GggFl06M/wY= +github.com/moby/moby/client v0.4.1/go.mod h1:z52C9O2POPOsnxZAy//WtKcQ32P+jT/NGeXu/7nfjGQ= github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk= github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= @@ -672,10 +677,8 @@ github.com/moby/sys/symlink v0.2.0 h1:tk1rOM+Ljp0nFmfOIBtlV3rTDlWOwFRhjEeAhZB0nZ github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs= github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU= -github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= -github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= -github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= -github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= +github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= +github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -701,8 +704,8 @@ github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= -github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= +github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= +github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= github.com/panta/machineid v1.0.2 h1:LVYeEq1hZ+FwcM+/H6eB8KfXM2R5b2h1SWdnWwZ0OQw= github.com/panta/machineid v1.0.2/go.mod h1:AROj156fsca3R3rNw3q9h8xFkos25W9P0ZG9gu+3Uf0= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= @@ -749,8 +752,8 @@ github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkB github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/samber/lo v1.44.0 h1:5il56KxRE+GHsm1IR+sZ/6J42NODigFiqCWpSc2dybA= github.com/samber/lo v1.44.0/go.mod h1:RmDH9Ct32Qy3gduHQuKJ3gW1fMHAnE/fAzQuf6He5cU= -github.com/santhosh-tekuri/jsonschema/v5 v5.3.0 h1:uIkTLo0AGRc8l7h5l9r+GcYi9qfVPt6lD4/bhmzfiKo= -github.com/santhosh-tekuri/jsonschema/v5 v5.3.0/go.mod h1:FKdcjfQW6rpZSnxxUvEA5H/cDPdvJ/SZJQLWWXWGrZ0= +github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4= +github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= github.com/secure-systems-lab/go-securesystemslib v0.4.0 h1:b23VGrQhTA8cN2CbBw7/FulN9fTtqYUdS5+Oxzt+DUE= github.com/secure-systems-lab/go-securesystemslib v0.4.0/go.mod h1:FGBZgq2tXWICsxWQW1msNf49F0Pf2Op5Htayx335Qbs= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= @@ -900,8 +903,8 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.4 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0= go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.46.1 h1:gbhw/u49SS3gkPWiYweQNJGm/uJN5GkI/FrosxSHT7A= go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.46.1/go.mod h1:GnOaBaFQ2we3b9AGWJpsBa7v1S5RlQzlC3O7dRMxZhM= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ= go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.42.0 h1:ZtfnDL+tUrs1F0Pzfwbg2d59Gru9NCH3bgSHBM6LDwU= @@ -1092,7 +1095,6 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1132,8 +1134,8 @@ golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= -golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0= +golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1321,8 +1323,8 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= -gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= +gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= +gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -1342,8 +1344,8 @@ k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7F k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -pgregory.net/rapid v1.1.0 h1:CMa0sjHSru3puNx+J0MIAuiiEV4N0qj8/cMWGBBCsjw= -pgregory.net/rapid v1.1.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= +pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk= +pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/internal/local/command_kafka.go b/internal/local/command_kafka.go index 312efb96c4..7f9375a979 100644 --- a/internal/local/command_kafka.go +++ b/internal/local/command_kafka.go @@ -3,7 +3,7 @@ package local import ( "context" - "github.com/docker/docker/client" + "github.com/moby/moby/client" "github.com/spf13/cobra" "github.com/confluentinc/cli/v4/pkg/errors" @@ -37,7 +37,7 @@ func getShortenedContainerId(id string) string { } func checkIsDockerRunning(dockerClient *client.Client) error { - if _, err := dockerClient.Info(context.Background()); err != nil { + if _, err := dockerClient.Info(context.Background(), client.InfoOptions{}); err != nil { return errors.NewErrorWithSuggestions( err.Error(), "Make sure Docker has been installed following the guide at https://docs.docker.com/engine/install/ and is running.", diff --git a/internal/local/command_kafka_start.go b/internal/local/command_kafka_start.go index 27eb282e13..0bbb70a02f 100644 --- a/internal/local/command_kafka_start.go +++ b/internal/local/command_kafka_start.go @@ -6,17 +6,16 @@ import ( "encoding/json" "fmt" "net" + "net/netip" "os/exec" "runtime" "strconv" "strings" - "github.com/docker/docker/api/types/container" - "github.com/docker/docker/api/types/image" - "github.com/docker/docker/api/types/network" - "github.com/docker/docker/api/types/strslice" - "github.com/docker/docker/client" - "github.com/docker/go-connections/nat" + "github.com/moby/moby/api/types/container" + "github.com/moby/moby/api/types/network" + "github.com/moby/moby/api/types/strslice" + "github.com/moby/moby/client" specsv1 "github.com/opencontainers/image-spec/specs-go/v1" "github.com/phayes/freeport" "github.com/spf13/cobra" @@ -78,12 +77,12 @@ func (c *command) kafkaStart(cmd *cobra.Command, _ []string) error { return err } - containers, err := dockerClient.ContainerList(context.Background(), container.ListOptions{All: true}) + containers, err := dockerClient.ContainerList(context.Background(), client.ContainerListOptions{All: true}) if err != nil { return errors.NewErrorWithSuggestions(err.Error(), dockerWorkingVersionMsg) } - for _, container := range containers { + for _, container := range containers.Items { if container.Image == dockerImageName { output.Println(c.Config.EnableColor, "Confluent Local is already running.") prompt := form.NewPrompt() @@ -105,7 +104,7 @@ func (c *command) kafkaStart(cmd *cobra.Command, _ []string) error { } } - out, err := dockerClient.ImagePull(context.Background(), dockerImageName, image.PullOptions{}) + out, err := dockerClient.ImagePull(context.Background(), dockerImageName, client.ImagePullOptions{}) if err != nil { return errors.NewErrorWithSuggestions(err.Error(), dockerWorkingVersionMsg) } @@ -154,11 +153,11 @@ func (c *command) kafkaStart(cmd *cobra.Command, _ []string) error { OS: "linux", Architecture: runtime.GOARCH, } - natKafkaRestPort := nat.Port(ports.KafkaRestPort + "/tcp") + natKafkaRestPort := network.MustParsePort(ports.KafkaRestPort + "/tcp") natPlaintextPorts := getNatPlaintextPorts(ports) containerStartCmd := strslice.StrSlice{"bash", "-c", "'/etc/confluent/docker/run'"} - options := network.CreateOptions{Driver: "bridge"} + options := client.NetworkCreateOptions{Driver: "bridge"} if _, err := dockerClient.NetworkCreate(context.Background(), confluentLocalNetworkName, options); err != nil && !strings.Contains(err.Error(), "already exists") { return errors.NewErrorWithSuggestions(err.Error(), dockerWorkingVersionMsg) } @@ -170,14 +169,14 @@ func (c *command) kafkaStart(cmd *cobra.Command, _ []string) error { Image: dockerImageName, Hostname: fmt.Sprintf(confluentBrokerPrefix, brokerId), Cmd: containerStartCmd, - ExposedPorts: nat.PortSet{natPlaintextPorts[idx]: struct{}{}}, + ExposedPorts: network.PortSet{natPlaintextPorts[idx]: struct{}{}}, Env: getContainerEnvironmentWithPorts(ports, idx, brokers), } hostConfig := &container.HostConfig{ NetworkMode: container.NetworkMode("confluent-local-network"), - PortBindings: nat.PortMap{natPlaintextPorts[idx]: []nat.PortBinding{{ - HostIP: localhost, + PortBindings: network.PortMap{natPlaintextPorts[idx]: []network.PortBinding{{ + HostIP: netip.MustParseAddr(localhost), HostPort: ports.PlaintextPorts[idx], }}}, } @@ -185,18 +184,23 @@ func (c *command) kafkaStart(cmd *cobra.Command, _ []string) error { // expose Kafka REST port for broker 1 if idx == 0 { config.ExposedPorts[natKafkaRestPort] = struct{}{} - hostConfig.PortBindings[natKafkaRestPort] = []nat.PortBinding{{ - HostIP: localhost, + hostConfig.PortBindings[natKafkaRestPort] = []network.PortBinding{{ + HostIP: netip.MustParseAddr(localhost), HostPort: ports.KafkaRestPort, }} } - createResp, err := dockerClient.ContainerCreate(context.Background(), config, hostConfig, nil, platform, fmt.Sprintf(confluentBrokerPrefix, brokerId)) + createResp, err := dockerClient.ContainerCreate(context.Background(), client.ContainerCreateOptions{ + Config: config, + HostConfig: hostConfig, + Platform: platform, + Name: fmt.Sprintf(confluentBrokerPrefix, brokerId), + }) if err != nil { return errors.NewErrorWithSuggestions(err.Error(), dockerWorkingVersionMsg) } log.CliLogger.Trace(fmt.Sprintf("Successfully created a Confluent Local container for broker %d", brokerId)) - if err := dockerClient.ContainerStart(context.Background(), createResp.ID, container.StartOptions{}); err != nil { + if _, err := dockerClient.ContainerStart(context.Background(), createResp.ID, client.ContainerStartOptions{}); err != nil { return errors.NewErrorWithSuggestions(err.Error(), dockerWorkingVersionMsg) } containerIds = append(containerIds, getShortenedContainerId(createResp.ID)) @@ -332,10 +336,10 @@ func getContainerEnvironmentWithPorts(ports *config.LocalPorts, idx int32, broke return envs } -func getNatPlaintextPorts(ports *config.LocalPorts) []nat.Port { - res := []nat.Port{} +func getNatPlaintextPorts(ports *config.LocalPorts) []network.Port { + res := []network.Port{} for _, port := range ports.PlaintextPorts { - res = append(res, nat.Port(port+"/tcp")) + res = append(res, network.MustParsePort(port+"/tcp")) } return res } diff --git a/internal/local/command_kafka_stop.go b/internal/local/command_kafka_stop.go index 1427e21f1c..6018d89403 100644 --- a/internal/local/command_kafka_stop.go +++ b/internal/local/command_kafka_stop.go @@ -4,8 +4,7 @@ import ( "context" "fmt" - "github.com/docker/docker/api/types/container" - "github.com/docker/docker/client" + "github.com/moby/moby/client" "github.com/spf13/cobra" "github.com/confluentinc/cli/v4/pkg/log" @@ -36,20 +35,20 @@ func (c *command) kafkaStop(_ *cobra.Command, _ []string) error { } func (c *command) stopAndRemoveConfluentLocal(dockerClient *client.Client) error { - dockerContainers, err := dockerClient.ContainerList(context.Background(), container.ListOptions{All: true}) + dockerContainers, err := dockerClient.ContainerList(context.Background(), client.ContainerListOptions{All: true}) if err != nil { return err } - for _, dockerContainer := range dockerContainers { + for _, dockerContainer := range dockerContainers.Items { if dockerContainer.Image == dockerImageName { log.CliLogger.Tracef("Stopping Confluent Local container %s", getShortenedContainerId(dockerContainer.ID)) noWaitTimeout := 0 // to not wait for the container to exit gracefully - if err := dockerClient.ContainerStop(context.Background(), dockerContainer.ID, container.StopOptions{Timeout: &noWaitTimeout}); err != nil { + if _, err := dockerClient.ContainerStop(context.Background(), dockerContainer.ID, client.ContainerStopOptions{Timeout: &noWaitTimeout}); err != nil { return err } log.CliLogger.Tracef("Confluent Local container stopped") - if err := dockerClient.ContainerRemove(context.Background(), dockerContainer.ID, container.RemoveOptions{Force: true}); err != nil { + if _, err := dockerClient.ContainerRemove(context.Background(), dockerContainer.ID, client.ContainerRemoveOptions{Force: true}); err != nil { return err } log.CliLogger.Tracef("Confluent Local container removed") From f4104b583f8a7df3c9c383211818d38d4c86c27b Mon Sep 17 00:00:00 2001 From: Kostya Linou Date: Wed, 20 May 2026 12:13:48 -0700 Subject: [PATCH 2/3] APIE-1063: Address moby v29 client deprecations CI lint-go (staticcheck SA1019) flagged three deprecations introduced by the moby v29 client redesign: - client.NewClientWithOpts -> client.New (same ...Opt variadic, so client.FromEnv passes through unchanged). - strslice.StrSlice{...} -> []string{...}; container.Config.Cmd is []string in v29 directly, so the strslice import is no longer needed. - client.WithAPIVersionNegotiation() removed; v29 enables API-version negotiation by default and the option is now a no-op. --- internal/local/command_kafka_start.go | 5 ++--- internal/local/command_kafka_stop.go | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/internal/local/command_kafka_start.go b/internal/local/command_kafka_start.go index 0bbb70a02f..eaef4814ae 100644 --- a/internal/local/command_kafka_start.go +++ b/internal/local/command_kafka_start.go @@ -14,7 +14,6 @@ import ( "github.com/moby/moby/api/types/container" "github.com/moby/moby/api/types/network" - "github.com/moby/moby/api/types/strslice" "github.com/moby/moby/client" specsv1 "github.com/opencontainers/image-spec/specs-go/v1" "github.com/phayes/freeport" @@ -67,7 +66,7 @@ func (c *command) kafkaStart(cmd *cobra.Command, _ []string) error { return err } - dockerClient, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation()) + dockerClient, err := client.New(client.FromEnv) if err != nil { return err } @@ -155,7 +154,7 @@ func (c *command) kafkaStart(cmd *cobra.Command, _ []string) error { } natKafkaRestPort := network.MustParsePort(ports.KafkaRestPort + "/tcp") natPlaintextPorts := getNatPlaintextPorts(ports) - containerStartCmd := strslice.StrSlice{"bash", "-c", "'/etc/confluent/docker/run'"} + containerStartCmd := []string{"bash", "-c", "'/etc/confluent/docker/run'"} options := client.NetworkCreateOptions{Driver: "bridge"} if _, err := dockerClient.NetworkCreate(context.Background(), confluentLocalNetworkName, options); err != nil && !strings.Contains(err.Error(), "already exists") { diff --git a/internal/local/command_kafka_stop.go b/internal/local/command_kafka_stop.go index 6018d89403..7d2433aba7 100644 --- a/internal/local/command_kafka_stop.go +++ b/internal/local/command_kafka_stop.go @@ -21,7 +21,7 @@ func (c *command) newKafkaStopCommand() *cobra.Command { } func (c *command) kafkaStop(_ *cobra.Command, _ []string) error { - dockerClient, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation()) + dockerClient, err := client.New(client.FromEnv) if err != nil { return err } From a52f2f71db66f8e0e27ee77d04eafe143bdb26e8 Mon Sep 17 00:00:00 2001 From: Kostya Linou Date: Wed, 20 May 2026 15:50:55 -0700 Subject: [PATCH 3/3] APIE-1063: Add unit test for getNatPlaintextPorts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cover the one pure-Go helper this PR touched (return type changed from []nat.Port to []network.Port, body switched from nat.Port(s) conversion to network.MustParsePort(s)). Brings the function from 0% to 100% line coverage. The remaining changed lines live inside kafkaStart, kafkaStop, checkIsDockerRunning, and stopAndRemoveConfluentLocal — all daemon- driven and historically un-unit-tested in this package. --- internal/local/command_kafka_start_test.go | 45 ++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 internal/local/command_kafka_start_test.go diff --git a/internal/local/command_kafka_start_test.go b/internal/local/command_kafka_start_test.go new file mode 100644 index 0000000000..fa6a18e542 --- /dev/null +++ b/internal/local/command_kafka_start_test.go @@ -0,0 +1,45 @@ +package local + +import ( + "testing" + + "github.com/moby/moby/api/types/network" + "github.com/stretchr/testify/require" + + "github.com/confluentinc/cli/v4/pkg/config" +) + +func TestGetNatPlaintextPorts(t *testing.T) { + tests := []struct { + name string + ports []string + want []network.Port + }{ + { + name: "empty", + ports: nil, + want: []network.Port{}, + }, + { + name: "single broker", + ports: []string{"9092"}, + want: []network.Port{network.MustParsePort("9092/tcp")}, + }, + { + name: "multiple brokers", + ports: []string{"9092", "9093", "9094"}, + want: []network.Port{ + network.MustParsePort("9092/tcp"), + network.MustParsePort("9093/tcp"), + network.MustParsePort("9094/tcp"), + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got := getNatPlaintextPorts(&config.LocalPorts{PlaintextPorts: tt.ports}) + require.Equal(t, tt.want, got) + }) + } +}